allow prompts for passwords in elasticsearch.yml #10838
Comments
clintongormley
added
discuss
:Core/Infra/Settings
|
@jaymode any thoughts on this? |
|
This is something we've discussed and looked into, but ran into issues with multiple passwords prompts I believe (/cc @spinscale). I'm also not sure how or if this will work with the services used for package installations. If we were to implement it as described, I think it would need to be a startup time scan through all settings with a special value (maybe |
|
I realize the complication associated with multiple passwords, hence different prompts. One solution is a key-value file with root only access, or a here file (<<eof) in the auto-startup script with root only access. Another is to encrypt the whole elasticsearch.yml file and on start up, a single password is used to decrypt in memory. The password can be passed by stdin. In my situation, bare passwords are not allowed to be in the nodes for security reasons. So we always start the services remotely from command and control hosts and with control programs, not manually. Also, if we have to restart a node, we rather it didn't automatically. We want to know why it failed first. Thanks
|
|
Peter, thanks for the follow up. I'm going to look into adding the functionality to prompt on startup for settings with a special placeholder. |
Some settings may be considered sensitive, such as passwords, and storing them in the configuration file on disk is not good from a security perspective. This change allows settings to have a special value, `__prompt__`, that indicates elasticsearch should prompt the user for the actual value on startup. This only works when started in the foreground. In cases where elasticsearch is started as a service or in the background, an exception will be thrown. Closes elastic#10838
Some settings may be considered sensitive, such as passwords, and storing them in the configuration file on disk is not good from a security perspective. This change allows settings to have a special value, `__prompt__`, that indicates elasticsearch should prompt the user for the actual value on startup. This only works when started in the foreground. In cases where elasticsearch is started as a service or in the background, an exception will be thrown. Closes elastic#10838
Some settings may be considered sensitive, such as passwords, and storing them
in the configuration file on disk is not good from a security perspective. This change
allows settings to have a special value, `${prompt::text}` or `${prompt::secret}`, to
indicate that elasticsearch should prompt the user for the actual value on startup.
This only works when started in the foreground. In cases where elasticsearch is started
as a service or in the background, an exception will be thrown.
Closes elastic#10838
Some settings may be considered sensitive, such as passwords, and storing them
in the configuration file on disk is not good from a security perspective. This change
allows settings to have a special value, `${prompt::text}` or `${prompt::secret}`, to
indicate that elasticsearch should prompt the user for the actual value on startup.
This only works when started in the foreground. In cases where elasticsearch is started
as a service or in the background, an exception will be thrown.
Closes #10838
The listing of passwords in elasticsearch.yml for accessing key stores is
dangerous. If someone steals the yml and key store file, they can open
the keystore and access to mimic the system. I wonder if there is a way to
create a tag for the passwords in the yml file that will have the process
prompt for the password at startup.
For example, in the yml:
will become:
and the system will then prompt the user for the password at start up:
Hopefully, the password is a strong one. But it won't be recorded and
be visible.
If the yml file is stolen, it won't have sufficient information to crack the key
store. For multiple password entries, they will be prompted in their order
of appearance.
Thanks
The text was updated successfully, but these errors were encountered: