When editing the Elasticsearch details page in ploi, clicking the save button seems to completely overwrite the elasticsearch.yml file with only the attributes found on the details page. This causes deletion of all other attributes that have been added manually via terminal such as the very critical xpack.security.enabled: true.

Since there is no confirmation popup when saving server details, it can be quite easy to click save by accident, or without knowing the security implications of doing so. Thus, the potential for accidentally removing all security from the Elasticsearch node and leaving it wide open for anyone to have full read/write access to is very high.

The preferred behavior would be keeping manually added attributes, especially ciritcal security attributes that can lead to a data breach. An additional "nice to have" would be a field for xpack.security.enabled on the details page.