-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Azure plugin certificate too dangerous ? #68
Comments
I do agree. That's the reason I brought up #67. |
After trying to keep passwords/keys safe for luks/cryptsetup and other tools,
then it will flag azure plugin to prompt the user to enter a password to continue. This won't work if we expect ES to start automatically from a node My two cents. |
@pwli I think that we can now support this (not tested though) with elastic/elasticsearch#10918 cc @jaymode |
@dadoonet correct we should be able to support prompting for any setting in the elasticsearch.yml file starting with elasticsearch 1.6.0. Configuration details are documented here https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-configuration.html#styles |
Closing as you could probably now use what @pwli suggested. Feel free to open a new issue in https://github.com/elastic/elasticsearch repo if it does not work as expected. |
Hi,
I have played with the azure plugin and am worried that the certificate
placed into Azure management pool can be very powerful. If a cracker
steals the password and keystore from the elasticsearch.yml, would they
be able to disrupt all the deployments from the same Azure subscription,
even if not related to elasticsearch ? E.g. they could use the keystore,
password to access the subscription fully and delete all the nodes ?
Is there a way to reduce the privilege of the uploaded certificates to
something safer ?
Thanks.
The text was updated successfully, but these errors were encountered: