Why xpack.ssl.key_passphrase and xpack.ssl.secure_key_passphrase


(Matt M) #1

In the documentation (https://www.elastic.co/guide/en/elasticsearch/reference/6.2/security-settings.html) there are two settings (xpack.ssl.key_passphrase and xpack.ssl.secure_key_passphrase) that have exactly the same description. Can someone shed some light on these two settings and how they differ?

I am asking because I receive this warning while executing setup-password.bat.
12:09:29.127 [main] WARN org.elasticsearch.deprecation.common.settings.Settings - [key_passphrase] setting was deprecated in Elasticsearch and will be removed in a future release! See the breaking changes documentation for the next major version.

I have tried executing setup-password.bat with only xpack.ssl.secure_key_passphrase added to the keystore and it appears setup-password.bat does not / can not look at this setting. So my question is once xpack.ssl.key_passphrase is removed how are we suppose to be executing setup-password.bat? Should we be disabling ssl prior to executing setup-password.bat ?

Other Documentation:
https://www.elastic.co/guide/en/elasticsearch/reference/6.x/setup-passwords.html
https://www.elastic.co/guide/en/x-pack/6.x/setting-up-authentication.html#set-built-in-user-passwords


(Ryan Ernst) #2

What behavior happens in this case? Can you give reproduction instructions?


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.