diff --git a/elasticsearch/qa/shield-audit-tests/build.gradle b/elasticsearch/qa/audit-tests/build.gradle
similarity index 100%
rename from elasticsearch/qa/shield-audit-tests/build.gradle
rename to elasticsearch/qa/audit-tests/build.gradle
diff --git a/elasticsearch/qa/shield-audit-tests/src/test/java/org/elasticsearch/shield/audit/IndexAuditIT.java b/elasticsearch/qa/audit-tests/src/test/java/org/elasticsearch/xpack/security/audit/IndexAuditIT.java
similarity index 88%
rename from elasticsearch/qa/shield-audit-tests/src/test/java/org/elasticsearch/shield/audit/IndexAuditIT.java
rename to elasticsearch/qa/audit-tests/src/test/java/org/elasticsearch/xpack/security/audit/IndexAuditIT.java
index e8858992dde..ba539f83908 100644
--- a/elasticsearch/qa/shield-audit-tests/src/test/java/org/elasticsearch/shield/audit/IndexAuditIT.java
+++ b/elasticsearch/qa/audit-tests/src/test/java/org/elasticsearch/xpack/security/audit/IndexAuditIT.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.audit;
+package org.elasticsearch.xpack.security.audit;
 
 import com.carrotsearch.hppc.cursors.ObjectCursor;
 import org.elasticsearch.action.admin.indices.template.delete.DeleteIndexTemplateResponse;
@@ -14,10 +14,10 @@ import org.elasticsearch.cluster.metadata.IndexTemplateMetaData;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.index.query.QueryBuilders;
 import org.elasticsearch.plugins.Plugin;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.audit.index.IndexAuditTrail;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
 import org.elasticsearch.test.ESIntegTestCase;
 import org.elasticsearch.test.rest.client.http.HttpResponse;
 import org.elasticsearch.xpack.XPackPlugin;
@@ -35,7 +35,7 @@ public class IndexAuditIT extends ESIntegTestCase {
     private static final String USER = "test_user";
     private static final String PASS = "changeme";
 
-    public void testShieldIndexAuditTrailWorking() throws Exception {
+    public void testIndexAuditTrailWorking() throws Exception {
         HttpResponse response = httpClient().path("/")
                 .addHeader("Authorization", UsernamePasswordToken.basicAuthHeaderValue(USER, new SecuredString(PASS.toCharArray())))
                 .execute();
@@ -48,7 +48,7 @@ public class IndexAuditIT extends ESIntegTestCase {
                 ClusterState state = client().admin().cluster().prepareState().get().getState();
                 lastClusterState.set(state);
                 for (ObjectCursor<String> cursor : state.getMetaData().getIndices().keys()) {
-                    if (cursor.value.startsWith(".shield_audit_log")) {
+                    if (cursor.value.startsWith(".security_audit_log")) {
                         logger.info("found audit index [{}]", cursor.value);
                         indexExists.set(true);
                         break;
@@ -60,11 +60,11 @@ public class IndexAuditIT extends ESIntegTestCase {
                 }
             }
 
-            ensureYellow(".shield_audit_log*");
+            ensureYellow(".security_audit_log*");
             ClusterState state = client().admin().cluster().prepareState().get().getState();
             lastClusterState.set(state);
             client().admin().indices().prepareRefresh().get();
-            return client().prepareSearch(".shield_audit_log*").setQuery(QueryBuilders.matchQuery("principal", USER))
+            return client().prepareSearch(".security_audit_log*").setQuery(QueryBuilders.matchQuery("principal", USER))
                     .get().getHits().totalHits() > 0;
         }, 10L, TimeUnit.SECONDS);
 
@@ -73,7 +73,7 @@ public class IndexAuditIT extends ESIntegTestCase {
         }
         assertThat(found, is(true));
 
-        SearchResponse searchResponse = client().prepareSearch(".shield_audit_log*").setQuery(
+        SearchResponse searchResponse = client().prepareSearch(".security_audit_log*").setQuery(
                 QueryBuilders.matchQuery("principal", USER)).get();
         assertThat(searchResponse.getHits().getHits().length, greaterThan(0));
         assertThat((String) searchResponse.getHits().getAt(0).sourceAsMap().get("principal"), is(USER));
diff --git a/elasticsearch/qa/shield-core-rest-tests/build.gradle b/elasticsearch/qa/core-rest-tests-with-security/build.gradle
similarity index 100%
rename from elasticsearch/qa/shield-core-rest-tests/build.gradle
rename to elasticsearch/qa/core-rest-tests-with-security/build.gradle
diff --git a/elasticsearch/qa/shield-core-rest-tests/src/test/java/org/elasticsearch/shield/RestIT.java b/elasticsearch/qa/core-rest-tests-with-security/src/test/java/org/elasticsearch/xpack/security/RestIT.java
similarity index 86%
rename from elasticsearch/qa/shield-core-rest-tests/src/test/java/org/elasticsearch/shield/RestIT.java
rename to elasticsearch/qa/core-rest-tests-with-security/src/test/java/org/elasticsearch/xpack/security/RestIT.java
index e636d968ec2..184b21989d9 100644
--- a/elasticsearch/qa/shield-core-rest-tests/src/test/java/org/elasticsearch/shield/RestIT.java
+++ b/elasticsearch/qa/core-rest-tests-with-security/src/test/java/org/elasticsearch/xpack/security/RestIT.java
@@ -3,20 +3,20 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import com.carrotsearch.randomizedtesting.annotations.Name;
 import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
 import org.elasticsearch.test.rest.ESRestTestCase;
 import org.elasticsearch.test.rest.RestTestCandidate;
 import org.elasticsearch.test.rest.parser.RestTestParseException;
 
 import java.io.IOException;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 
 public class RestIT extends ESRestTestCase {
 
diff --git a/elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/GroovyManualExecutionIT.java b/elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/GroovyManualExecutionIT.java
index cd3f3b864cb..4796e9904fb 100644
--- a/elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/GroovyManualExecutionIT.java
+++ b/elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/GroovyManualExecutionIT.java
@@ -57,7 +57,7 @@ public class GroovyManualExecutionIT extends AbstractWatcherIntegrationTestCase
     }
   
     @Override
-    protected boolean enableShield() {
+    protected boolean enableSecurity() {
         return false;
     }
     
diff --git a/elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/GroovyScriptConditionIT.java b/elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/GroovyScriptConditionIT.java
index bd751eed42f..1830ee07723 100644
--- a/elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/GroovyScriptConditionIT.java
+++ b/elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/GroovyScriptConditionIT.java
@@ -41,7 +41,7 @@ public class GroovyScriptConditionIT extends AbstractWatcherIntegrationTestCase
     }
 
     @Override
-    protected boolean enableShield() {
+    protected boolean enableSecurity() {
         return false;
     }
 
diff --git a/elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/HistoryTemplateTransformMappingsIT.java b/elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/HistoryTemplateTransformMappingsIT.java
index ac70e85f308..8fd27f520af 100644
--- a/elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/HistoryTemplateTransformMappingsIT.java
+++ b/elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/HistoryTemplateTransformMappingsIT.java
@@ -41,8 +41,8 @@ public class HistoryTemplateTransformMappingsIT extends AbstractWatcherIntegrati
     }
 
