Store SSL/TLS configuration directly in beat configuration file

Apologies if this has already been asked and answered (I couldn't find it).

Is it possible to store TLS certificate & key data directly in the beat configuration files (e.g filebeat.yml)?

For example:

output.elasticsearch.ssl.certificate: !binary >
  -----BEGIN CERTIFICATE-----
  MIIEgjCCA2qgAwIBAgIIe5k8COOpeBAwDQYJKoZIhvcNAQELBQAwVDELMAkGA1UE
  BhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczElMCMGA1UEAxMc
  c7xp7GwXO56niv6RDbLBN32fRdHpxUZvF1nW+W5hT+Bs40nPfMJPnt0D3Lq0l7EN
  DytsRsmeKmLSA2cSCMueK054u+guMEECAwEAAaOCAUIwggE+MBMGA1UdJQQMMAoG
  CCsGAQUFBwMBMBkGA1UdEQQSMBCCDnd3dy5nb29nbGUuY29tMGgGCCsGAQUFBwEB
  BFwwWjAtBggrBgEFBQcwAoYhaHR0cDovL3BraS5nb29nL2dzcjIvR1RTR0lBRzMu
  Y3J0MCkGCCsGAQUFBzABhh1odHRwOi8vb2NzcC5wa2kuZ29vZy9HVFNHSUFHMzAd
  BgNVHQ4EFgQUfIZ1VgABe50bs1fn1NT7puKgNlMwDAYDVR0TAQH/BAIwADAfBgNV
  HSMEGDAWgBR3wrhQmmd2drEtwobQg6B+pn66SzAhBgNVHSAEGjAYMAwGCisGAQQB
  1nkCBQMwCAYGZ4EMAQICMDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwucGtp
  Lmdvb2cvR1RTR0lBRzMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCI5kshivLExwUh
  6yeU5IPOKQeyiDdhtOsCNMzBX0BCk/0phaROmxzlyiwc2iXSjdNvcp93EOe8wWeC
  7MN3TZz9
  -----END CERTIFICATE-----

If not currently possible, it would certainly be a useful feature for those who want to "publish" a single client configuration file that their hosts could use (obviously without hostname verification).

Cheers,
Nick

This is not possible right now.

We're thinking to add certificates to the keystore file.

Feel free to open an enhancement request.

Thanks Steffen,

I will check out the beats keystores, although I don't think they will achieve what I'm after. Does the beat request the password to open the keystore when it starts? Or does it somehow derive the password from something on disk?

Thanks,
Nick

Right now it's password-less. Password support will be added in the future.

I don't think it's not what you are looking for right now.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.