honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Docs: Add setup section for the keystore tool and secure settings (#22838)

This commit is contained in:
Ryan Ernst 2017-01-30 14:56:45 -08:00 committed by GitHub
parent a4f6edec52
commit 003805e875
2 changed files with 67 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/reference/setup.asciidoc
View File

@ -46,6 +46,8 @@ include::setup/configuration.asciidoc[]
include::setup/important-settings.asciidoc[]
include::setup/secure-settings.asciidoc[]
include::setup/bootstrap-checks.asciidoc[]
include::setup/sysconfig.asciidoc[]

65
docs/reference/setup/secure-settings.asciidoc Normal file
View File

@ -0,0 +1,65 @@
[[secure-settings]]
== Secure Settings
Some settings are sensitive, and relying on filesystem permissions to protect
their values is not sufficient. For this use case, elasticsearch provides a
keystore, which may be password protected, and the `elasticsearch-keystore`
tool to manage the settings in the keystore.
NOTE: All commands here should be run as the user which will run elasticsearch.
[float]
[[creating-keystore]]
=== Creating the keystore
To create the `elasticsearch.keystore`, use the `create` command:
[source,sh]
----------------------------------------------------------------
bin/elasticsearch-keystore create
----------------------------------------------------------------
The file `elasticsearch.keystore` will be created alongside `elasticsearch.yml`.
[float]
[[list-settings]]
=== Listing settings in the keystore
A list of the settings in the keystore is available with the `list` command:
[source,sh]
----------------------------------------------------------------
bin/elasticsearch-keystore list
----------------------------------------------------------------
[float]
[[add-string-to-keystore]]
=== Adding string settings
Sensitive string settings, like authentication credentials for cloud
plugins, can be adding using the `add` command:
[source,sh]
----------------------------------------------------------------
bin/elasticsearch-keystore add the.setting.name.to.set
----------------------------------------------------------------
The tool will prompt for the value of the setting. To pass the value
through stdin, use the `--stdin` flag:
[source,sh]
----------------------------------------------------------------
cat /file/containing/setting/value | bin/elasticsearch-keystore add --stdin the.setting.name.to.set
----------------------------------------------------------------
[float]
[[remove-settings]]
=== Removing settings
To remove a setting from the keystore, use the `remove` command:
[source,sh]
----------------------------------------------------------------
bin/elasticsearch-keystore remove the.setting.name.to.remove
----------------------------------------------------------------