     @Override
-    protected boolean enableShield() {
-        return false; // remove shield noise from this test
+    protected boolean enableSecurity() {
+        return false; // remove security noise from this test
     }
 
     public void testTransformFields() throws Exception {
diff --git a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/HipChatServiceIT.java b/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/HipChatServiceIT.java
index bc889ded99d..74b499eb8dc 100644
--- a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/HipChatServiceIT.java
+++ b/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/HipChatServiceIT.java
@@ -48,7 +48,7 @@ public class HipChatServiceIT extends AbstractWatcherIntegrationTestCase {
     }
 
     @Override
-    protected boolean enableShield() {
+    protected boolean enableSecurity() {
         return false;
     }
 
diff --git a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/NoMasterNodeIT.java b/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/NoMasterNodeIT.java
index 2c382165c40..c84e46e9c51 100644
--- a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/NoMasterNodeIT.java
+++ b/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/NoMasterNodeIT.java
@@ -72,7 +72,7 @@ public class NoMasterNodeIT extends AbstractWatcherIntegrationTestCase {
     }
 
     @Override
-    protected boolean enableShield() {
+    protected boolean enableSecurity() {
         return false;
     }
 
diff --git a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/PagerDutyServiceIT.java b/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/PagerDutyServiceIT.java
index a60d8c9f81f..9f5e582b68a 100644
--- a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/PagerDutyServiceIT.java
+++ b/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/PagerDutyServiceIT.java
@@ -50,7 +50,7 @@ public class PagerDutyServiceIT extends AbstractWatcherIntegrationTestCase {
     }
 
     @Override
-    protected boolean enableShield() {
+    protected boolean enableSecurity() {
         return false;
     }
 
diff --git a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/ShieldCachePermissionIT.java b/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SecurityCachePermissionIT.java
similarity index 90%
rename from elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/ShieldCachePermissionIT.java
rename to elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SecurityCachePermissionIT.java
index 2266c798528..048952045cd 100644
--- a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/ShieldCachePermissionIT.java
+++ b/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SecurityCachePermissionIT.java
@@ -6,7 +6,6 @@
 package org.elasticsearch.messy.tests;
 
 import org.elasticsearch.Version;
-import org.elasticsearch.action.index.IndexRequest;
 import org.elasticsearch.action.search.SearchPhaseExecutionException;
 import org.elasticsearch.action.search.SearchResponse;
 import org.elasticsearch.common.bytes.BytesArray;
@@ -17,9 +16,9 @@ import org.elasticsearch.script.ScriptService;
 import org.elasticsearch.script.Template;
 import org.elasticsearch.script.mustache.MustachePlugin;
 import org.elasticsearch.script.mustache.MustacheScriptEngineService;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.test.ShieldIntegTestCase;
-import org.elasticsearch.test.ShieldSettingsSource;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.test.SecurityIntegTestCase;
+import org.elasticsearch.test.SecuritySettingsSource;
 import org.junit.Before;
 import org.junit.BeforeClass;
 
@@ -27,12 +26,12 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.is;
 
-@ShieldIntegTestCase.AwaitsFix(bugUrl = "clean up test to not use mustache templates, otherwise needs many resources here")
-public class ShieldCachePermissionIT extends ShieldIntegTestCase {
+@SecurityIntegTestCase.AwaitsFix(bugUrl = "clean up test to not use mustache templates, otherwise needs many resources here")
+public class SecurityCachePermissionIT extends SecurityIntegTestCase {
     static final String READ_ONE_IDX_USER = "read_user";
     
     @Override
@@ -46,7 +45,7 @@ public class ShieldCachePermissionIT extends ShieldIntegTestCase {
     @Override
     public String configUsers() {
         return super.configUsers()
-                + READ_ONE_IDX_USER + ":" + ShieldSettingsSource.DEFAULT_PASSWORD_HASHED + "\n";
+                + READ_ONE_IDX_USER + ":" + SecuritySettingsSource.DEFAULT_PASSWORD_HASHED + "\n";
     }
 
     @Override
diff --git a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SlackServiceIT.java b/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SlackServiceIT.java
index 59e2468b866..8f83dcc73aa 100644
--- a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SlackServiceIT.java
+++ b/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SlackServiceIT.java
@@ -47,7 +47,7 @@ public class SlackServiceIT extends AbstractWatcherIntegrationTestCase {
     }
 
     @Override
-    protected boolean enableShield() {
+    protected boolean enableSecurity() {
         return false;
     }
 
diff --git a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/package-info.java b/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/package-info.java
index 5d325d8329c..c6429e0f4df 100644
--- a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/package-info.java
+++ b/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/package-info.java
@@ -20,12 +20,4 @@
  * </ul>
  */
 
-// renames that took place:
-//  renamed:    x-pack/watcher/src/test/java/org/elasticsearch/watcher/input/search/SearchInputTests.java -> 
-//              qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SearchInputTests.java
-//  renamed:    x-pack/watcher/src/test/java/org/elasticsearch/watcher/transform/search/SearchTransformTests.java ->
-//              qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SearchTransformTests.java
-//  renamed:    x-pack/shield/src/test/java/org/elasticsearch/integration/ShieldCachePermissionTests.java -> 
-//              qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/ShieldCachePermissionTests.java
-
 package org.elasticsearch.messy.tests;
diff --git a/elasticsearch/qa/shield-reindex-tests/build.gradle b/elasticsearch/qa/reindex-tests-with-security/build.gradle
similarity index 100%
rename from elasticsearch/qa/shield-reindex-tests/build.gradle
rename to elasticsearch/qa/reindex-tests-with-security/build.gradle
diff --git a/elasticsearch/qa/shield-reindex-tests/roles.yml b/elasticsearch/qa/reindex-tests-with-security/roles.yml
similarity index 96%
rename from elasticsearch/qa/shield-reindex-tests/roles.yml
rename to elasticsearch/qa/reindex-tests-with-security/roles.yml
index 059156cd5a6..483afd67760 100644
--- a/elasticsearch/qa/shield-reindex-tests/roles.yml
+++ b/elasticsearch/qa/reindex-tests-with-security/roles.yml
@@ -8,7 +8,7 @@ admin:
     - '*'
 
 # Search and write on both source and destination indices. It should work if you could just search on the source and
-# write to the destination but that isn't how shield works.
+# write to the destination but that isn't how security works.
 minimal:
   indices:
     - names: source
diff --git a/elasticsearch/qa/shield-reindex-tests/src/test/java/org/elasticsearch/shield/RestIT.java b/elasticsearch/qa/reindex-tests-with-security/src/test/java/org/elasticsearch/xpack/security/RestIT.java
similarity index 84%
rename from elasticsearch/qa/shield-reindex-tests/src/test/java/org/elasticsearch/shield/RestIT.java
rename to elasticsearch/qa/reindex-tests-with-security/src/test/java/org/elasticsearch/xpack/security/RestIT.java
index e49055a963d..1b726fa386a 100644
--- a/elasticsearch/qa/shield-reindex-tests/src/test/java/org/elasticsearch/shield/RestIT.java
+++ b/elasticsearch/qa/reindex-tests-with-security/src/test/java/org/elasticsearch/xpack/security/RestIT.java
@@ -3,20 +3,20 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import com.carrotsearch.randomizedtesting.annotations.Name;
 import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
 import org.elasticsearch.test.rest.ESRestTestCase;
 import org.elasticsearch.test.rest.RestTestCandidate;
 import org.elasticsearch.test.rest.parser.RestTestParseException;
 
 import java.io.IOException;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 
 public class RestIT extends ESRestTestCase {
     private static final String USER = "test_admin";
@@ -32,7 +32,7 @@ public class RestIT extends ESRestTestCase {
     }
 
