Encrypt / secure Elasticsearch's password in logstash.conf file

Depending on which version of Elasticsearch you're using you may find the secure keystore functionality to be useful. I had a similar requirement to not include a plaintext password in a configuration file, and the keystore filled that requirement perfectly. Check out https://www.elastic.co/guide/en/logstash/6.3/keystore.html

From the link:

When you configure Logstash, you might need to specify sensitive settings or configuration, such as passwords. Rather than relying on file system permissions to protect these values, you can use the Logstash keystore to securely store secret values for use in configuration settings.

After adding a key and its secret value to the keystore, you can use the key in place of the secret value when you configure sensitive settings.

The syntax for referencing keys is identical to the syntax for environment variables:

${KEY}

Where KEY is the name of the key.

For example, imagine that the keystore contains a key called ES_PWD with the value yourelasticsearchpassword:

• In configuration files, use: output { elasticsearch {...password => "${ES_PWD}" } } }

• In logstash.yml, use: xpack.management.elasticsearch.password: ${ES_PWD}

If anyone looking for answer of same question then elasticsearch x-pack supports PKI based authentication, you just need to enable PKI authentication on elasticsearch , using this linkand then update elasticsearch's output in logstash.conf to use PKI authentication, using this link.You can do same for kibana also.