Using Vault ensures that your Elasticsearch password will be encrypted in the database. If you do not use Vault, your Elasticsearch password will be saved as clear text.
-
Install Vault.
-
Open a command line interface and launch Vault using the following command:
vault server -dev -dev-root-token-id root
-
Add the Environment variable:
export VAULT_ADDR='http://127.0.0.1:8200
-
Enable transit using the following command:
vault secrets enable transit
-
Create an encryption key ring called rms using the following command:
vault write -f transit/keys/rms
-
Create a policy file with a .hcl extension with the following content
path "transit/encrypt/rms" {
capabilities = [ "update" ]
}
path "transit/decrypt/rms” {
capabilities = [ "update" ]
}
-
Run the following command:
vault policy write app-rms <filename>.hcl
-
Create a token with the app-rms policy attached using the following command:
vault token create -policy=app-rms
-
Record the token value.