Server.ssl.keystore.password in /usr/share/opensearch-dashboards/config/opensearch_dashboards.keystore not working

server.host: “0.0.0.0”
opensearch.hosts: [“https://localhost:9200”]
opensearch.username: “kibanaserver”
opensearch.ssl.certificateAuthorities: “/etc/ssl/certs/RCA.crt”
opensearch.password: “kibanaserver” #TODO this has to be read from the keystore but that is not working or atleast from the env

server.ssl.enabled: true
server.ssl.keystore.path: “/etc/opensearch-dashboards/test.p12”
server.ssl.keystore.password: ${HTTPS_CERT_PASSWORD} #TODO this needs to be read from the keystore, but facing some issues WIP

opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.enable_global: true
opensearch_security.multitenancy.tenants.enable_private: true

both opensearch.password and server.ssl.keystore.password works only when they are in the opensearch_dashboards.yml and not from the keystore

/usr/share/opensearch-dashboards/bin/opensearch-dashboards-keystore list
server.ssl.keystore.password

Hi @Venkat,

have you considered using environment variables?

something similar to:

best,
mj

Our depployment model is on-premise, and we don’t want our client administrators to check the passwords from the environment or the YAML files. We want to store passwords securely in the keystore so that the OpenSearch dashboard can read them and use them for OpenSearch search communication, as well as for using the SSL certificates. This feature is available in OpenSearch, Elasticsearch, and Kibana, but it seems to be missing in the OpenSearch dashboard.