Read credentials from file in security config

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):

2.11.1 running in Kubernetes (various versions from 1.23 to 1.27)

Describe the issue:

Is it somehow possible to get configuration values from files?

My use case: I “manage” all my infrastructure and applications “the GitOps way” using ArgoCD. This is especially useful, since I use it to bootstrap new clusters fast!

So all my configuration is in Git.

To add my login config (I use Keycloak OIDC for it), I need to provide the client name and client secret. But I don’t want to add it directly to Git, of course! So I tried the following:

    secure: true
  auth.type: openid
    connect_url: ...
    client_id: $(cat /run/secrets/oidc-client-credentials/id)
    client_secret: $(cat /run/secrets/oidc-client-credentials/secret)
    scope: openid profile email

That’s not working.

Is there a way to ge the id and secret from the files? I would prefer files directly, but Env variables would also be fine.

Thanks in advance!

Found out you can just use env variables, like


At least when using the Bitnami Helm chart (maybe this sets some config on the security shell script already).

Still it would be interesting, if there is a way to read them from files.

Leaving these two here for reference: