I freshly installed elasticsearch 7.6 in RHEL7 and started it successfully.
When I add "test" keystore with command "./elasticsearch-keystore add test" and restarted elasticsearch service, its not starting up and showing below error "unknown secure setting [test]". What is the steps to add a keystore so that the key can be use in elasticsearch.yml file to replace clear text password of "auth.password:"
logs: at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:126) [elasticsearch-7.6.0.jar:7.6.0] at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) [elasticsearch-7.6.0.jar:7.6.0] [2020-06-06T13:28:46,126][ERROR][o.e.b.ElasticsearchUncaughtExceptionHandler] [biks-m03] uncaught exception in thread [main] org.elasticsearch.bootstrap.StartupException: java.lang.IllegalArgumentException: unknown secure setting [test] please check that any required plugins are installed, or check the breaking changes documentation for removed settings at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:174) ~[elasticsearch-7.6.0.jar:7.6.0] at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:161) ~[elasticsearch-7.6.0.jar:7.6.0] at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-7.6.0.jar:7.6.0]
The elasticsearch keystore works a bit differently. Rather than creating keys and then using those keys in place of a value in your elasticsearch.yml, you just add the setting name as a key within the keystore.
In other words, you could create a key within the keystore named xpack.security.transport.ssl.keystore.secure_password and then for the value specify whatever you want the value for the setting to be. Then, in elasticsearch.yml, you just omit that setting. Elasticsearch will read it directly out of the keystore.
It's worth noting that not all settings are supported. The setting will have (secure) within the documentation to indicate that it can be used within the keystore. I recommend seeing this and this. Hopefully that helps.
@Bikash_Swain Looking at the monitoring settings here you will see two options to specify this password - auth.password and auth.secure_password. You will notice that auth.secure_password has (secure) next to it indicating it can be used in the keystore.
Following your example, you would add a key named xpack.monitoring.exporters.id1.auth.secure_password to the keystore and set its value to whatever you want the value to be. Then, remove the auth.password: YOUR_PASSWORD line from your elasticsearch.yml. Elasticsearch will read it directly from the keystore.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.