Watches might have access to sensitive data such as HTTP basic authentication information or details about your SMTP email service. You can encrypt this data by generating a key and adding some secure settings on each node in your cluster.
To encrypt sensitive data in Watcher:
- Use the elasticsearch-syskeygen command to create a system key file.
system_keyfile to all of the nodes in your cluster.
The system key is a symmetric key, so the same key must be used on every node in the cluster.
For example, run the following command to import the
system_keyfile on each node:
bin/elasticsearch-keystore add-file xpack.watcher.encryption_key <filepath>/system_key
- Delete the
system_keyfile on each node in the cluster.
Existing watches are not affected by these changes. Only watches that you create after following these steps have encryption enabled.