     /**
-     * All tests run as a an administrative user but use <code>es-shield-runas-user</code> to become a less privileged user.
+     * All tests run as a an administrative user but use <code>es-security-runas-user</code> to become a less privileged user.
      */
     @Override
     protected Settings restClientSettings() {
diff --git a/elasticsearch/qa/shield-reindex-tests/src/test/resources/rest-api-spec/test/10_reindex.yaml b/elasticsearch/qa/reindex-tests-with-security/src/test/resources/rest-api-spec/test/10_reindex.yaml
similarity index 91%
rename from elasticsearch/qa/shield-reindex-tests/src/test/resources/rest-api-spec/test/10_reindex.yaml
rename to elasticsearch/qa/reindex-tests-with-security/src/test/resources/rest-api-spec/test/10_reindex.yaml
index d6a82dbc29d..5cad08a1de2 100644
--- a/elasticsearch/qa/shield-reindex-tests/src/test/resources/rest-api-spec/test/10_reindex.yaml
+++ b/elasticsearch/qa/reindex-tests-with-security/src/test/resources/rest-api-spec/test/10_reindex.yaml
@@ -32,7 +32,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: powerful_user}
+      headers: {es-security-runas-user: powerful_user}
       reindex:
         refresh: true
         body:
@@ -65,7 +65,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: minimal_user}
+      headers: {es-security-runas-user: minimal_user}
       reindex:
         refresh: true
         body:
@@ -98,7 +98,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: readonly_user}
+      headers: {es-security-runas-user: readonly_user}
       catch: forbidden
       reindex:
         body:
@@ -120,7 +120,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: dest_only_user}
+      headers: {es-security-runas-user: dest_only_user}
       catch: forbidden
       reindex:
         body:
@@ -147,7 +147,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: dest_only_user}
+      headers: {es-security-runas-user: dest_only_user}
       catch: forbidden
       reindex:
         refresh: true
@@ -194,7 +194,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: can_not_see_hidden_docs_user}
+      headers: {es-security-runas-user: can_not_see_hidden_docs_user}
       reindex:
         refresh: true
         body:
@@ -237,7 +237,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: can_not_see_hidden_fields_user}
+      headers: {es-security-runas-user: can_not_see_hidden_fields_user}
       reindex:
         refresh: true
         body:
@@ -287,7 +287,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: can_not_see_hidden_docs_user}
+      headers: {es-security-runas-user: can_not_see_hidden_docs_user}
       reindex:
         body:
           source:
@@ -308,7 +308,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: can_not_see_hidden_fields_user}
+      headers: {es-security-runas-user: can_not_see_hidden_fields_user}
       reindex:
         body:
           source:
diff --git a/elasticsearch/qa/shield-reindex-tests/src/test/resources/rest-api-spec/test/20_update_by_query.yaml b/elasticsearch/qa/reindex-tests-with-security/src/test/resources/rest-api-spec/test/20_update_by_query.yaml
similarity index 92%
rename from elasticsearch/qa/shield-reindex-tests/src/test/resources/rest-api-spec/test/20_update_by_query.yaml
rename to elasticsearch/qa/reindex-tests-with-security/src/test/resources/rest-api-spec/test/20_update_by_query.yaml
index ffc322eeac1..a7c775696eb 100644
--- a/elasticsearch/qa/shield-reindex-tests/src/test/resources/rest-api-spec/test/20_update_by_query.yaml
+++ b/elasticsearch/qa/reindex-tests-with-security/src/test/resources/rest-api-spec/test/20_update_by_query.yaml
@@ -41,7 +41,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: powerful_user}
+      headers: {es-security-runas-user: powerful_user}
       update_by_query:
         refresh: true
         index: source
@@ -72,7 +72,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: minimal_user}
+      headers: {es-security-runas-user: minimal_user}
       update_by_query:
         refresh: true
         index: source
@@ -103,7 +103,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: readonly_user}
+      headers: {es-security-runas-user: readonly_user}
       catch: forbidden
       update_by_query:
         index: source
@@ -121,7 +121,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: dest_only_user}
+      headers: {es-security-runas-user: dest_only_user}
       catch: forbidden
       update_by_query:
         index: source
@@ -145,7 +145,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: can_not_see_hidden_docs_user}
+      headers: {es-security-runas-user: can_not_see_hidden_docs_user}
       update_by_query:
         refresh: true
         index: source
@@ -191,7 +191,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: can_not_see_hidden_fields_user}
+      headers: {es-security-runas-user: can_not_see_hidden_fields_user}
       update_by_query:
         index: source
         body:
diff --git a/elasticsearch/qa/shield-reindex-tests/src/test/resources/rest-api-spec/test/30_delete_by_query.yaml b/elasticsearch/qa/reindex-tests-with-security/src/test/resources/rest-api-spec/test/30_delete_by_query.yaml
similarity index 92%
rename from elasticsearch/qa/shield-reindex-tests/src/test/resources/rest-api-spec/test/30_delete_by_query.yaml
rename to elasticsearch/qa/reindex-tests-with-security/src/test/resources/rest-api-spec/test/30_delete_by_query.yaml
index 2a14fd9e0ce..59b6f2b7792 100644
--- a/elasticsearch/qa/shield-reindex-tests/src/test/resources/rest-api-spec/test/30_delete_by_query.yaml
+++ b/elasticsearch/qa/reindex-tests-with-security/src/test/resources/rest-api-spec/test/30_delete_by_query.yaml
@@ -37,7 +37,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: powerful_user}
+      headers: {es-security-runas-user: powerful_user}
       delete_by_query:
         refresh: true
         index: source
@@ -64,7 +64,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: minimal_user}
+      headers: {es-security-runas-user: minimal_user}
       delete_by_query:
         refresh: true
         index: source
@@ -91,7 +91,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: readonly_user}
+      headers: {es-security-runas-user: readonly_user}
       catch: forbidden
       delete_by_query:
         refresh: true
@@ -118,7 +118,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: dest_only_user}
+      headers: {es-security-runas-user: dest_only_user}
       catch: forbidden
       delete_by_query:
         refresh: true
@@ -151,7 +151,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: can_not_see_hidden_docs_user}
+      headers: {es-security-runas-user: can_not_see_hidden_docs_user}
       delete_by_query:
         refresh: true
         index: source
@@ -212,7 +212,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: can_not_see_hidden_fields_user}
+      headers: {es-security-runas-user: can_not_see_hidden_fields_user}
       delete_by_query:
         refresh: true
         index: source
diff --git a/elasticsearch/qa/shield-client-tests/build.gradle b/elasticsearch/qa/security-client-tests/build.gradle
similarity index 100%
rename from elasticsearch/qa/shield-client-tests/build.gradle
rename to elasticsearch/qa/security-client-tests/build.gradle
diff --git a/elasticsearch/qa/shield-client-tests/src/test/java/org/elasticsearch/shield/qa/ShieldTransportClientIT.java b/elasticsearch/qa/security-client-tests/src/test/java/org/elasticsearch/xpack/security/qa/SecurityTransportClientIT.java
similarity index 91%
rename from elasticsearch/qa/shield-client-tests/src/test/java/org/elasticsearch/shield/qa/ShieldTransportClientIT.java
rename to elasticsearch/qa/security-client-tests/src/test/java/org/elasticsearch/xpack/security/qa/SecurityTransportClientIT.java
index bc8cb9aa510..c9cf99d50fa 100644
--- a/elasticsearch/qa/shield-client-tests/src/test/java/org/elasticsearch/shield/qa/ShieldTransportClientIT.java
+++ b/elasticsearch/qa/security-client-tests/src/test/java/org/elasticsearch/xpack/security/qa/SecurityTransportClientIT.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.qa;
+package org.elasticsearch.xpack.security.qa;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.action.admin.cluster.health.ClusterHealthResponse;
@@ -13,8 +13,8 @@ import org.elasticsearch.client.transport.TransportClient;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.transport.TransportAddress;
 import org.elasticsearch.plugins.Plugin;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
 import org.elasticsearch.test.ESIntegTestCase;
 import org.elasticsearch.xpack.XPackPlugin;
 
@@ -23,14 +23,14 @@ import java.util.Collections;
 import java.util.List;
 import java.util.concurrent.TimeUnit;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.is;
 
 /**
- * Integration tests that test a transport client with Shield being loaded that connect to an external cluster
+ * Integration tests that test a transport client with security being loaded that connect to an external cluster
  */
-public class ShieldTransportClientIT extends ESIntegTestCase {
+public class SecurityTransportClientIT extends ESIntegTestCase {
     static final String ADMIN_USER_PW = "test_user:changeme";
     static final String TRANSPORT_USER_PW = "transport:changeme";
 
diff --git a/elasticsearch/qa/shield-example-realm/build.gradle b/elasticsearch/qa/security-example-realm/build.gradle
similarity index 100%
rename from elasticsearch/qa/shield-example-realm/build.gradle
rename to elasticsearch/qa/security-example-realm/build.gradle
diff --git a/elasticsearch/qa/shield-example-realm/src/main/java/org/elasticsearch/example/ExampleRealmExtension.java b/elasticsearch/qa/security-example-realm/src/main/java/org/elasticsearch/example/ExampleRealmExtension.java
similarity index 95%
rename from elasticsearch/qa/shield-example-realm/src/main/java/org/elasticsearch/example/ExampleRealmExtension.java
rename to elasticsearch/qa/security-example-realm/src/main/java/org/elasticsearch/example/ExampleRealmExtension.java
index 308ca7c382e..e7df15dd2db 100644
--- a/elasticsearch/qa/shield-example-realm/src/main/java/org/elasticsearch/example/ExampleRealmExtension.java
+++ b/elasticsearch/qa/security-example-realm/src/main/java/org/elasticsearch/example/ExampleRealmExtension.java
@@ -8,7 +8,7 @@ package org.elasticsearch.example;
 import org.elasticsearch.example.realm.CustomAuthenticationFailureHandler;
 import org.elasticsearch.example.realm.CustomRealm;
 import org.elasticsearch.example.realm.CustomRealmFactory;
-import org.elasticsearch.shield.authc.AuthenticationModule;
+import org.elasticsearch.xpack.security.authc.AuthenticationModule;
 import org.elasticsearch.xpack.extensions.XPackExtension;
 
 import java.security.AccessController;
diff --git a/elasticsearch/qa/shield-example-realm/src/main/java/org/elasticsearch/example/realm/CustomAuthenticationFailureHandler.java b/elasticsearch/qa/security-example-realm/src/main/java/org/elasticsearch/example/realm/CustomAuthenticationFailureHandler.java
similarity index 93%
rename from elasticsearch/qa/shield-example-realm/src/main/java/org/elasticsearch/example/realm/CustomAuthenticationFailureHandler.java
rename to elasticsearch/qa/security-example-realm/src/main/java/org/elasticsearch/example/realm/CustomAuthenticationFailureHandler.java
index f95e830a18e..ecc2567e0c1 100644
--- a/elasticsearch/qa/shield-example-realm/src/main/java/org/elasticsearch/example/realm/CustomAuthenticationFailureHandler.java
+++ b/elasticsearch/qa/security-example-realm/src/main/java/org/elasticsearch/example/realm/CustomAuthenticationFailureHandler.java
@@ -8,8 +8,8 @@ package org.elasticsearch.example.realm;
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
 import org.elasticsearch.rest.RestRequest;
-import org.elasticsearch.shield.authc.AuthenticationToken;
-import org.elasticsearch.shield.authc.DefaultAuthenticationFailureHandler;
+import org.elasticsearch.xpack.security.authc.AuthenticationToken;
+import org.elasticsearch.xpack.security.authc.DefaultAuthenticationFailureHandler;
 import org.elasticsearch.transport.TransportMessage;
 
 public class CustomAuthenticationFailureHandler extends DefaultAuthenticationFailureHandler {
diff --git a/elasticsearch/qa/shield-example-realm/src/main/java/org/elasticsearch/example/realm/CustomRealm.java b/elasticsearch/qa/security-example-realm/src/main/java/org/elasticsearch/example/realm/CustomRealm.java
similarity index 83%
rename from elasticsearch/qa/shield-example-realm/src/main/java/org/elasticsearch/example/realm/CustomRealm.java
rename to elasticsearch/qa/security-example-realm/src/main/java/org/elasticsearch/example/realm/CustomRealm.java
index edfa85cec1a..c6699f7b6ae 100644
--- a/elasticsearch/qa/shield-example-realm/src/main/java/org/elasticsearch/example/realm/CustomRealm.java
+++ b/elasticsearch/qa/security-example-realm/src/main/java/org/elasticsearch/example/realm/CustomRealm.java
@@ -6,12 +6,12 @@
 package org.elasticsearch.example.realm;
 
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.authc.AuthenticationToken;
-import org.elasticsearch.shield.authc.Realm;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.authc.AuthenticationToken;
+import org.elasticsearch.xpack.security.authc.Realm;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
 
 public class CustomRealm extends Realm<UsernamePasswordToken> {
 
diff --git a/elasticsearch/qa/shield-example-realm/src/main/java/org/elasticsearch/example/realm/CustomRealmFactory.java b/elasticsearch/qa/security-example-realm/src/main/java/org/elasticsearch/example/realm/CustomRealmFactory.java
similarity index 88%
rename from elasticsearch/qa/shield-example-realm/src/main/java/org/elasticsearch/example/realm/CustomRealmFactory.java
rename to elasticsearch/qa/security-example-realm/src/main/java/org/elasticsearch/example/realm/CustomRealmFactory.java
index 2bab07e8267..53dade409d8 100644
--- a/elasticsearch/qa/shield-example-realm/src/main/java/org/elasticsearch/example/realm/CustomRealmFactory.java
+++ b/elasticsearch/qa/security-example-realm/src/main/java/org/elasticsearch/example/realm/CustomRealmFactory.java
@@ -7,8 +7,8 @@ package org.elasticsearch.example.realm;
 
