●[TLS] How to resolve the security concern of writing plaintext usernames and passwords in the yml file

Elastic Stack Kibana
1

I have a question about https communication (encryption) between "client PC ←→ Elasticsearch server" & "Kibana server ←→ Elasticsearch server".
We are concerned that username/password information may be leaked by specifying and writing plain text passwords in his yml files for winlogbeat'' and kibana.''
Please tell me how to perform https communication (encryption) without specifying the plaintext password in the yml file.

▼Settings file
winlogbeat.yml
kibana.yml

▼Setting items
elasticsearch.username
elasticsearch.password

2

Hi,

You can create a secure setting in the Elasticsearch keystore. For example, to add a secure setting for the Elasticsearch password, you can use the following command:

./bin/elasticsearch-keystore add xpack.security.http.ssl.secure_password

You'll be prompted to enter the password.

In your winlogbeat.yml and kibana.yml files, replace the plaintext password with the reference to the secure setting:

elasticsearch.password: "${xpack.security.http.ssl.secure_password}"

Restart Elasticsearch and Winlogbeat/Kibana for the changes to take effect.

Regards

1 Like
3

Hi Yago82 !
Thank you for your reply !
Your advice would be greatly appreciated by me.
I will check this command.

If you don't mind, I would like to see the official documentation and URL of the site that describes this method. Could you please help me?
Best regards
Thank you

4

@YUUTA.INOUE-JPN Here you go

1 Like
5

Stephenb san (In Japan, we add "san" to the names of people who are respect us. )
Thank you for your reply.
I remember you.
Thank you for helping me with the ILM matter previously.
Thanks again for providing me with the documentation.

1 Like
6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.