Skip to content

Commit 21708a4

Browse files
jrodewigjrodewig
committed
address review feedback
1 parent 26d80cc commit 21708a4

File tree

1 file changed

+22
-8
lines changed

1 file changed

+22
-8
lines changed

docs/reference/setup/install/docker.asciidoc

Lines changed: 22 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -407,10 +407,8 @@ instead. The command must:
407407
* Bind-mount the `config` directory. The command will create an
408408
`elasticsearch.keystore` file in this directory. To avoid errors, do
409409
not directly bind-mount the `elasticsearch.keystore` file.
410-
* Use the `elasticsearch-keystore` tool with the `create` option.
411-
* Provide a keystore password using the `KEYSTORE_PASSWORD` or
412-
`KEYSTORE_PASSWORD_FILE` environment variables. Alternatively, you can use
413-
`elasticsearch-keystore` tool's `-p` option to use a password prompt.
410+
* Use the `elasticsearch-keystore` tool with the `create -p` option. You'll be
411+
prompted to enter a password for the keystore.
414412

415413
ifeval::["{release-state}"!="unreleased"]
416414
For example:
@@ -420,12 +418,12 @@ For example:
420418
docker run -it --rm \
421419
-v full_path_to/config:/usr/share/elasticsearch/config \
422420
docker.elastic.co/elasticsearch/elasticsearch:{version} \
423-
bin/elasticsearch-keystore create \
424-
-E KEYSTORE_PASSWORD=mypassword
421+
bin/elasticsearch-keystore create -p
425422
----
426423

427424
You can also use a `docker run` command to add or update secure settings in the
428-
keystore. You'll receive a prompt to enter setting values.
425+
keystore. You'll be prompted to enter the setting values. If the keystore is
426+
encrypted, you'll also be prompted to enter the keystore password.
429427

430428
[source,sh,subs="attributes"]
431429
----
@@ -434,10 +432,26 @@ docker run -it --rm \
434432
docker.elastic.co/elasticsearch/elasticsearch:{version} \
435433
bin/elasticsearch-keystore \
436434
add my.secure.setting \
437-
my.other.secure.setting \
435+
my.other.secure.setting
438436
----
439437
endif::[]
440438

439+
If you've already created the keystore and don't need to update it, you can
440+
bind-mount the `elasticsearch.keystore` file directly. For example, you can
441+
add the following to `docker-compose.yml`:
442+
443+
[source,yaml]
444+
----
445+
elasticsearch:
446+
...
447+
volumes:
448+
...
449+
- type: bind
450+
source: full_path_to/config/elasticsearch.keystore
451+
target: /usr/share/elasticsearch/config/elasticsearch.keystore
452+
----
453+
454+
441455
[[_c_customized_image]]
442456
===== Using custom Docker images
443457
In some environments, it might make more sense to prepare a custom image that contains

0 commit comments

Comments
 (0)