with upgrading our environments to 7.11 I tackled an old issue of mine: Trying to get our dev. cluster running with the xpack features active but without the need for those pesky certificates all the time.
The requirement for the setting
xpack.security.enabled to ALWAYS have
xpack.security.transport.ssl.enabled set to true as well is kind of annoying. I am very well aware that this would result in my "secure" cluster sending data over the network in plaintext, freely accessible by any attacker. Please let me deal with this risk myself.
Not every elasticsearch cluster is a prod. cluster. We have developer environments, all of our developers work with the SIEM application, a lot of them use their own device as a log source, as well as any OS/Appllication they might have an interest in.
With the current way elasticsearch is handling this it is extremely diffcult for us to work with the SIEM application and just add a new log source to the mix.
Every single time a developer wants to onboard a new log source he will have to create certificates for it.
I have not found a way to run
xpack.security.enabled: true without the need for certificates. If there is some sort of developement setting I am not aware of, please let me now..