Hello,
can anybody give me a hint how keytools and keystores work? And what is the difference between them?
I would like to store password for logstash connecting to opensearch and for my own scripts that controls, monitors and cross cluster replicate data but in my scripts i have passwords in plain-text, too.
Java includes the keytool utility in its releases. We use it to manage keys and certificates and store them in a keystore. The keytool command allows us to create self-signed certificates and show information about the keystore.
Keystore
A keystore can be a repository where private keys, certificates and symmetric keys can be stored. This is typically a file, but the storage can also be handled in different ways.
Example:
change the default password for Java CAcert store. Default password is changeit
Normally when creating Self-signed certs using openssl it will ask for a pasphrase , this would be the password needed. or if the application needs to access the keystore this would be the password used and shown above.
I got requirements to ship data to Opensearch with 2FA (USR/PWD + OTP) or Certificates.
I know that I can ship data to Opensearch with user/password and cacert, but I think, it won´t be enought secure.
Can Logstash connect with certificate authentication? Connect by Cert/Key and Cacert validation?
Then I can store these certs in keystore.