honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-02-09 22:45:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
OpenSearch/docs/en/watcher/encrypting-data.asciidoc
Alexander Reelsen 23b4368fe4 Docs: Fix encrypt watcher sensitive data documentation (elastic/x-pack-elasticsearch#4198) 
The documentation mentions that the xpack.watcher.encrypt_sensitive_data
setting needs to be set in the keystore. This is wrong however, it needs
to be set in the standard elasticsearch yaml file.

relates elastic/x-pack-elasticsearch#4195


Original commit: elastic/x-pack-elasticsearch@613d63da85
2018-03-22 18:57:31 +01:00

50 lines
1.5 KiB
Plaintext
Raw Blame History

[[encrypting-data]]
== Encrypting Sensitive Data in {watcher}
Watches might have access to sensitive data such as HTTP basic authentication
information or details about your SMTP email service. You can encrypt this
data by generating a key and adding some secure settings on each node in your
cluster.
To encrypt sensitive data in {watcher}:
. Use the {ref}/syskeygen.html[syskeygen] command to create a system key file.
. Copy the `system_key` file to all of the nodes in your cluster.
+
--
IMPORTANT: The system key is a symmetric key, so the same key must be used on
every node in the cluster.
--
. Set the
{ref}/notification-settings.html[`xpack.watcher.encrypt_sensitive_data` setting]:
+
--
[source,sh]
----------------------------------------------------------------
xpack.watcher.encrypt_sensitive_data: true
----------------------------------------------------------------
--
. Set the
{ref}/notification-settings.html[`xpack.watcher.encryption_key` setting] in the
{ref}/secure-settings.html[{es} keystore] on each node in the cluster.
+
--
For example, run the following command to import the `system_key` file on
each node:
[source,sh]
----------------------------------------------------------------
bin/elasticsearch-keystore add-file xpack.watcher.encryption_key <filepath>/system_key
----------------------------------------------------------------
--
. Delete the `system_key` file on each node in the cluster.
NOTE: Existing watches are not affected by these changes. Only watches that you
create after following these steps have encryption enabled.
Reference in New Issue View Git Blame Copy Permalink