- Observability: other versions:
- What is Elastic Observability?
- What’s new in 8.14
- Get started
- Observability AI Assistant
- Application performance monitoring (APM)
- Self manage APM Server
- Data Model
- Features
- Navigate the APM UI
- Perform common tasks in the APM UI
- Configure APM agents with central config
- Control access to APM data
- Create an alert
- Create and upload source maps (RUM)
- Create custom links
- Filter data
- Find transaction latency and failure correlations
- Identify deployment details for APM agents
- Integrate with machine learning
- Explore mobile sessions with Discover
- Observe Lambda functions
- Query your data
- Storage Explorer
- Track deployments with annotations
- OpenTelemetry integration
- Manage storage
- Configure
- Advanced setup
- Secure communication
- Monitor
- APM Server API
- APM UI API
- Troubleshoot
- Upgrade
- Release notes
- Known issues
- Log monitoring
- Infrastructure monitoring
- AWS monitoring
- Azure monitoring
- Synthetic monitoring
- Get started
- Scripting browser monitors
- Configure lightweight monitors
- Manage monitors
- Work with params and secrets
- Analyze monitor data
- Monitor resources on private networks
- Use the CLI
- Configure projects
- Configure Synthetics settings
- Grant users access to secured resources
- Manage data retention
- Use Synthetics with traffic filters
- Migrate from the Elastic Synthetics integration
- Scale and architect a deployment
- Synthetics support matrix
- Synthetics Encryption and Security
- Troubleshooting
- Uptime monitoring
- Real user monitoring
- Universal Profiling
- Alerting
- Service-level objectives (SLOs)
- Cases
- CI/CD observability
- Troubleshooting
- Fields reference
- Tutorials
Secrets keystore for secure settings
editSecrets keystore for secure settings
editThe APM Server keystore only applies to the APM Server binary installation method.
When you configure APM Server, you might need to specify sensitive settings, such as passwords. Rather than relying on file system permissions to protect these values, you can use the APM Server keystore to securely store secret values for use in configuration settings.
After adding a key and its secret value to the keystore, you can use the key in place of the secret value when you configure sensitive settings.
The syntax for referencing keys is identical to the syntax for environment variables:
${KEY}
Where KEY is the name of the key.
For example, imagine that the keystore contains a key called ES_PWD with the
value yourelasticsearchpassword:
-
In the configuration file, use
output.elasticsearch.password: "${ES_PWD}" -
On the command line, use:
-E "output.elasticsearch.password=\${ES_PWD}"
When APM Server unpacks the configuration, it resolves keys before resolving environment variables and other variables.
Notice that the APM Server keystore differs from the Elasticsearch keystore.
Whereas the Elasticsearch keystore lets you store elasticsearch.yml values by
name, the APM Server keystore lets you specify arbitrary names that you can
reference in the APM Server configuration.
To create and manage keys, use the keystore command.
See the command reference for the full command syntax,
including optional flags.
The keystore command must be run by the same user who will run
APM Server.
Create a keystore
editTo create a secrets keystore, use:
apm-server keystore create
APM Server creates the keystore in the directory defined by the path.data
configuration setting.
Add keys
editTo store sensitive values, such as authentication credentials for Elasticsearch,
use the keystore add command:
apm-server keystore add ES_PWD
When prompted, enter a value for the key.
To overwrite an existing key’s value, use the --force flag:
apm-server keystore add ES_PWD --force
To pass the value through stdin, use the --stdin flag. You can also use
--force:
cat /file/containing/setting/value | apm-server keystore add ES_PWD --stdin --force
List keys
editTo list the keys defined in the keystore, use:
apm-server keystore list
Remove keys
editTo remove a key from the keystore, use:
apm-server keystore remove ES_PWD
On this page