Hiding the keystore password

[ihjaz Mohamed]

Hi,

How can I hide the keystore and truststore password so that it is not shown in plain text in the elasticsearch.yml file?

######## Start Search Guard Demo Configuration ########

searchguard.ssl.transport.keystore_filepath: ./certs/keystore.jks

searchguard.ssl.transport.truststore_filepath: ./certs/truststore.jks

searchguard.ssl.transport.enforce_hostname_verification: false

searchguard.ssl.transport.keystore_password: passw0rd1!

searchguard.ssl.transport.truststore_password: passw0rd1!

[SG]

put them into a env variable for example

https://www.elastic.co/guide/en/elasticsearch/reference/current/settings.html

> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/1024840b-7c21-4f80-8714-3c940a206543%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[ihjaz Mohamed]

I'm starting the elasticsearch as a service using systemctl and I need to specify the environment variable in the systemd folder. So I end up specifying the environment variable as below in the systemd folder which again can be seen in plain text. Is there a way to set the value, start the service and the unset the value?

[Service]
Environment="PASSPHRASE=passw0rd1!"

[SG]

thats a general linux question and not SG specific/related

Beside env var and system properties there is currently no other way to specify properties.
For mid term solution we plan to add support for Hashicorp Vault, but thats not on short term

> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/bd74b3f3-f735-48b0-a3b0-6eb0b86102a7%40googlegroups.com.