Dynamic configurations of secrets in fleet integration by implementation of a secrets vault paradigm should allow to securely configure integration credentials and secret values on a per host/agent basis.
Use case
We are rolling out elastic-agent on a fleet of appliances installed at third parties. All of these appliances have their own sql server instance running and all of them have a unique set of credentials. To be able to monitor these we'd need to create a fleet-agent policy per host, each time with different sql credentials configured, which seems very inefficient. It would be preferable if the agent can request such credentials and secrets from a secrets vault using a unique api-key, limiting it's access to the secrets
Description
Dynamic configurations of secrets in fleet integration by implementation of a secrets vault paradigm should allow to securely configure integration credentials and secret values on a per host/agent basis.
Use case
We are rolling out elastic-agent on a fleet of appliances installed at third parties. All of these appliances have their own sql server instance running and all of them have a unique set of credentials. To be able to monitor these we'd need to create a fleet-agent policy per host, each time with different sql credentials configured, which seems very inefficient. It would be preferable if the agent can request such credentials and secrets from a secrets vault using a unique api-key, limiting it's access to the secrets