Storing username and password somewhere and somehow

Hello everybody!. I would like to know how/where I can store credentials like username and password to be consumed from the output.conf file.

Any ideas?

If you are on a current version you could use the keystore.

Can this process be automated? Suppose I have 2 nodes with Logstash installed.

What I read in the documents is that you need to manually create the keystore and then set each one of the keys that you need with the corresponding values.
I was looking for something similar, but maybe storing those global variables in a file and then referencing that file from the different config files.

Is that possible?

Thanks in advance!.

I was looking for something similar, but maybe storing those global variables in a file and then referencing that file from the different config files.

From an automation perspective I don't think that's materially different from creating a keystore file and referencing it from both Logstash instances.

And how would you create a keystore file and then reference it in the a 201-output.conf file like this one:

output {
    if "_grokparsefailure" in [tags] {
        elasticsearch {
            hosts => "..."
            ssl => true
            user => "..."
            password => "..."
            index => "failure_logs"
        }
    }
   ....
}

Sorry about the questions, but I'm struggling to find how to do this.

I don't understand. The documentation page that was linked to earlier (https://www.elastic.co/guide/en/logstash/current/keystore.html) has quite explicit examples and instructions that should be directly applicable in your case.

As for automation, it's trivial to create a keystore from a script but slightly less obvious how to non-interactively add a secret to the keystore. You can simply pipe the secret to the logstash-keystore program (echo the-secret-string | logstash-keystore add name-of-secret).

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.