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.rest.RestController;
-import org.elasticsearch.shield.authc.Realm;
-import org.elasticsearch.shield.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.Realm;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
 
 public class CustomRealmFactory extends Realm.Factory<CustomRealm> {
 
diff --git a/elasticsearch/qa/shield-example-realm/src/main/resources/x-pack-extension-descriptor.properties b/elasticsearch/qa/security-example-realm/src/main/resources/x-pack-extension-descriptor.properties
similarity index 100%
rename from elasticsearch/qa/shield-example-realm/src/main/resources/x-pack-extension-descriptor.properties
rename to elasticsearch/qa/security-example-realm/src/main/resources/x-pack-extension-descriptor.properties
diff --git a/elasticsearch/qa/shield-example-realm/src/main/resources/x-pack-extension-security.policy b/elasticsearch/qa/security-example-realm/src/main/resources/x-pack-extension-security.policy
similarity index 100%
rename from elasticsearch/qa/shield-example-realm/src/main/resources/x-pack-extension-security.policy
rename to elasticsearch/qa/security-example-realm/src/main/resources/x-pack-extension-security.policy
diff --git a/elasticsearch/qa/shield-example-realm/src/test/java/org/elasticsearch/example/realm/CustomRealmIT.java b/elasticsearch/qa/security-example-realm/src/test/java/org/elasticsearch/example/realm/CustomRealmIT.java
similarity index 100%
rename from elasticsearch/qa/shield-example-realm/src/test/java/org/elasticsearch/example/realm/CustomRealmIT.java
rename to elasticsearch/qa/security-example-realm/src/test/java/org/elasticsearch/example/realm/CustomRealmIT.java
diff --git a/elasticsearch/qa/shield-example-realm/src/test/java/org/elasticsearch/example/realm/CustomRealmTests.java b/elasticsearch/qa/security-example-realm/src/test/java/org/elasticsearch/example/realm/CustomRealmTests.java
similarity index 87%
rename from elasticsearch/qa/shield-example-realm/src/test/java/org/elasticsearch/example/realm/CustomRealmTests.java
rename to elasticsearch/qa/security-example-realm/src/test/java/org/elasticsearch/example/realm/CustomRealmTests.java
index 53df916d0c9..f809a3f14bb 100644
--- a/elasticsearch/qa/shield-example-realm/src/test/java/org/elasticsearch/example/realm/CustomRealmTests.java
+++ b/elasticsearch/qa/security-example-realm/src/test/java/org/elasticsearch/example/realm/CustomRealmTests.java
@@ -6,10 +6,10 @@
 package org.elasticsearch.example.realm;
 
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
 import org.elasticsearch.test.ESTestCase;
 
