You cannot specify a keystore and key file

Trying to get Elasticsearch 7.13 to run in Kubernetes with security enabled via the official helm chart.

The error is elasticsearch java.lang.IllegalArgumentException: you cannot specify a keystore and key file. What does this mean?

values.yaml

---
imageTag: "7.17.3"
replicas: 2
esJavaOpts: "-Xmx3g -Xms3g"

volumeClaimTemplate:
  accessModes: ["ReadWriteOnce"]
  resources:
    requests:
      storage: 10Gi

extraVolumes:
  - name: pwd
    hostPath:
      path: /certs/
extraVolumeMounts:
  - name: pwd
    mountPath: /pwd
    readOnly: true

# Enable passwords and HTTPS
protocol: https
esConfig:
  elasticsearch.yml: |
    xpack.security.enabled: true
    xpack.security.transport.ssl.enabled: true
    xpack.security.transport.ssl.verification_mode: certificate
    xpack.security.transport.ssl.keystore.path: /pwd/elastic-certificates.p12
    xpack.security.transport.ssl.truststore.path: /pwd/elastic-certificates.p12
    xpack.security.http.ssl.enabled: true
    xpack.security.http.ssl.truststore.path: /pwd/elastic-certificates.p12
    xpack.security.http.ssl.keystore.path: /pwd/elastic-certificates.p12

secret:
  password: ***
elasticsearch uncaught exception in thread [main]                                                                                                                                                             ││ elasticsearch java.lang.IllegalArgumentException: you cannot specify a keystore and key file                                                                                                                  ││ elasticsearch     at org.elasticsearch.xpack.core.ssl.CertParsingUtils.createKeyConfig(CertParsingUtils.java:232)                                                                                             ││ elasticsearch     at org.elasticsearch.xpack.core.ssl.SSLConfiguration.createKeyConfig(SSLConfiguration.java:164)                                                                                             ││ elasticsearch     at org.elasticsearch.xpack.core.ssl.SSLConfiguration.<init>(SSLConfiguration.java:51)                                                                                                       ││ elasticsearch     at org.elasticsearch.xpack.core.ssl.SSLService.lambda$getSSLConfigurations$4(SSLService.java:524)                                                                                           ││ elasticsearch     at java.base/java.util.HashMap.forEach(HashMap.java:1421)                                                                                                                                   ││ elasticsearch     at java.base/java.util.Collections$UnmodifiableMap.forEach(Collections.java:1553)                                                                                                           ││ elasticsearch     at org.elasticsearch.xpack.core.ssl.SSLService.getSSLConfigurations(SSLService.java:519)                                                                                                    ││ elasticsearch     at org.elasticsearch.xpack.core.XPackPlugin.createSSLService(XPackPlugin.java:519)                                                                                                          ││ elasticsearch     at org.elasticsearch.xpack.core.XPackPlugin.createComponents(XPackPlugin.java:338)                                                                                                          ││ elasticsearch     at org.elasticsearch.node.Node.lambda$new$18(Node.java:736)                                                                                                                                 ││ elasticsearch     at java.base/java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:273)                                                                                                      ││ elasticsearch     at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1625)                                                                                                 ││ elasticsearch     at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)                                                                                                          ││ elasticsearch     at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)                                                                                                   ││ elasticsearch     at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:921)                                                                                                     ││ elasticsearch     at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)                                                                                                          ││ elasticsearch     at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:682)                                                                                                         ││ elasticsearch     at org.elasticsearch.node.Node.<init>(Node.java:750)                                                                                                                                        ││ elasticsearch     at org.elasticsearch.node.Node.<init>(Node.java:309)                                                                                                                                        ││ elasticsearch     at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:234)                

The problem seems to be that the xpack.security.transport.ssl.key is hardcoded in the chart.