Currently, the Filebeat configuration (filebeat.yml) includes hardcoded values for the Elasticsearch and kafka host IP, username, and password. This poses a potential security risk and makes configuration changes non-scalable.

I request assistance in externalizing these sensitive values using external configuration variables, secret management tools,

Details:output.kafka:
hosts: ["xx.xx.xx:9092"]
topic: "npc-raw-msg"
key: "apache-request-response-dump" # Using random number as part of the key
codec.format:
string: '%{[message]}' # Send the full message to Kafka
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000
close_inactive: 10m

hosts: ["https://xx.xx.xx:9200"]
username: "elastic"
password: "yX*xwYQtooCRmtLwgoWH"
ssl.verification_mode: none
index: "npc-raw-msg"

document_id: "{{{versionedKey}}}"

pipeline: "remove_fields_pipeline"

#Define the index template
setup.template.name: "npc-raw-thiru"
setup.template.pattern: "npc-raw-thiru-*"
setup.template.enabled: true

Hi,

What exactly is your problem? I assume you already found the documentation for the Filebeat Keystore?

Best regards
Wolfram

Hi @Thirupathi, I moved the post to a more appropriated category.

@Wolfram_Haussig answer is pretty good, the linked documentation also touches environment variables that is another way to not hard-code secrets in the configuration files.

Did it solve your problem? If so, could you accept the answer?