Rotate auto-generated credentials
editRotate auto-generated credentials
editWhen deploying an Elastic Stack application, the operator generates a set of credentials essential for the operation of that application. For example, these generated credentials include the default elastic
user for Elasticsearch and the security token for APM Server.
To list all auto-generated credentials in a namespace, run the following command:
kubectl get secret -l eck.k8s.elastic.co/credentials=true
You can force the auto-generated credentials to be regenerated with new values by deleting the appropriate Secret. For example, to change the password for the elastic
user from the quickstart example, use the following command:
kubectl delete secret quickstart-es-elastic-user
If you are using the elastic
user credentials in your own applications, they will fail to connect to Elasticsearch and Kibana after you run this command. It is not recommended to use elastic
user credentials for production use cases. Always create your own users with restricted roles to access Elasticsearch.
To regenerate all auto-generated credentials in a namespace, run the following command:
kubectl delete secret -l eck.k8s.elastic.co/credentials=true
This command regenerates auto-generated credentials of all Elastic Stack applications in the namespace.