Security of Keystores


(David Lazar) #1

Team --

I'm running Filebeat and Metricbeat versions 6.2.2 on RHEL 5.11

I've followed the instructions on creating keystores for Filebeat and Metricbeat from the guides listed here and here. Everything works dandy - this is a great feature to NOT have passwords stored in plain text. That would never fly with our data security team.

Is it known the algorithm and strength of the key to secure the filebeat.keystore and metricbeat.keystore files? This will be important information for our data security team to understand precisely how secure the .keystore files are.


(Adrian Serrano) #2

Currently, the keystore is encrypted using the AES-256-GCM algorithm.

The key is derived from the password using HMAC-SHA-512 based PBKDF2 with 10000 iterations and a random salt and IV is used for every entry stored in the keystore.

Here's a link to the source code https://github.com/elastic/beats/blob/master/libbeat/keystore/file_keystore.go


(David Lazar) #3

This is exactly what I'm looking for. Thank you!


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.