OpenSearch/docs/reference/commands/syskeygen.asciidoc

54 lines
1.4 KiB
Plaintext
Raw Normal View History

[role="xpack"]
[testenv="gold+"]
[[syskeygen]]
== elasticsearch-syskeygen
The `elasticsearch-syskeygen` command creates a system key file in the
elasticsearch config directory.
[discrete]
=== Synopsis
[source,shell]
--------------------------------------------------
bin/elasticsearch-syskeygen
[-E <KeyValuePair>] [-h, --help]
([-s, --silent] | [-v, --verbose])
--------------------------------------------------
[discrete]
=== Description
The command generates a `system_key` file, which you can use to symmetrically
encrypt sensitive data. For example, you can use this key to prevent {watcher}
from returning and storing information that contains clear text credentials. See
<<encrypting-data>>.
IMPORTANT: The system key is a symmetric key, so the same key must be used on
every node in the cluster.
[discrete]
=== Parameters
`-E <KeyValuePair>`:: Configures a setting. For example, if you have a custom
installation of {es}, you can use this parameter to specify the `ES_PATH_CONF`
environment variable.
`-h, --help`:: Returns all of the command parameters.
`-s, --silent`:: Shows minimal output.
`-v, --verbose`:: Shows verbose output.
[discrete]
=== Examples
The following command generates a `system_key` file in the
default `$ES_HOME/config` directory:
[source, sh]
--------------------------------------------------
bin/elasticsearch-syskeygen
--------------------------------------------------