Openserach how to secure Sign-in / best practices


We want to setup properly our dataprepper and we are stuck in how to secure the login/password used in dataprepper files.

In all samples, the login/password is harcoded in the file but that seems not to be a the right thing to do.

So what are the best practices around this?

Is there a way to use a certificate? or to set the login/password in a “secrets” under docker but not in the config file?


Hi Vincent,

Thanks for your interest in Data Prepper. Data Prepper doesn’t support use a certificate or use of docker secrets to set the login/password for http basic auth. I have opened a feature request: Read http basic auth username and password from secret manager · Issue #1929 · opensearch-project/data-prepper · GitHub.

Data Prepper has implemented http basic authentication as implementation of ArmeriaHttpAuthenticationProvider. If you have a custom implementation of http auth, this can be implemented as a decorator similar to HttpBasicArmeriaHttpAuthenticationProvider.



thanks for the update. I put a comment in the “request” ticket to have some update on this. I hope we can have something to secure the sensitive information.