Secure your settings

Some of the settings that you configure in Elasticsearch Add-On for Heroku are sensitive, such as passwords, and relying on file system permissions to protect these settings is insufficient. To protect your sensitive settings, use the Elasticsearch keystore. With the Elasticearch keystore, you can add a key and its secret value, then use the key in place of the secret value when you configure your sensitive settings.

There are three types of secrets that you can use:

  • Single string - Associate a secret value to a setting.
  • Multiple strings - Associate multiple keys to multiple secret values.
  • JSON block/file - Associate multiple keys to multiple secret values in JSON format.

Add secret values

Add keys and secret values to the keystore.

  1. Log into the Elasticsearch Add-On for Heroku console.
  2. From the Deployments page, select your deployment.

    Narrow your deployments by name, ID, or choose from several other filters. To customize your view, use a combination of filters, or change the format from a grid to a list.

  3. From your deployment menu, select Security.
  4. Click Create settings.
  5. On the Create setting window, select the secret Type.
  6. Configure the settings, then click Save.

Delete secret values

When your keys and secret values are no longer needed, delete them from the keystore.

  1. Log into the Elasticsearch Add-On for Heroku console.
  2. From the Deployments page, select your deployment.

    Narrow your deployments by name, ID, or choose from several other filters. To customize your view, use a combination of filters, or change the format from a grid to a list.

  3. From your deployment menu, select Security.
  4. From the Existing keystores list, click the delete icon next to the Setting Name that you want to delete.
  5. On the Confirm to delete window, click Confirm.