Set sensitive values as secret - Part 2 (#9127)

- Set sensitive values as secret in integrations.
- Updated package-spec to 3.0.2 in most packages to leverage secrets validation checks.
- Certain packages required fixes to mappings (due to missing or incorrect mappings).
- Certain packages were not able to go to package-spec 3.0.2 due to issues with dynamic mappings. These have been held back at 3.0.0.

packages/darktrace/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.15.0"
+  changes:
+    - description: Set sensitive values as secret.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/9127
 - version: "1.14.1"
   changes:
     - description: Changed owners

packages/darktrace/manifest.yml

@@ -1,15 +1,15 @@
 format_version: "3.0.0"
 name: darktrace
 title: Darktrace
-version: "1.14.1"
+version: "1.15.0"
 description: Collect logs from Darktrace with Elastic Agent.
 type: integration
 categories:
   - security
   - network_security
 conditions:
   kibana:
-    version: ^8.7.1
+    version: ^8.12.0
 screenshots:
   - src: /img/darktrace-screenshot.png
     title: Darktrace Model Breach Alert Dashboard Screenshot
@@ -46,11 +46,13 @@ policy_templates:
             title: Public API Token
             description: Public API Token.
             required: true
+            secret: true
           - name: private_token
             type: password
             title: Private API Token
             description: Private API Token.
             required: true
+            secret: true
           - name: proxy_url
             type: text
             title: Proxy URL

packages/entityanalytics_entra_id/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.1.0"
+  changes:
+    - description: Set sensitive values as secret.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/9127
 - version: "1.0.1"
   changes:
     - description: Changed owners

packages/entityanalytics_entra_id/data_stream/entity/manifest.yml

@@ -19,6 +19,7 @@ streams:
         type: password
         title: Secret (API Key)
         required: true
+        secret: true
       - name: dataset
         type: select
         title: Dataset

packages/entityanalytics_entra_id/manifest.yml

@@ -1,7 +1,7 @@
-format_version: "3.0.0"
+format_version: "3.0.2"
 name: entityanalytics_entra_id
 title: "Microsoft Entra ID Entity Analytics"
-version: "1.0.1"
+version: "1.1.0"
 description: "Collect identities from Microsoft Entra ID (formerly Azure Active Directory) with Elastic Agent."
 type: integration
 categories:
@@ -10,7 +10,7 @@ categories:
   - security
 conditions:
   kibana:
-    version: "^8.11.0"
+    version: "^8.12.0"
   elastic:
     subscription: "basic"
 icons:

packages/entityanalytics_okta/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.1.0"
+  changes:
+    - description: Set sensitive values as secret.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/9127
 - version: "1.0.1"
   changes:
     - description: Changed owners

packages/entityanalytics_okta/data_stream/user/manifest.yml

@@ -20,6 +20,7 @@ streams:
         required: true
         show_user: true
         description: The Okta API token, used for authentication.
+        secret: true
       - name: dataset
         type: select
         title: Okta Dataset

packages/entityanalytics_okta/manifest.yml

@@ -1,14 +1,14 @@
-format_version: "3.0.0"
+format_version: "3.0.2"
 name: entityanalytics_okta
 title: Okta Entity Analytics
-version: "1.0.1"
+version: "1.1.0"
 description: "Collect User Identities from Okta with Elastic Agent."
 type: integration
 categories:
   - security
 conditions:
   kibana:
-    version: "^8.9.0"
+    version: "^8.12.0"
   elastic:
     subscription: "basic"
 screenshots:

packages/f5_bigip/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.14.0"
+  changes:
+    - description: Set sensitive values as secret.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/9127
 - version: "1.13.2"
   changes:
     - description: Changed owners

packages/f5_bigip/manifest.yml

@@ -1,14 +1,14 @@
-format_version: "3.0.0"
+format_version: "3.0.2"
 name: f5_bigip
 title: F5 BIG-IP
-version: "1.13.2"
+version: "1.14.0"
 description: Collect logs from F5 BIG-IP with Elastic Agent.
 type: integration
 categories:
   - security
 conditions:
   kibana:
-    version: ^7.17.0 || ^8.0.0
+    version: ^8.12.0
   elastic:
     subscription: basic
 screenshots:
@@ -44,12 +44,14 @@ policy_templates:
             description: The header to check for a specific value specified by `secret.value`.
             required: false
             show_user: false
+            secret: false
           - name: secret_value
             type: password
             title: Secret Value
             description: The secret stored in the header name specified by `secret.header`.
             required: false
             show_user: false
+            secret: true
           - name: ssl
             type: yaml
             title: SSL Configuration
@@ -112,20 +114,23 @@ policy_templates:
             required: false
             show_user: true
             description: First part of access key.
+            secret: true
           - name: secret_access_key
             type: password
             title: Secret Access Key
             multi: false
             required: false
             show_user: true
             description: Second part of access key.
+            secret: true
           - name: session_token
-            type: text
+            type: password
             title: Session Token
             multi: false
             required: false
             show_user: true
             description: Required when using temporary security credentials.
+            secret: true
           - name: shared_credential_file
             type: text
             title: Shared Credential File

packages/forgerock/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.15.0"
+  changes:
+    - description: Set sensitive values as secret.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/9127
 - version: "1.14.1"
   changes:
     - description: Changed owners

