diff --git a/packages/kbn-es/src/settings.test.ts b/packages/kbn-es/src/settings.test.ts
index 847d582d56d80..2eeef1e09a375 100644
--- a/packages/kbn-es/src/settings.test.ts
+++ b/packages/kbn-es/src/settings.test.ts
@@ -14,6 +14,7 @@ const mockSettings = [
   'xpack.security.authc.realms.oidc.oidc1.rp.client_secret=secret',
   'xpack.security.authc.realms.oidc.oidc1.rp.client_id=client id',
   'xpack.security.authc.realms.jwt.jwt1.client_authentication.shared_secret=jwt_secret',
+  'xpack.security.http.ssl.keystore.secure_password=some_password',
   'discovery.type=single-node',
 ];
 
@@ -23,6 +24,7 @@ test('`parseSettings` parses and returns all settings by default', () => {
     ['xpack.security.authc.realms.oidc.oidc1.rp.client_secret', 'secret'],
     ['xpack.security.authc.realms.oidc.oidc1.rp.client_id', 'client id'],
     ['xpack.security.authc.realms.jwt.jwt1.client_authentication.shared_secret', 'jwt_secret'],
+    ['xpack.security.http.ssl.keystore.secure_password', 'some_password'],
     ['discovery.type', 'single-node'],
   ]);
 });
@@ -33,6 +35,7 @@ test('`parseSettings` parses and returns all settings with `SettingsFilter.All`
     ['xpack.security.authc.realms.oidc.oidc1.rp.client_secret', 'secret'],
     ['xpack.security.authc.realms.oidc.oidc1.rp.client_id', 'client id'],
     ['xpack.security.authc.realms.jwt.jwt1.client_authentication.shared_secret', 'jwt_secret'],
+    ['xpack.security.http.ssl.keystore.secure_password', 'some_password'],
     ['discovery.type', 'single-node'],
   ]);
 });
@@ -41,6 +44,7 @@ test('`parseSettings` parses and returns only secure settings with `SettingsFilt
   expect(parseSettings(mockSettings, { filter: SettingsFilter.SecureOnly })).toEqual([
     ['xpack.security.authc.realms.oidc.oidc1.rp.client_secret', 'secret'],
     ['xpack.security.authc.realms.jwt.jwt1.client_authentication.shared_secret', 'jwt_secret'],
+    ['xpack.security.http.ssl.keystore.secure_password', 'some_password'],
   ]);
 });
 
diff --git a/packages/kbn-es/src/settings.ts b/packages/kbn-es/src/settings.ts
index 845ff36a5c070..91ce33c98c01f 100644
--- a/packages/kbn-es/src/settings.ts
+++ b/packages/kbn-es/src/settings.ts
@@ -13,6 +13,7 @@
 const SECURE_SETTINGS_LIST = [
   /^xpack\.security\.authc\.realms\.oidc\.[a-zA-Z0-9_]+\.rp\.client_secret$/,
   /^xpack\.security\.authc\.realms\.jwt\.[a-zA-Z0-9_]+\.client_authentication\.shared_secret$/,
+  /^xpack\.security\.http\.ssl\.keystore\.secure_password$/,
 ];
 
 function isSecureSetting(settingName: string) {
diff --git a/test/interactive_setup_api_integration/enrollment_flow.config.ts b/test/interactive_setup_api_integration/enrollment_flow.config.ts
index 75f4dcf624de0..54c562d6bb2c0 100644
--- a/test/interactive_setup_api_integration/enrollment_flow.config.ts
+++ b/test/interactive_setup_api_integration/enrollment_flow.config.ts
@@ -38,7 +38,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
         ...manualConfigurationFlowTestsConfig.get('esTestCluster.serverArgs'),
         'xpack.security.enrollment.enabled=true',
         `xpack.security.http.ssl.keystore.path=${caPath}`,
-        'xpack.security.http.ssl.keystore.password=storepass',
+        'xpack.security.http.ssl.keystore.secure_password=storepass',
       ],
     },
 
diff --git a/test/interactive_setup_functional/enrollment_token.config.ts b/test/interactive_setup_functional/enrollment_token.config.ts
index 6e39cf2ef0351..b3e3d8150a382 100644
--- a/test/interactive_setup_functional/enrollment_token.config.ts
+++ b/test/interactive_setup_functional/enrollment_token.config.ts
@@ -41,7 +41,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
         ...manualConfigurationConfig.get('esTestCluster.serverArgs'),
         'xpack.security.enrollment.enabled=true',
         `xpack.security.http.ssl.keystore.path=${caPath}`,
-        'xpack.security.http.ssl.keystore.password=storepass',
+        'xpack.security.http.ssl.keystore.secure_password=storepass',
       ],
     },