●[TLS] How to resolve the security concern of writing plaintext usernames and passwords in the yml file

I have a question about https communication (encryption) between "client PC ←→ Elasticsearch server" & "Kibana server ←→ Elasticsearch server".
We are concerned that username/password information may be leaked by specifying and writing plain text passwords in his yml files for winlogbeat'' and kibana.''
Please tell me how to perform https communication (encryption) without specifying the plaintext password in the yml file.

▼Settings file

▼Setting items


You can create a secure setting in the Elasticsearch keystore. For example, to add a secure setting for the Elasticsearch password, you can use the following command:

./bin/elasticsearch-keystore add xpack.security.http.ssl.secure_password

You'll be prompted to enter the password.

In your winlogbeat.yml and kibana.yml files, replace the plaintext password with the reference to the secure setting:

elasticsearch.password: "${xpack.security.http.ssl.secure_password}"

Restart Elasticsearch and Winlogbeat/Kibana for the changes to take effect.


1 Like

Hi Yago82 !
Thank you for your reply !
Your advice would be greatly appreciated by me.
I will check this command.

If you don't mind, I would like to see the official documentation and URL of the site that describes this method. Could you please help me?
Best regards
Thank you

@YUUTA.INOUE-JPN Here you go

1 Like

Stephenb san (In Japan, we add "san" to the names of people who are respect us. )
Thank you for your reply.
I remember you.
Thank you for helping me with the ILM matter previously.
Thanks again for providing me with the documentation.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.