Kibana.yml elasticsearch username and password

I’m setting up OpenDistro Kibana and Elasticsearch, but my Config files/Code will be in a company wide code repository.

Because of this I don’t want plaintext (or even hashed) username/password combos in our config files.

The kibana.yml file requires the following be set for Kibana to access ES

elasticsearch.username: “admin”
elasticsearch.password: “admin”

Is there a way to modify this to allow a cert file?

Hello, I think that you can use a truststore here is a link that may help you https://opendistro.github.io/for-elasticsearch-docs/docs/security/security-admin/#using-securityadmin-with-keystore-and-truststore-files

Use configuration management tool to encrypt the password. AES-256 encrypted data can be stored in repository.

With Ansible the variables are encrypted with vault, and I’m pretty sure encryption can be applied with Chef databags or Puppet Hiera.
I already implemented encrypted passwords feature here: GitHub - rt711/opendistro-for-elasticsearch-ansible: OpenDistro for ElasticSearch Ansible deployment