packages/forgerock/manifest.yml

@@ -1,13 +1,13 @@
 name: forgerock
 title: "ForgeRock"
-version: "1.14.1"
+version: "1.15.0"
 description: Collect audit logs from ForgeRock with Elastic Agent.
 type: integration
-format_version: "3.0.0"
+format_version: "3.0.2"
 categories: ["security"]
 conditions:
   kibana:
-    version: ^8.7.1
+    version: ^8.12.0
 screenshots:
   - src: /img/forgerock-dashboard.png
     title: ForgeRock Dashboard
@@ -52,17 +52,19 @@ policy_templates:
             required: false
             show_user: false
           - name: api_key
-            type: text
+            type: password
             title: API Key
             multi: false
             required: true
             show_user: true
+            secret: true
           - name: api_secret
             type: password
             title: API Secret
             multi: false
             required: true
             show_user: true
+            secret: true
           - name: initial_interval
             type: text
             title: Initial Interval

packages/gcp_pubsub/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.13.0"
+  changes:
+    - description: Set sensitive values as secret.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/9127
 - version: "1.12.1"
   changes:
     - description: Changed owners

packages/gcp_pubsub/data_stream/generic/manifest.yml

@@ -44,12 +44,13 @@ streams:
         show_user: true
         description: Path to a JSON file containing the credentials and key used to subscribe.
       - name: credentials_json
-        type: text
+        type: password
         title: Credentials JSON
         multi: false
         required: false
         show_user: true
         description: JSON blob containing the credentials and key used to subscribe.
+        secret: true
       - name: subscription_create
         type: bool
         title: Subscription Create

packages/gcp_pubsub/manifest.yml

@@ -1,21 +1,21 @@
 name: gcp_pubsub
 title: Custom Google Pub/Sub Logs
-version: "1.12.1"
+version: "1.13.0"
 description: Collect Logs from Google Pub/Sub topics
 type: integration
 icons:
   - src: /img/logo_gcp.svg
     title: logo gcp
     size: 32x32
     type: image/svg+xml
-format_version: "3.0.0"
+format_version: "3.0.2"
 categories:
   - observability
   - google_cloud
   - custom
 conditions:
   kibana:
-    version: ^7.16.0 || ^8.0.0
+    version: ^8.12.0
 policy_templates:
   - name: gcp
     title: Custom Google Pub/Sub Logs

packages/github/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.28.0"
+  changes:
+    - description: Set sensitive values as secret and fix incorrect mappings.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/9127
 - version: "1.27.3"
   changes:
     - description: Clean up null handling, formatting

packages/github/data_stream/audit/manifest.yml

@@ -4,12 +4,13 @@ streams:
   - input: httpjson
     vars:
       - name: access_token
-        type: text
+        type: password
         title: Personal Access Token
         description: the GitHub Personal Access Token. Requires `read:audit_log` scope
         multi: false
         required: true
         show_user: true
+        secret: true
       - name: organization
         type: text
         title: Organization Name

packages/github/data_stream/audit/sample_event.json

@@ -1,11 +1,11 @@
 {
     "@timestamp": "2020-11-18T17:05:48.837Z",
     "agent": {
-        "ephemeral_id": "fbdd879c-8de1-464b-a6a2-dbd9847eff73",
-        "id": "f86f831a-cae2-454f-a985-4f579b0ee515",
+        "ephemeral_id": "9246e7d9-fcc1-46ab-b3fd-2d0888f2a94d",
+        "id": "ad5c3ec8-3015-4cd2-a269-a2f3df062a2c",
         "name": "docker-fleet-agent",
         "type": "filebeat",
-        "version": "8.7.1"
+        "version": "8.12.0"
     },
     "data_stream": {
         "dataset": "github.audit",
@@ -16,9 +16,9 @@
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "f86f831a-cae2-454f-a985-4f579b0ee515",
+        "id": "ad5c3ec8-3015-4cd2-a269-a2f3df062a2c",
         "snapshot": false,
-        "version": "8.7.1"
+        "version": "8.12.0"
     },
     "event": {
         "action": "repo.destroy",
@@ -27,10 +27,10 @@
             "configuration",
             "web"
         ],
-        "created": "2023-09-28T20:59:05.392Z",
+        "created": "2024-01-18T15:58:09.826Z",
         "dataset": "github.audit",
         "id": "LwW2vpJZCDS-WUmo9Z-ifw",
-        "ingested": "2023-09-28T20:59:06Z",
+        "ingested": "2024-01-18T15:58:19Z",
         "kind": "event",
         "original": "{\"@timestamp\":1605719148837,\"_document_id\":\"LwW2vpJZCDS-WUmo9Z-ifw\",\"action\":\"repo.destroy\",\"actor\":\"monalisa\",\"created_at\":1605719148837,\"org\":\"mona-org\",\"repo\":\"mona-org/mona-test-repo\",\"visibility\":\"private\"}",
         "type": [
@@ -58,4 +58,4 @@
     "user": {
         "name": "monalisa"
     }
-}
+}

packages/github/data_stream/code_scanning/manifest.yml

@@ -4,12 +4,13 @@ streams:
   - input: httpjson
     vars:
       - name: access_token
-        type: text
+        type: password
         title: Personal Access Token
         description: the GitHub Personal Access Token.  Requires the 'public_repo' scope for public repositories and 'security_events' scope for private repositories. \nSee [List code scanning alerts for a repository](https://docs.github.com/en/rest/code-scanning#list-code-scanning-alerts-for-a-repository)
         multi: false
         required: true
         show_user: true
+        secret: true
       - name: owner
         type: text
         title: Repository owner