 import static org.hamcrest.Matchers.equalTo;
diff --git a/elasticsearch/qa/smoke-test-found-license-with-shield-and-watcher/integration-tests.xml b/elasticsearch/qa/smoke-test-found-license-with-shield-and-watcher/integration-tests.xml
deleted file mode 100644
index 375f3db605f..00000000000
--- a/elasticsearch/qa/smoke-test-found-license-with-shield-and-watcher/integration-tests.xml
+++ /dev/null
@@ -1,114 +0,0 @@
-<?xml version="1.0"?>
-<!--
-  ~ ELASTICSEARCH CONFIDENTIAL
-  ~ __________________
-  ~
-  ~  [2014] Elasticsearch Incorporated. All Rights Reserved.
-  ~
-  ~ NOTICE:  All information contained herein is, and remains
-  ~ the property of Elasticsearch Incorporated and its suppliers,
-  ~ if any.  The intellectual and technical concepts contained
-  ~ herein are proprietary to Elasticsearch Incorporated
-  ~ and its suppliers and may be covered by U.S. and Foreign Patents,
-  ~ patents in process, and are protected by trade secret or copyright law.
-  ~ Dissemination of this information or reproduction of this material
-  ~ is strictly forbidden unless prior written permission is obtained
-  ~ from Elasticsearch Incorporated.
-  -->
-
-<project name="smoke-test-watcher-and-shield"
-         xmlns:ac="antlib:net.sf.antcontrib">
-
-  <import file="${elasticsearch.integ.antfile.default}"/>
-
-  <!-- redefined to work with auth -->
-  <macrodef name="waitfor-elasticsearch">
-      <attribute name="port"/>
-      <attribute name="timeoutproperty"/>
-    <sequential>
-      <echo>Waiting for elasticsearch to become available on port @{port}...</echo>
-      <waitfor maxwait="30" maxwaitunit="second"
-               checkevery="500" checkeveryunit="millisecond"
-               timeoutproperty="@{timeoutproperty}">
-        <socket server="127.0.0.1" port="@{port}"/>
-      </waitfor>
-    </sequential>
-  </macrodef>
-
-  <target name="start-external-cluster-with-found-license-and-shield" depends="setup-workspace">
-    <ac:for list="${xplugins.list}" param="xplugin.name">
-      <sequential>
-        <fail message="Expected @{xplugin.name}-${version}.zip as a dependency, but could not be found in ${integ.deps}/plugins}">
-          <condition>
-            <not>
-              <available file="${integ.deps}/plugins/@{xplugin.name}-${elasticsearch.version}.zip" />
-            </not>
-          </condition>
-        </fail>
-      </sequential>
-    </ac:for>
-
-    <ac:for param="file">
-      <path>
-        <fileset dir="${integ.deps}/plugins"/>
-      </path>
-      <sequential>
-        <local name="plugin.name"/>
-        <convert-plugin-name file="@{file}" outputproperty="plugin.name"/>
-        <install-plugin name="${plugin.name}" file="@{file}"/>
-      </sequential>
-    </ac:for>
-
-    <local name="home"/>
-    <property name="home" location="${integ.scratch}/elasticsearch-${elasticsearch.version}"/>
-
-    <echo>Adding roles.yml with watcher roles</echo>
-    <copy file="watcher-with-shield-roles.yml" tofile="${home}/config/x-pack/roles.yml" overwrite="true"/>
-
-    <echo>Adding shield users...</echo>
-    <run-script script="${home}/bin/x-pack/esusers">
-      <nested>
-        <arg value="useradd"/>
-        <arg value="test_admin"/>
-        <arg value="-p"/>
-        <arg value="changeme"/>
-        <arg value="-r"/>
-        <arg value="admin"/>
-      </nested>
-    </run-script>
-    <run-script script="${home}/bin/x-pack/esusers">
-      <nested>
-        <arg value="useradd"/>
-        <arg value="watcher_manager"/>
-        <arg value="-p"/>
-        <arg value="changeme"/>
-        <arg value="-r"/>
-        <arg value="watcher_manager"/>
-      </nested>
-    </run-script>
-    <run-script script="${home}/bin/x-pack/esusers">
-      <nested>
-        <arg value="useradd"/>
-        <arg value="powerless_user"/>
-        <arg value="-p"/>
-        <arg value="changeme"/>
-        <arg value="-r"/>
-        <arg value="crapy_role"/>
-      </nested>
-    </run-script>
-
-    <startup-elasticsearch>
-      <!-- Useful for when debugging -->
-      <!--<additional-args>-->
-        <!--<arg value="-Des.http.cors.enabled=true"/>-->
-        <!--<arg value="-Des.http.cors.allow-origin=*"/>-->
-      <!--</additional-args>-->
-    </startup-elasticsearch>
-
-    <echo>Checking we can connect with basic auth on port ${integ.http.port}...</echo>
-    <local name="temp.file"/>
-    <tempfile property="temp.file" destdir="${java.io.tmpdir}"/>
-    <get src="http://127.0.0.1:${integ.http.port}" dest="${temp.file}" 
-         username="test_admin" password="changeme" verbose="true" retries="10"/>
-  </target>
-</project>
diff --git a/elasticsearch/qa/smoke-test-found-license-with-shield-and-watcher/src/test/java/org/elasticsearch/smoketest/MarvelClusterInfoIT.java b/elasticsearch/qa/smoke-test-found-license-with-shield-and-watcher/src/test/java/org/elasticsearch/smoketest/MarvelClusterInfoIT.java
deleted file mode 100644
index 6c980ba3a13..00000000000
--- a/elasticsearch/qa/smoke-test-found-license-with-shield-and-watcher/src/test/java/org/elasticsearch/smoketest/MarvelClusterInfoIT.java
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License;
- * you may not use this file except in compliance with the Elastic License.
- */
-package org.elasticsearch.smoketest;
-
-import org.elasticsearch.Version;
-import org.elasticsearch.action.get.GetResponse;
-import org.elasticsearch.common.Strings;
-import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.index.IndexNotFoundException;
-import org.elasticsearch.plugins.Plugin;
-import org.elasticsearch.test.ESIntegTestCase;
-import org.elasticsearch.xpack.XPackPlugin;
-import org.elasticsearch.shield.Shield;
-import org.hamcrest.Matcher;
-
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Map;
-import java.util.concurrent.TimeUnit;
-
-import static org.hamcrest.Matchers.equalTo;
-import static org.hamcrest.Matchers.is;
-import static org.hamcrest.Matchers.nullValue;
-
-public class MarvelClusterInfoIT extends ESIntegTestCase {
-
-    static final String ADMIN_USER_PW = "test_admin:changeme";
-
-    @Override
-    protected Settings externalClusterClientSettings() {
-        return Settings.builder()
-                .put(Shield.USER_SETTING.getKey(), ADMIN_USER_PW)
-                .build();
-    }
-
-    @Override
-    protected Collection<Class<? extends Plugin>> transportClientPlugins() {
-        return Collections.singletonList(XPackPlugin.class);
-    }
-
-    public void testMarvelClusterInfoCollectorWorks() throws Exception {
-        final String clusterUUID = client().admin().cluster().prepareState().setMetaData(true).get().getState().metaData().clusterUUID();
-        assertTrue(Strings.hasText(clusterUUID));
-        awaitIndexExists(".monitoring-es-data");
-        ensureYellow(".monitoring-es-data");
-        awaitMarvelDocsCount(equalTo(1L), "cluster_info");
-        GetResponse response = client().prepareGet(".monitoring-es-data", "cluster_info", clusterUUID).get();
-        assertTrue(".monitoring-es-data" + " document does not exist", response.isExists());
-        Map<String, Object> source = response.getSource();
-        assertThat((String) source.get("cluster_name"), equalTo(cluster().getClusterName()));
-        assertThat((String) source.get("version"), equalTo(Version.CURRENT.toString()));
-
-        Object licenseObj = source.get("license");
-        assertThat(licenseObj, nullValue());
-    }
-
-    protected void awaitMarvelDocsCount(Matcher<Long> matcher, String... types) throws Exception {
-        flush();
-        refresh();
-        assertBusy(new Runnable() {
-            @Override
-            public void run() {
-                assertMarvelDocsCount(matcher, types);
-            }
-        }, 30, TimeUnit.SECONDS);
-    }
-
-    protected void assertMarvelDocsCount(Matcher<Long> matcher, String... types) {
-        try {
-            long count = client().prepareSearch(".monitoring-es-data").setSize(0)
-                    .setTypes(types).get().getHits().totalHits();
-            logger.trace("--> searched for [{}] documents, found [{}]", Strings.arrayToCommaDelimitedString(types), count);
-            assertThat(count, matcher);
-        } catch (IndexNotFoundException e) {
-            assertThat(0L, matcher);
-        }
-    }
-
-    protected void awaitIndexExists(final String... indices) throws Exception {
-        assertBusy(new Runnable() {
-            @Override
-            public void run() {
-                assertIndicesExists(indices);
-            }
-        }, 30, TimeUnit.SECONDS);
-    }
-
-    protected void assertIndicesExists(String... indices) {
