Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Docs: Add setup section for the keystore tool and secure settings (#22838)

Ryan Ernst 8 years ago
parent
a4f6edec52
commit
003805e875
2 changed files with 67 additions and 0 deletions
Split View Show Diff Stats
  1. 2 0
      docs/reference/setup.asciidoc
  2. 65 0
      docs/reference/setup/secure-settings.asciidoc

+ 2 - 0
docs/reference/setup.asciidoc
View File 

@@ -46,6 +46,8 @@ include::setup/configuration.asciidoc[]
 
 
 include::setup/important-settings.asciidoc[]
 
 
+include::setup/secure-settings.asciidoc[]
 
+
 
 include::setup/bootstrap-checks.asciidoc[]
 
 
 include::setup/sysconfig.asciidoc[]

+ 65 - 0
docs/reference/setup/secure-settings.asciidoc
View File 

@@ -0,0 +1,65 @@
 
+[[secure-settings]]
 
+== Secure Settings
 
+
 
+Some settings are sensitive, and relying on filesystem permissions to protect
 
+their values is not sufficient. For this use case, elasticsearch provides a
 
+keystore, which may be password protected, and the `elasticsearch-keystore`
 
+tool to manage the settings in the keystore.
 
+
 
+NOTE: All commands here should be run as the user which will run elasticsearch.
 
+
 
+[float]
 
+[[creating-keystore]]
 
+=== Creating the keystore
 
+
 
+To create the `elasticsearch.keystore`, use the `create` command:
 
+
 
+[source,sh]
 
+----------------------------------------------------------------
 
+bin/elasticsearch-keystore create
 
+----------------------------------------------------------------
 
+
 
+The file `elasticsearch.keystore` will be created alongside `elasticsearch.yml`.
 
+
 
+[float]
 
+[[list-settings]]
 
+=== Listing settings in the keystore
 
+
 
+A list of the settings in the keystore is available with the `list` command:
 
+
 
+[source,sh]
 
+----------------------------------------------------------------
 
+bin/elasticsearch-keystore list 
+----------------------------------------------------------------
 
+
 
+[float]
 
+[[add-string-to-keystore]]
 
+=== Adding string settings
 
+
 
+Sensitive string settings, like authentication credentials for cloud
 
+plugins, can be adding using the `add` command:
 
+
 
+[source,sh]
 
+----------------------------------------------------------------
 
+bin/elasticsearch-keystore add the.setting.name.to.set
 
+----------------------------------------------------------------
 
+
 
+The tool will prompt for the value of the setting. To pass the value
 
+through stdin, use the `--stdin` flag:
 
+
 
+[source,sh]
 
+----------------------------------------------------------------
 
+cat /file/containing/setting/value | bin/elasticsearch-keystore add --stdin the.setting.name.to.set
 
+----------------------------------------------------------------
 
+
 
+[float]
 
+[[remove-settings]]
 
+=== Removing settings
 
+
 
+To remove a setting from the keystore, use the `remove` command:
 
+
 
+[source,sh]
 
+----------------------------------------------------------------
 
+bin/elasticsearch-keystore remove the.setting.name.to.remove
 
+----------------------------------------------------------------
 
+