You can specify secure settings with a Kubernetes secret. The secret should contain a key-value pair for each secure setting you want to add. Reference that secret in the Elasticsearch resource specification for ECK to automatically inject those settings into the keystore on each node before it starts Elasticsearch.

spec:
  secureSettings:
    secretName: your-secure-settings-secret

See How to create automated snapshots for an example use case.