Secure settings are permitted in elasticsearch.yml if also present in keystore
#109115
Assignees
Labels
>bug
:Core/Infra/Settings
Settings infrastructure and APIs
Team:Core/Infra
Meta label for core/infra team
Comments
|
Pinging @elastic/es-core-infra (Team:Core/Infra) |
alexey-ivanov-es
added a commit
to alexey-ivanov-es/elasticsearch
that referenced
this issue
Oct 28, 2024
Elasticsearch should refuse to start if a secure setting is defined in elasticsearch.yml, in order to protect users from accidentally putting their secrets in a place where they are unexpectedly visible Fixes elastic#109115
alexey-ivanov-es
added a commit
that referenced
this issue
Nov 4, 2024
* Don't allow secure settings in YML config (109115) Elasticsearch should refuse to start if a secure setting is defined in elasticsearch.yml, in order to protect users from accidentally putting their secrets in a place where they are unexpectedly visible Fixes #109115
jozala
pushed a commit
that referenced
this issue
Nov 13, 2024
* Don't allow secure settings in YML config (109115) Elasticsearch should refuse to start if a secure setting is defined in elasticsearch.yml, in order to protect users from accidentally putting their secrets in a place where they are unexpectedly visible Fixes #109115
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Elasticsearch should refuse to start if a secure setting is defined in
elasticsearch.yml, in order to protect users from accidentally putting their secrets in a place where they are unexpectedly visible. However, settings in the keystore apparently quietly override those inelasticsearch.yml, which means that if you put a secure setting in both places then Elasticsearch will use the one from the keystore and will totally ignore the one inelasticsearch.ymlinstead of refusing to start.The text was updated successfully, but these errors were encountered: