Enable Elasticsearch security features
editEnable Elasticsearch security features
editWhen you use the trial license, the Elasticsearch security features are disabled by default. To enable them:
-
Stop Kibana. The method for starting and stopping Kibana varies depending on
how you installed it. For example, if you installed Kibana from an archive
distribution (
.tar.gzor.zip), stop it by enteringCtrl-Con the command line. See Starting and stopping Kibana. -
Stop Elasticsearch. For example, if you installed Elasticsearch from an archive distribution,
enter
Ctrl-Con the command line. See Stopping Elasticsearch. -
Add the
xpack.security.enabledsetting to theES_PATH_CONF/elasticsearch.ymlfile.The
ES_PATH_CONFenvironment variable contains the path for the Elasticsearch configuration files. If you installed Elasticsearch using archive distributions (ziportar.gz), it defaults toES_HOME/config. If you used package distributions (Debian or RPM), it defaults to/etc/elasticsearch. For more information, see Configuring Elasticsearch.For example, add the following setting:
xpack.security.enabled: true
If you have a basic or trial license, the default value for this setting is
false. If you have a gold or higher license, the default value istrue. Therefore, it is a good idea to explicitly add this setting to avoid confusion about whether security features are enabled.
When you enable Elasticsearch security features, basic authentication is enabled by default. To communicate with the cluster, you must specify a username and password. Unless you enable anonymous access, all requests that don’t include a user name and password are rejected.
This tutorial involves a single node cluster, but if you had multiple nodes, you would enable Elasticsearch security features on every node in the cluster and configure Transport Layer Security (TLS) for internode-communication, which is beyond the scope of this tutorial.