-        logger.trace("checking if index exists [{}]", Strings.arrayToCommaDelimitedString(indices));
-        assertThat(client().admin().indices().prepareExists(indices).get().isExists(), is(true));
-    }
-}
diff --git a/elasticsearch/qa/smoke-test-found-license-with-shield-and-watcher/src/test/java/org/elasticsearch/smoketest/WatcherWithShieldIT.java b/elasticsearch/qa/smoke-test-found-license-with-shield-and-watcher/src/test/java/org/elasticsearch/smoketest/WatcherWithShieldIT.java
deleted file mode 100644
index 3a57ea49cb8..00000000000
--- a/elasticsearch/qa/smoke-test-found-license-with-shield-and-watcher/src/test/java/org/elasticsearch/smoketest/WatcherWithShieldIT.java
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License;
- * you may not use this file except in compliance with the Elastic License.
- */
-package org.elasticsearch.smoketest;
-
-import com.carrotsearch.randomizedtesting.annotations.Name;
-import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
-import org.apache.http.client.methods.HttpPut;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.HttpClients;
-import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
-import org.elasticsearch.client.support.Headers;
-import org.elasticsearch.common.network.NetworkAddress;
-import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.plugins.Plugin;
-import org.elasticsearch.shield.Shield;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
-import org.elasticsearch.test.rest.ESRestTestCase;
-import org.elasticsearch.test.rest.RestTestCandidate;
-import org.elasticsearch.test.rest.parser.RestTestParseException;
-import org.elasticsearch.xpack.XPackPlugin;
-import org.junit.After;
-import org.junit.Before;
-
-import java.io.IOException;
-import java.net.InetSocketAddress;
-import java.net.URI;
-import java.util.Collection;
-import java.util.Collections;
-
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
-
-public class WatcherWithShieldIT extends ESRestTestCase {
-
-    private final static String TEST_ADMIN_USERNAME = "test_admin";
-    private final static String TEST_ADMIN_PASSWORD = "changeme";
-
-    public WatcherWithShieldIT(@Name("yaml") RestTestCandidate testCandidate) {
-        super(testCandidate);
-    }
-
-    @ParametersFactory
-    public static Iterable<Object[]> parameters() throws IOException, RestTestParseException {
-        return ESRestTestCase.createParameters(0, 1);
-    }
-
-    @Before
-    public void startWatcher() throws Exception {
-        try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
-            InetSocketAddress address = cluster().httpAddresses()[0];
-            HttpPut request = new HttpPut(new URI("http", null, NetworkAddress.format(address.getAddress()), address.getPort(), "/_xpack/watcher/_start", null, null));
-            String token = basicAuthHeaderValue(TEST_ADMIN_USERNAME, new SecuredString(TEST_ADMIN_PASSWORD.toCharArray()));
-            request.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, token);
-            client.execute(request);
-        }
-    }
-
-    @After
-    public void stopWatcher() throws Exception {
-        try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
-            InetSocketAddress address = cluster().httpAddresses()[0];
-            HttpPut request = new HttpPut(new URI("http", null, NetworkAddress.format(address.getAddress()), address.getPort(), "/_xpack/watcher/_stop", null, null));
-            String token = basicAuthHeaderValue(TEST_ADMIN_USERNAME, new SecuredString(TEST_ADMIN_PASSWORD.toCharArray()));
-            request.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, token);
-            client.execute(request);
-        }
-    }
-
-    @Override
-    protected Settings restClientSettings() {
-        String[] credentials = getCredentials();
-        String token = basicAuthHeaderValue(credentials[0], new SecuredString(credentials[1].toCharArray()));
-        return Settings.builder()
-                .put(Headers.PREFIX + ".Authorization", token)
-                .build();
-    }
-
-    @Override
-    protected Settings externalClusterClientSettings() {
-        return Settings.builder()
-                .put(Shield.USER_SETTING.getKey(), TEST_ADMIN_USERNAME + ":" + TEST_ADMIN_PASSWORD)
-                .build();
-    }
-
-    protected String[] getCredentials() {
-        return new String[]{"watcher_manager", "changeme"};
-    }
-
-    @Override
-    protected Collection<Class<? extends Plugin>> transportClientPlugins() {
-        return Collections.<Class<? extends Plugin>>singleton(XPackPlugin.class);
-    }
-
-}
-
diff --git a/elasticsearch/qa/smoke-test-found-license-with-shield-and-watcher/src/test/java/org/elasticsearch/smoketest/WatcherWithShieldInsufficientRoleIT.java b/elasticsearch/qa/smoke-test-found-license-with-shield-and-watcher/src/test/java/org/elasticsearch/smoketest/WatcherWithShieldInsufficientRoleIT.java
deleted file mode 100644
index f51044a74ec..00000000000
--- a/elasticsearch/qa/smoke-test-found-license-with-shield-and-watcher/src/test/java/org/elasticsearch/smoketest/WatcherWithShieldInsufficientRoleIT.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License;
- * you may not use this file except in compliance with the Elastic License.
- */
-package org.elasticsearch.smoketest;
-
-import com.carrotsearch.randomizedtesting.annotations.Name;
-import org.elasticsearch.test.rest.RestTestCandidate;
-
-import java.io.IOException;
-
-import static org.hamcrest.Matchers.anyOf;
-import static org.hamcrest.Matchers.containsString;
-
-public class WatcherWithShieldInsufficientRoleIT extends WatcherWithShieldIT {
-    public WatcherWithShieldInsufficientRoleIT(@Name("yaml") RestTestCandidate testCandidate) {
-        super(testCandidate);
-    }
-
-    public void test() throws IOException {
-        try {
-            super.test();
-            fail();
-        } catch(AssertionError ae) {
-            assertThat(ae.getMessage(), anyOf(containsString("action [cluster:monitor/watcher/"), containsString("action [cluster:admin/watcher/")));
-            assertThat(ae.getMessage(), containsString("returned [403 Forbidden]"));
-            assertThat(ae.getMessage(), containsString("is unauthorized for user [powerless_user]"));
-        }
-    }
-
-    @Override
-    protected String[] getCredentials() {
-        return new String[]{"powerless_user", "changeme"};
-    }
-}
diff --git a/elasticsearch/qa/smoke-test-found-license-with-shield-and-watcher/watcher-with-shield-roles.yml b/elasticsearch/qa/smoke-test-found-license-with-shield-and-watcher/watcher-with-shield-roles.yml
deleted file mode 100644
index 74a86b35eb5..00000000000
--- a/elasticsearch/qa/smoke-test-found-license-with-shield-and-watcher/watcher-with-shield-roles.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-admin:
-  cluster: all
-  indices:
-    '*': all
-
-watcher_manager:
-  cluster: manage
-  indices:
-    '.watcher-history-*': all
-
-watcher_monitor:
-  cluster: monitor
-  indices:
-    '.watcher-history-*': read
-
-crapy_role:
-  cluster:
-    - cluster:monitor/nodes/info
-    - cluster:monitor/health
-    - cluster:monitor/nodes/liveness
diff --git a/elasticsearch/qa/smoke-test-graph-with-shield/build.gradle b/elasticsearch/qa/smoke-test-graph-with-security/build.gradle
similarity index 100%
rename from elasticsearch/qa/smoke-test-graph-with-shield/build.gradle
rename to elasticsearch/qa/smoke-test-graph-with-security/build.gradle
diff --git a/elasticsearch/qa/smoke-test-graph-with-shield/roles.yml b/elasticsearch/qa/smoke-test-graph-with-security/roles.yml
similarity index 100%
rename from elasticsearch/qa/smoke-test-graph-with-shield/roles.yml
rename to elasticsearch/qa/smoke-test-graph-with-security/roles.yml
diff --git a/elasticsearch/qa/smoke-test-graph-with-shield/src/test/java/org/elasticsearch/smoketest/GraphWithShieldIT.java b/elasticsearch/qa/smoke-test-graph-with-security/src/test/java/org/elasticsearch/smoketest/GraphWithSecurityIT.java
similarity index 68%
rename from elasticsearch/qa/smoke-test-graph-with-shield/src/test/java/org/elasticsearch/smoketest/GraphWithShieldIT.java
rename to elasticsearch/qa/smoke-test-graph-with-security/src/test/java/org/elasticsearch/smoketest/GraphWithSecurityIT.java
index f86fd8ee11c..ed7147b8edb 100644
--- a/elasticsearch/qa/smoke-test-graph-with-shield/src/test/java/org/elasticsearch/smoketest/GraphWithShieldIT.java
+++ b/elasticsearch/qa/smoke-test-graph-with-security/src/test/java/org/elasticsearch/smoketest/GraphWithSecurityIT.java
@@ -8,37 +8,23 @@ package org.elasticsearch.smoketest;
 import com.carrotsearch.randomizedtesting.annotations.Name;
 import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
 
