Hide LDAP credentials in config file

Mantas · February 21, 2024, 10:36am

** On behalf of a user of Slack **

“Is there a way to use the keystore to store the ldap bind_dn passwords that you have to normally store unencrypted in the config.xml file? Elasticsearch has documentation it can do this but it’s using a different plugin for security.”

Mantas · February 21, 2024, 10:38am

Hi geg6439,

You could try using env variables, see here for more details:
Using environmental variables in Open Distro security plugin configuration - #2 by clsa

Best,
mj

greg6439 · February 22, 2024, 2:18am

This worked great
I am using docker so i set env variable BIND_PASSWORD
I then referenced this in config.yml with
password: ${env.BIND_PASSWORD}

Topic		Replies	Views
LDAP password keystore Open Source Elasticsearch and Kibana	4	1053	December 29, 2021
LDAP configuration and password hash Security	2	627	June 9, 2021
Need configuration mechanism for the Opendistro elasticsearch configuration for LDAP/AD authentication with out providing bind dn user in the /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/config.yml file Security	7	480	August 5, 2021
How i can hide password values in security backend Security configure , security-issue	1	186	February 15, 2024
Opensearch config Security	1	244	April 7, 2023

Hide LDAP credentials in config file

Related Topics