In the realm of containerized environments and Kubernetes, securing sensitive information while maintaining observability is paramount. Metricbeat, with its autodiscover feature, provides a flexible solution for monitoring dynamic Kubernetes workloads by adapting configurations as services change. It offers two strategies: template-based and hints-based autodiscover, allowing users to set up monitoring with minimal permissions. However, securing credentials remains a challenge, especially when services require authentication. To address this, Metricbeat introduces the keystore feature, enabling secure storage of passwords, thus avoiding plain text or environment variables. While template-based autodiscover can utilize the Metricbeat keystore, hints-based autodiscover requires the Kubernetes Secrets Keystore, which allows consumption of Kubernetes secrets directly in configurations, ensuring sensitive information is kept secure within the same namespace. This approach enhances security by preventing password exposure and enables secure connections for autodiscovered workloads, with Elasticsearch Service on Elastic Cloud providing an additional layer of security.