Watcher http input should be able to use keystore for auth credentials

[dougnelas]

xpack - alerting

When using the http input for watcher, the basic auth credentials should be able to use a keystore to prevent the credentials being stored as plain text in the watch. Users are recommended to add watches to a source code repo to be able to track changes over time. The current setting for securing sensitive data only encrypts these credentials when they are saved in the .watches index

[elasticmachine]

Pinging @elastic/es-core-infra

[ayushmathur86]

For ES 6.8.2, I've tried following the steps mentioned in https://www.elastic.co/guide/en/elastic-stack-overview/6.8/encrypting-data.html
The workaround was to enable encryption, create the watch and then GET watch -> store the encrypted password in repo.
However, the changes are taken into account only when you restart the node. But on restarting, the encryption key is lost in encryption_keystore and since it's required when xpack.watcher.encrypt_sensitive_data: true is set, the ES startup fails with NullPointer.

[runtman]

This is a must, I will have to add a workaround for us for these credentials using gitlab ci as I don't want passwords in source control.

[dakrone]

This has been open for quite a while, and hasn't had a lot of interest. For now I'm going to close this as something we aren't planning on implementing. We can re-open it later if needed.