Elastic Fleet-agent secrets vault

[cedricremmicom]

Description

Dynamic configurations of secrets in fleet integration by implementation of a secrets vault paradigm should allow to securely configure integration credentials and secret values on a per host/agent basis.

Use case

We are rolling out elastic-agent on a fleet of appliances installed at third parties. All of these appliances have their own sql server instance running and all of them have a unique set of credentials. To be able to monitor these we'd need to create a fleet-agent policy per host, each time with different sql credentials configured, which seems very inefficient. It would be preferable if the agent can request such credentials and secrets from a secrets vault using a unique api-key, limiting it's access to the secrets

[elasticmachine]

Pinging @elastic/fleet (Team:Fleet)