'Where does Elaticsearch take the elasticsearch-keystore password from?
I've been reading the little documentation Elastic provides, but it is just about how to operate it. And I don't really understand the fundamentals of it.
- You initialise the keystore with a password:
bin/elasticsearch-keystore passwd - You add a key-value to it
bin/elasticsearch-keystore add mySecret(prompts for secret) - You refer to the key inside elasticsearch.yml i.e.
${mySecret} - Start Elasticsearch, and the value is magically extracted and replaced from the keystore.
My doubt is: how does Elasticsearch get the password to decrypt the keystore and use the values in the configuration file? Or is the keystore password stored somewhere?
If yes, where? In this case I don't see the benefit of using keystore at all?
elasticsearchSolution 1:[1]
@sscarduzio place your password in ansible yml file, protect the yml file with ansible-vault, this way you only have to remember and type only the vault password for all the keystores and sensitive passwords with some further tricks depensing on your setup you can automate further and supply vault password with automation
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Chander Goyal |