Security of Keystores

Lazarbeam · February 28, 2018, 3:58pm

Team --

I'm running Filebeat and Metricbeat versions 6.2.2 on RHEL 5.11

I've followed the instructions on creating keystores for Filebeat and Metricbeat from the guides listed here and here. Everything works dandy - this is a great feature to NOT have passwords stored in plain text. That would never fly with our data security team.

Is it known the algorithm and strength of the key to secure the filebeat.keystore and metricbeat.keystore files? This will be important information for our data security team to understand precisely how secure the .keystore files are.

adrisr · February 28, 2018, 7:04pm

Currently, the keystore is encrypted using the AES-256-GCM algorithm.

The key is derived from the password using HMAC-SHA-512 based PBKDF2 with 10000 iterations and a random salt and IV is used for every entry stored in the keystore.

Here's a link to the source code https://github.com/elastic/beats/blob/master/libbeat/keystore/file_keystore.go

Lazarbeam · February 28, 2018, 7:15pm

This is exactly what I'm looking for. Thank you!

Topic		Replies	Views
Filebeat keystore using empty password Beats filebeat	2	405	July 8, 2020
Does anyone know if Filebeat keystore is as secure as the Linux Shadow file? Beats filebeat	4	462	June 6, 2023
Encrypt Password In Filebeat Yml Elasticsearch	5	193	July 2, 2024
Filebeat 6.2.3: Keystores Beats filebeat	2	704	May 6, 2018
Using keystore for filebeat user password Beats filebeat	1	688	July 9, 2019

Security of Keystores

Related topics