WARNING: Version 5.5 of Elasticsearch has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Secure Settings
editSecure Settings
editSome settings are sensitive, and relying on filesystem permissions to protect
their values is not sufficient. For this use case, elasticsearch provides a
keystore, which may be password protected, and the elasticsearch-keystore
tool to manage the settings in the keystore.
All commands here should be run as the user which will run elasticsearch.
Only some settings are designed to be read from the keystore. See documentation for each setting to see if it is supported as part of the keystore.
Creating the keystore
editTo create the elasticsearch.keystore
, use the create
command:
bin/elasticsearch-keystore create
The file elasticsearch.keystore
will be created alongside elasticsearch.yml
.
Listing settings in the keystore
editA list of the settings in the keystore is available with the list
command:
bin/elasticsearch-keystore list
Adding string settings
editSensitive string settings, like authentication credentials for cloud
plugins, can be added using the add
command:
bin/elasticsearch-keystore add the.setting.name.to.set
The tool will prompt for the value of the setting. To pass the value
through stdin, use the --stdin
flag:
cat /file/containing/setting/value | bin/elasticsearch-keystore add --stdin the.setting.name.to.set
Removing settings
editTo remove a setting from the keystore, use the remove
command:
bin/elasticsearch-keystore remove the.setting.name.to.remove