Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: e4fd8485ce
Branches Tags
elasticsearch
/
docs
/
reference
/
setup
/
secure-settings.asciidoc

secure-settings.asciidoc 2.1 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465 
  1. [[secure-settings]]
    2. 

  2. == Secure Settings
    3. 

  3. 

  4. Some settings are sensitive, and relying on filesystem permissions to protect
    5. 

  5. their values is not sufficient. For this use case, elasticsearch provides a
    6. 

  6. keystore, which may be password protected, and the `elasticsearch-keystore`
    7. 

  7. tool to manage the settings in the keystore.
    8. 

  8. 

  9. NOTE: All commands here should be run as the user which will run elasticsearch.
    10. 

  10. 

  11. [float]
    12. 

  12. [[creating-keystore]]
    13. 

  13. === Creating the keystore
    14. 

  14. 

  15. To create the `elasticsearch.keystore`, use the `create` command:
    16. 

  16. 

  17. [source,sh]
    18. 

  18. ----------------------------------------------------------------
    19. 

  19. bin/elasticsearch-keystore create
    20. 

  20. ----------------------------------------------------------------
    21. 

  21. 

  22. The file `elasticsearch.keystore` will be created alongside `elasticsearch.yml`.
    23. 

  23. 

  24. [float]
    25. 

  25. [[list-settings]]
    26. 

  26. === Listing settings in the keystore
    27. 

  27. 

  28. A list of the settings in the keystore is available with the `list` command:
    29. 

  29. 

  30. [source,sh]
    31. 

  31. ----------------------------------------------------------------
    32. 

  32. bin/elasticsearch-keystore list 
    33. 

  33. ----------------------------------------------------------------
    34. 

  34. 

  35. [float]
    36. 

  36. [[add-string-to-keystore]]
    37. 

  37. === Adding string settings
    38. 

  38. 

  39. Sensitive string settings, like authentication credentials for cloud
    40. 

  40. plugins, can be added using the `add` command:
    41. 

  41. 

  42. [source,sh]
    43. 

  43. ----------------------------------------------------------------
    44. 

  44. bin/elasticsearch-keystore add the.setting.name.to.set
    45. 

  45. ----------------------------------------------------------------
    46. 

  46. 

  47. The tool will prompt for the value of the setting. To pass the value
    48. 

  48. through stdin, use the `--stdin` flag:
    49. 

  49. 

  50. [source,sh]
    51. 

  51. ----------------------------------------------------------------
    52. 

  52. cat /file/containing/setting/value | bin/elasticsearch-keystore add --stdin the.setting.name.to.set
    53. 

  53. ----------------------------------------------------------------
    54. 

  54. 

  55. [float]
    56. 

  56. [[remove-settings]]
    57. 

  57. === Removing settings
    58. 

  58. 

  59. To remove a setting from the keystore, use the `remove` command:
    60. 

  60. 

  61. [source,sh]
    62. 

  62. ----------------------------------------------------------------
    63. 

  63. bin/elasticsearch-keystore remove the.setting.name.to.remove
    64. 

  64. ----------------------------------------------------------------
    65. 

  65.