diff --git a/salt/elasticsearch/auth.sls b/salt/elasticsearch/auth.sls
index 748e50d0b..9bca61e01 100644
--- a/salt/elasticsearch/auth.sls
+++ b/salt/elasticsearch/auth.sls
@@ -7,6 +7,8 @@
 elastic_auth_pillar:
   file.managed:
     - name: /opt/so/saltstack/local/pillar/elasticsearch/auth.sls
+    - mode 600
+    - reload_pillar: True
     - contents: |
         elasticsearch:
           auth:
diff --git a/salt/elasticsearch/files/curl.config.template b/salt/elasticsearch/files/curl.config.template
new file mode 100644
index 000000000..14f5a2a1d
--- /dev/null
+++ b/salt/elasticsearch/files/curl.config.template
@@ -0,0 +1 @@
+user = "{{ salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user') }}:{{ salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass') }}"
\ No newline at end of file
diff --git a/salt/manager/init.sls b/salt/manager/init.sls
index 9ae39e9a8..ca47af34f 100644
--- a/salt/manager/init.sls
+++ b/salt/manager/init.sls
@@ -110,8 +110,9 @@ strelka_yara_update:
 elastic_curl_config_distributed:
   file.managed:
     - name: /opt/so/saltstack/local/salt/elasticsearch/curl.config
+    - source: salt://elasticsearch/files/curl.config.template
+    - template: jinja
     - mode: 600
-    - contents: user = "{{ salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user') }}:{{ salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass') }}"
     - show_changes: False
 
 # Must run before elasticsearch docker container is started!