From 8a6d0621804c98e61176fd771923dcbfeac8aaa0 Mon Sep 17 00:00:00 2001 From: Alexander Reelsen Date: Tue, 26 Jun 2018 16:24:28 +0200 Subject: [PATCH] Docs: Clarify sensitive fields watcher encryption (#31551) Clarify the scope of encrypting sensitive settings in watcher, which fields are encrypted and if users can have their own encrypted fields. --- x-pack/docs/en/watcher/encrypting-data.asciidoc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/x-pack/docs/en/watcher/encrypting-data.asciidoc b/x-pack/docs/en/watcher/encrypting-data.asciidoc index 166ef6f14d7..9319c9f7938 100644 --- a/x-pack/docs/en/watcher/encrypting-data.asciidoc +++ b/x-pack/docs/en/watcher/encrypting-data.asciidoc @@ -6,6 +6,12 @@ information or details about your SMTP email service. You can encrypt this data by generating a key and adding some secure settings on each node in your cluster. +Every `password` field that is used in your watch within a HTTP basic +authentication block - for example within a webhook, a HTTP input or when using +the reporting email attachment - will not be stored as plain text anymore. Also +be aware, that there is no way to configure your own fields in a watch to be +encrypted. + To encrypt sensitive data in {watcher}: . Use the {ref}/syskeygen.html[elasticsearch-syskeygen] command to create a system key file.