Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 756e170674
Branches Tags
elasticsearch
/
docs
/
reference
/
setup
/
secure-settings.asciidoc

secure-settings.asciidoc 2.3 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071 
  1. [[secure-settings]]
    2. 

  2. === Secure Settings
    3. 

  3. 

  4. Some settings are sensitive, and relying on filesystem permissions to protect
    5. 

  5. their values is not sufficient. For this use case, Elasticsearch provides a
    6. 

  6. keystore, which may be password protected, and the `elasticsearch-keystore`
    7. 

  7. tool to manage the settings in the keystore.
    8. 

  8. 

  9. NOTE: All commands here should be run as the user which will run Elasticsearch.
    10. 

  10. 

  11. NOTE: Only some settings are designed to be read from the keystore. See
    12. 

  12. documentation for each setting to see if it is supported as part of the keystore.
    13. 

  13. 

  14. NOTE: All the modifications to the keystore take affect only after restarting
    15. 

  15. Elasticsearch.
    16. 

  16. 

  17. [float]
    18. 

  18. [[creating-keystore]]
    19. 

  19. === Creating the keystore
    20. 

  20. 

  21. To create the `elasticsearch.keystore`, use the `create` command:
    22. 

  22. 

  23. [source,sh]
    24. 

  24. ----------------------------------------------------------------
    25. 

  25. bin/elasticsearch-keystore create
    26. 

  26. ----------------------------------------------------------------
    27. 

  27. 

  28. The file `elasticsearch.keystore` will be created alongside `elasticsearch.yml`.
    29. 

  29. 

  30. [float]
    31. 

  31. [[list-settings]]
    32. 

  32. === Listing settings in the keystore
    33. 

  33. 

  34. A list of the settings in the keystore is available with the `list` command:
    35. 

  35. 

  36. [source,sh]
    37. 

  37. ----------------------------------------------------------------
    38. 

  38. bin/elasticsearch-keystore list
    39. 

  39. ----------------------------------------------------------------
    40. 

  40. 

  41. [float]
    42. 

  42. [[add-string-to-keystore]]
    43. 

  43. === Adding string settings
    44. 

  44. 

  45. Sensitive string settings, like authentication credentials for cloud
    46. 

  46. plugins, can be added using the `add` command:
    47. 

  47. 

  48. [source,sh]
    49. 

  49. ----------------------------------------------------------------
    50. 

  50. bin/elasticsearch-keystore add the.setting.name.to.set
    51. 

  51. ----------------------------------------------------------------
    52. 

  52. 

  53. The tool will prompt for the value of the setting. To pass the value
    54. 

  54. through stdin, use the `--stdin` flag:
    55. 

  55. 

  56. [source,sh]
    57. 

  57. ----------------------------------------------------------------
    58. 

  58. cat /file/containing/setting/value | bin/elasticsearch-keystore add --stdin the.setting.name.to.set
    59. 

  59. ----------------------------------------------------------------
    60. 

  60. 

  61. [float]
    62. 

  62. [[remove-settings]]
    63. 

  63. === Removing settings
    64. 

  64. 

  65. To remove a setting from the keystore, use the `remove` command:
    66. 

  66. 

  67. [source,sh]
    68. 

  68. ----------------------------------------------------------------
    69. 

  69. bin/elasticsearch-keystore remove the.setting.name.to.remove
    70. 

  70. ----------------------------------------------------------------
    71. 

  71.