Docs: Clarify password protection support with keystore (elastic#28157)

rjernst · rjernst · commit 7d99d36f85ca · 2018-01-09T15:05:13.000-08:00
closes elastic#27932
diff --git a/docs/reference/setup/secure-settings.asciidoc b/docs/reference/setup/secure-settings.asciidoc
@@ -2,15 +2,20 @@
 == Secure Settings
 
 Some settings are sensitive, and relying on filesystem permissions to protect
-their values is not sufficient. For this use case, elasticsearch provides a
-keystore, which may be password protected, and the `elasticsearch-keystore`
-tool to manage the settings in the keystore.
+their values is not sufficient. For this use case, Elasticsearch provides a
+keystore and the `elasticsearch-keystore` tool to manage the settings in the keystore.
 
 NOTE: All commands here should be run as the user which will run elasticsearch.
 
 NOTE: Only some settings are designed to be read from the keystore. See
 documentation for each setting to see if it is supported as part of the keystore.
 
+NOTE: All the modifications to the keystore take affect only after restarting
+Elasticsearch.
+
+NOTE: The elasticsearch keystore currently only provides obfuscation. In the future,
+password protection will be added.
+
 [float]
 [[creating-keystore]]
 === Creating the keystore
