Hi, we are currently wrestling with the problem of how to create a keystore for use with dockerized logstash.
I have seen one solution in the forum already: How to use keystore in Dockerized logstash?, however we do not want to bake the keystore into the image because we need different keystores in different environments, and we don't want to have to rebuild the image for each one. Additionally, as the author of the post also mentions, the image would have to be rebuilt every time the keystore had to change.
An appropriate solution seem to have the keystore outside of the docker container, using a bind mount. This way we can created the keystore on a per environment basis without having to rebuild the image.
The one problem with this approach, however, is that there appears to be a specific tool to create the keystore that comes with elastic,
logstash-keystore. Since we have logstash in a docker container, we don't really want to have to also then install elastic/logstash on the host itself. But it seems we might have to do this temporarily to have access to
logstash-keystore in order to create the keystore externally to the container.
Is this in fact the correct approach, and if not, can someone please recommend a better way?