Watcher webhook gives error 401 Authorization after certificate update

Recently upgraded Elasticsearch from 8.3.2 to 8.6.2
we have watcher with webhook posting information to 3rd party application
for one of the instances of that 3rd party application we had to update SSL certificate
after updating the certificate we started getting 401 authorization error on the watcher.
also noticed that Authorization token in the watcher code has been replaced by "::es_redacted::"

"actions": {
"webhook_1": {
"webhook": {
"scheme": "https",
"host": "",
"port": 443,
"method": "post",
"path": "/api/1.0/route",
"params": {},
"headers": {
"Authorization": "::es_redacted::",
"Content-Type": "application/json"
"body": """[{ "source_ip"

If I replace "::es_redacted::" with actual token - watcher works fine but if I save it it gets back to "::es_redacted::" and fails to work.
Other webhooks, communicating with other instances also have "::es_redacted::" but no error, however we haven't updated certificate there yet.
please advice what is causing this issue and how to fix it.

i has same problem with 8.6.2
in watcher http input "Authorization" will be redacted
but watcher edit ui save action not replace redacted to original data,
get that watcher source from .watcher index , that's saved "::es_redacted::", it means you lost your token. :frowning:

original watcher save -> (normal) .watcher -> (redacted) load watcher ui -> (bug, redacted string will save) save watcher again -> 401

I've searched the forums and github issues, but haven't found a patch for this, and the current solution is to save the token anew each time.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.