Setting value by reading from a file

alerting

(Curtis) #1

I'm working on a couple dozen Watches that each execute a web hook action to call a RESTful service endpoint. This endpoint requires basic auth credentials to be passed that are currently built into the watch for prototyping. For a production deployment these credentials are will rotate on a regular basis. I don't want anyone to have to constantly modify each watch to keep up with rotating credentials, so my question is how can I get all of these watches to read these credentials from a common file and store them in a ctx.var that can be used in the web hook.

Thanks in advance


(Alexander Reelsen) #2

Hey,

unfortunately there is currently no mechanism to support rotation of those passwords, except reindexing the watch (or using a chained input to get the auth from somewhere else, but that sounds not too secure either to be honest).

Maybe slightly helpful here: What watcher allows you to do however is to encrypt sensitive data, when shield is enabled. See https://www.elastic.co/guide/en/watcher/2.4/shield-integration.html#shield-watch-data-encryption

The best solution to me feels like PKI based auth in order to prevent password rotation, but that of course depends on your setup.

--Alex


(Curtis) #3

Alex -- Thank you for the suggestions. Unfortunately the Restful service being called only supports basic auth in its current configuration. Encrypting the sensitive data has been discussed as an option but that doesn't address a security/ops team's request to store credentials in a single location rather than in each watch.


(Alexander Reelsen) #4

Hey,

you saw my suggestions with the chained input? You could store the credentials in another index (or another system that can be polled via HTTP), and only update those.

--Alex


(Curtis) #5

Alex

I found this example to be helpful.

Thanks


(system) #6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.