With the creation of the [keystore](https://github.com/elastic/beats/pulls/ph/5687) to obfuscate the secrets in the configuration we still have few things that can be done: ## Before 6.2 - ~~Check the permissions when filebeat is installed from packages, see https://github.com/elastic/elasticsearch/commit/7a035f5f8435962072157f46031e73855fe4a875~~ our beats run as root. ## After 6.2 - [ ] Allow user to use their custom password on the keystore #5737 - [ ] Allow the Keystore to be completely pluggable https://github.com/elastic/beats/issues/5832 - [ ] When we have more than one implementation of the Keystore move the the FileKeystore into his own package. - [ ] Refactor the config handling to use the `SecureString` type to hide the secrets until we really need them. - [ ] Refactor the writing to disk of file see #5755
With the creation of the keystore to obfuscate the secrets in the configuration we still have few things that can be done:
Before 6.2
Check the permissions when filebeat is installed from packages, see elastic/elasticsearch@7a035f5our beats run as root.After 6.2
SecureStringtype to hide the secrets until we really need them.