logstash的配置文件conf经常会涉及敏感信息,比如ES,mysql的账户密码等,以下使用logstash导入mysql为例子,加密隐藏mysql的密码。
1.先创建keystore,可以不设置keystore密码,直接选择y
bin/logstash-keystore create
conf目录下会出现logstash.keystore
2.创建你要加密的变量key,例如这里添加mysql的密码变量 MYSQL_PWD
bin/logstash-keystore add MYSQL_PWD
然后输入要添加的密码即可
3.logstash-keystore的其它命令
可以使用list命令
bin/logstash-keystore list #查看添加了哪些变量key
bin/logstash-keystore remove MYSQL_PWD #删除变量key
bin/logstash-keystore -h #查看帮助
4.使用这些已经加密的变量key
input
{
stdin
{
codec => json
}
}
output
{
jdbc
{
driver_jar_path => "/home/logstash-6.5.4/vendor/jar/jdbc/mysql-connector-java-5.1.47-bin.jar"
driver_class => "com.mysql.jdbc.Driver"
connection_string => "jdbc:mysql://10.43.212.46:3306/logstash?user=root&password=${MYSQL_PWD}"
statement => [ "INSERT INTO test (name,age) VALUES(?,?)", "name","age"]
}
}
这样就OK啦