When you configure Winlogbeat, you might need to specify sensitive settings, such as passwords. Relying on the file system to protect these values is not sufficient. Winlogbeat provides a keystore for storing secret values to use in configuration settings.
Unlike the Elasticsearch keystore, the Winlogbeat keystore does not store actual configuration settings. Instead, you add a key and secret value to the keystore, and then use the key in place of the secret value when you configure sensitive settings.
The syntax for referencing keys is identical to the syntax for environment variables:
Where KEY is the name of the key.
For example, imagine that the keystore contains a key called
ES_PWD with the
In the configuration file, use
On the command line, use:
When Winlogbeat unpacks the configuration, it resolves keys before resolving environment variables and other variables.
To create and manage keys, use the
keystore command. See the
command reference for the full command syntax, including
keystore command must be run by the same user who will run
Create a keystoreedit
To create a secrets keystore, use:
winlogbeat keystore create
Winlogbeat creates the keystore in the directory defined by the
To store sensitive values, such as authentication credentials for Elasticsearch,
keystore add command:
winlogbeat keystore add ES_PWD
When prompted, enter a value for the key.
To overwrite an existing key’s value, use the
winlogbeat keystore add ES_PWD --force
To pass the value through stdin, use the
--stdin flag. You can also use
cat /file/containing/setting/value | winlogbeat keystore add ES_PWD --stdin --force
To list the keys defined in the keystore, use:
winlogbeat keystore list
To remove a key from the keystore, use:
winlogbeat remove ES_PWD