Passwords in elasticsearch.yml
41 views
Skip to first unread message
djoh...@integritypays.com
May 18, 2018, 9:48:33 AM5/18/18
to Search Guard Community Forum
Can the hash.sh be used to hash the passwords for Search Guard pemkey, keystore or truststore passwords in elasticsearch.yml? If not what would be the best option using the elasticsearch-keystore, kibana-keystore and logstash-keystore to store them and just do a call back to them in the yml files?
Soma Somasekhar
May 18, 2018, 9:52:33 AM5/18/18
to search...@googlegroups.com
We can use Search Guard TLS Tool of Search Guard .Search Guard itself providing multiple options to generate the certificates.
Please check below link https://docs.search-guard.com/latest/offline-tls-tool
On Fri, May 18, 2018 at 7:18 PM, <djoh...@integritypays.com> wrote:
Can the hash.sh be used to hash the passwords for Search Guard pemkey, keystore or truststore passwords in elasticsearch.yml? If not what would be the best option using the elasticsearch-keystore, kibana-keystore and logstash-keystore to store them and just do a call back to them in the yml files?
integritypays.com | 888.477.4510
1700 Higgins Rd, Suite 690, Des Plaines, IL 60018
--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/6b3eab5e-1f9f-487f-9038-7356f5f5aa63%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Thanks&Regards
Somasekhar K9916483548
Jochen Kressin
May 18, 2018, 5:14:09 PM5/18/18
to search...@googlegroups.com
The hash.sh can't be used to hash the PEM or truststore passwords. It produces a BCrypt hash suitable for the Search Guard internal user database only.
I guess the question is how to make elasticsearch.yml free of passwords, right? In that case the recommendation is to use environment variable substitution:
Soma Somasekhar
May 19, 2018, 12:42:40 AM5/19/18
to search...@googlegroups.com
If you use TLS TOOLS then check tlsconfig.yml file.In that file pkPassword parameter value.pkPassword is the PEM or truststore password.
On Sat, May 19, 2018 at 2:44 AM, Jochen Kressin <jkre...@floragunn.com> wrote:
The hash.sh can't be used to hash the passwords of the passwords of the PEM or truststore passwords. It produces a BCrypt hash suitable for the Search Guard internal user database only.
--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/304a5f62-8742-4fa5-8978-5bf3cfe03936%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages