Skip to content

Don't allow secure settings in YML config (109115)#115779

Merged
alexey-ivanov-es merged 3 commits intoelastic:mainfrom
alexey-ivanov-es:fix/109115
Nov 4, 2024
Merged

Don't allow secure settings in YML config (109115)#115779
alexey-ivanov-es merged 3 commits intoelastic:mainfrom
alexey-ivanov-es:fix/109115

Conversation

@alexey-ivanov-es
Copy link
Contributor

@alexey-ivanov-es alexey-ivanov-es commented Oct 28, 2024

Elasticsearch should refuse to start
if a secure setting is defined in elasticsearch.yml, in order to protect users from accidentally putting their secrets in a place where they are unexpectedly visible

Fixes #109115
@alexey-ivanov-es
Don't allow secure settings in YML config (109115)
7719118 
Elasticsearch should refuse to start
if a secure setting is defined in elasticsearch.yml,
in order to protect users from accidentally putting their secrets
in a place where they are unexpectedly visible

Fixes elastic#109115
@alexey-ivanov-es alexey-ivanov-es added >bug :Core/Infra/Settings Settings infrastructure and APIs v9.0.0 labels Oct 28, 2024
@elasticsearchmachine
Copy link
Collaborator

elasticsearchmachine commented Oct 28, 2024

Hi @alexey-ivanov-es, I've created a changelog YAML for you.
@alexey-ivanov-es alexey-ivanov-es requested a review from a team October 28, 2024 18:01
@alexey-ivanov-es alexey-ivanov-es marked this pull request as ready for review October 28, 2024 18:01
@elasticsearchmachine elasticsearchmachine added the Team:Core/Infra Meta label for core/infra team label Oct 28, 2024
@elasticsearchmachine
Copy link
Collaborator

elasticsearchmachine commented Oct 28, 2024

Pinging @elastic/es-core-infra (Team:Core/Infra)
prdoyle
prdoyle approved these changes Nov 4, 2024
View reviewed changes
Copy link
Contributor

@prdoyle prdoyle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems straightforward
DaveCTurner
DaveCTurner previously requested changes Nov 4, 2024
View reviewed changes
Copy link
Contributor

@DaveCTurner DaveCTurner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hang on, I think this is a breaking change, we need to clear it with the breaking changes committee first and document it as breaking. I suspect we should be emitting warnings in 8.x as well to help folks avoid the problem before it actually takes effect.
@alexey-ivanov-es
Copy link
Contributor Author

alexey-ivanov-es commented Nov 4, 2024

@DaveCTurner I discussed this with @rjernst and he said: "I confirmed that we are ok to proceed with the above change. it's an edge case which is in a gray area we shouldn't need an explicit breaking change issue for."
@DaveCTurner DaveCTurner dismissed their stale review November 4, 2024 16:05

overruled :)

@DaveCTurner
Copy link
Contributor

DaveCTurner commented Nov 4, 2024

Ok carry on then.
@alexey-ivanov-es alexey-ivanov-es merged commit de9851a into elastic:main Nov 4, 2024
@alexey-ivanov-es alexey-ivanov-es deleted the fix/109115 branch November 4, 2024 16:29
jozala pushed a commit that referenced this pull request Nov 13, 2024
@alexey-ivanov-es @jozala
Don't allow secure settings in YML config (109115) (#115779)
06a3036 
* Don't allow secure settings in YML config (109115)

Elasticsearch should refuse to start
if a secure setting is defined in elasticsearch.yml,
in order to protect users from accidentally putting their secrets
in a place where they are unexpectedly visible

Fixes #109115
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

>bug :Core/Infra/Settings Settings infrastructure and APIs Team:Core/Infra Meta label for core/infra team v9.0.0

4 participants

@alexey-ivanov-es @elasticsearchmachine @DaveCTurner @prdoyle