-import org.apache.http.client.methods.HttpPut;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.HttpClients;
-import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
-//import org.elasticsearch.client.support.Headers;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.plugins.Plugin;
-//import org.elasticsearch.shield.ShieldPlugin;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
 import org.elasticsearch.test.rest.ESRestTestCase;
 import org.elasticsearch.test.rest.RestTestCandidate;
 import org.elasticsearch.test.rest.parser.RestTestParseException;
-import org.junit.After;
-import org.junit.Before;
 
 import java.io.IOException;
-import java.net.URI;
-import java.net.URL;
-import java.util.Collection;
-import java.util.Collections;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 
-public class GraphWithShieldIT extends ESRestTestCase {
+public class GraphWithSecurityIT extends ESRestTestCase {
 
     private final static String TEST_ADMIN_USERNAME = "test_admin";
     private final static String TEST_ADMIN_PASSWORD = "changeme";
 
-    public GraphWithShieldIT(@Name("yaml") RestTestCandidate testCandidate) {
+    public GraphWithSecurityIT(@Name("yaml") RestTestCandidate testCandidate) {
         super(testCandidate);
     }
 
diff --git a/elasticsearch/qa/smoke-test-graph-with-shield/src/test/java/org/elasticsearch/smoketest/GraphWithShieldInsufficientRoleIT.java b/elasticsearch/qa/smoke-test-graph-with-security/src/test/java/org/elasticsearch/smoketest/GraphWithSecurityInsufficientRoleIT.java
similarity index 85%
rename from elasticsearch/qa/smoke-test-graph-with-shield/src/test/java/org/elasticsearch/smoketest/GraphWithShieldInsufficientRoleIT.java
rename to elasticsearch/qa/smoke-test-graph-with-security/src/test/java/org/elasticsearch/smoketest/GraphWithSecurityInsufficientRoleIT.java
index b85dd676a5c..18f41655e4f 100644
--- a/elasticsearch/qa/smoke-test-graph-with-shield/src/test/java/org/elasticsearch/smoketest/GraphWithShieldInsufficientRoleIT.java
+++ b/elasticsearch/qa/smoke-test-graph-with-security/src/test/java/org/elasticsearch/smoketest/GraphWithSecurityInsufficientRoleIT.java
@@ -7,15 +7,14 @@ package org.elasticsearch.smoketest;
 
 import com.carrotsearch.randomizedtesting.annotations.Name;
 import org.elasticsearch.test.rest.RestTestCandidate;
-import org.junit.Test;
 
 import java.io.IOException;
 
 import static org.hamcrest.Matchers.containsString;
 
-public class GraphWithShieldInsufficientRoleIT extends GraphWithShieldIT {
+public class GraphWithSecurityInsufficientRoleIT extends GraphWithSecurityIT {
 
-    public GraphWithShieldInsufficientRoleIT(@Name("yaml") RestTestCandidate testCandidate) {
+    public GraphWithSecurityInsufficientRoleIT(@Name("yaml") RestTestCandidate testCandidate) {
         super(testCandidate);
     }
 
diff --git a/elasticsearch/qa/smoke-test-monitoring-with-shield/build.gradle b/elasticsearch/qa/smoke-test-monitoring-with-security/build.gradle
similarity index 100%
rename from elasticsearch/qa/smoke-test-monitoring-with-shield/build.gradle
rename to elasticsearch/qa/smoke-test-monitoring-with-security/build.gradle
diff --git a/elasticsearch/qa/smoke-test-monitoring-with-shield/insufficient-rights/build.gradle b/elasticsearch/qa/smoke-test-monitoring-with-security/insufficient-rights/build.gradle
similarity index 100%
rename from elasticsearch/qa/smoke-test-monitoring-with-shield/insufficient-rights/build.gradle
rename to elasticsearch/qa/smoke-test-monitoring-with-security/insufficient-rights/build.gradle
diff --git a/elasticsearch/qa/smoke-test-monitoring-with-shield/insufficient-rights/src/test/java/org/elasticsearch/smoketest/MonitoringWithShieldInsufficientRoleIT.java b/elasticsearch/qa/smoke-test-monitoring-with-security/insufficient-rights/src/test/java/org/elasticsearch/smoketest/MonitoringWithSecurityInsufficientRoleIT.java
similarity index 85%
rename from elasticsearch/qa/smoke-test-monitoring-with-shield/insufficient-rights/src/test/java/org/elasticsearch/smoketest/MonitoringWithShieldInsufficientRoleIT.java
rename to elasticsearch/qa/smoke-test-monitoring-with-security/insufficient-rights/src/test/java/org/elasticsearch/smoketest/MonitoringWithSecurityInsufficientRoleIT.java
index f4879d2a53d..037941611bf 100644
--- a/elasticsearch/qa/smoke-test-monitoring-with-shield/insufficient-rights/src/test/java/org/elasticsearch/smoketest/MonitoringWithShieldInsufficientRoleIT.java
+++ b/elasticsearch/qa/smoke-test-monitoring-with-security/insufficient-rights/src/test/java/org/elasticsearch/smoketest/MonitoringWithSecurityInsufficientRoleIT.java
@@ -9,19 +9,19 @@ import com.carrotsearch.randomizedtesting.annotations.Name;
 import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
 import org.elasticsearch.test.rest.ESRestTestCase;
 import org.elasticsearch.test.rest.RestTestCandidate;
 import org.elasticsearch.test.rest.parser.RestTestParseException;
 
 import java.io.IOException;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 import static org.hamcrest.Matchers.containsString;
 
-public class MonitoringWithShieldInsufficientRoleIT extends ESRestTestCase {
+public class MonitoringWithSecurityInsufficientRoleIT extends ESRestTestCase {
 
-    public MonitoringWithShieldInsufficientRoleIT(@Name("yaml") RestTestCandidate testCandidate) {
+    public MonitoringWithSecurityInsufficientRoleIT(@Name("yaml") RestTestCandidate testCandidate) {
         super(testCandidate);
     }
 
diff --git a/elasticsearch/qa/smoke-test-monitoring-with-shield/roles.yml b/elasticsearch/qa/smoke-test-monitoring-with-security/roles.yml
similarity index 100%
rename from elasticsearch/qa/smoke-test-monitoring-with-shield/roles.yml
rename to elasticsearch/qa/smoke-test-monitoring-with-security/roles.yml
diff --git a/elasticsearch/qa/smoke-test-monitoring-with-shield/sufficient-rights/build.gradle b/elasticsearch/qa/smoke-test-monitoring-with-security/sufficient-rights/build.gradle
similarity index 100%
rename from elasticsearch/qa/smoke-test-monitoring-with-shield/sufficient-rights/build.gradle
rename to elasticsearch/qa/smoke-test-monitoring-with-security/sufficient-rights/build.gradle
diff --git a/elasticsearch/qa/smoke-test-monitoring-with-shield/sufficient-rights/src/test/java/org/elasticsearch/smoketest/MonitoringWithShieldIT.java b/elasticsearch/qa/smoke-test-monitoring-with-security/sufficient-rights/src/test/java/org/elasticsearch/smoketest/MonitoringWithSecurityIT.java
similarity index 82%
rename from elasticsearch/qa/smoke-test-monitoring-with-shield/sufficient-rights/src/test/java/org/elasticsearch/smoketest/MonitoringWithShieldIT.java
rename to elasticsearch/qa/smoke-test-monitoring-with-security/sufficient-rights/src/test/java/org/elasticsearch/smoketest/MonitoringWithSecurityIT.java
index b6f4f47282b..c98a6d01c38 100644
--- a/elasticsearch/qa/smoke-test-monitoring-with-shield/sufficient-rights/src/test/java/org/elasticsearch/smoketest/MonitoringWithShieldIT.java
+++ b/elasticsearch/qa/smoke-test-monitoring-with-security/sufficient-rights/src/test/java/org/elasticsearch/smoketest/MonitoringWithSecurityIT.java
@@ -9,18 +9,18 @@ import com.carrotsearch.randomizedtesting.annotations.Name;
 import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
 import org.elasticsearch.test.rest.ESRestTestCase;
 import org.elasticsearch.test.rest.RestTestCandidate;
 import org.elasticsearch.test.rest.parser.RestTestParseException;
 
 import java.io.IOException;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 
-public class MonitoringWithShieldIT extends ESRestTestCase {
+public class MonitoringWithSecurityIT extends ESRestTestCase {
 
-    public MonitoringWithShieldIT(@Name("yaml") RestTestCandidate testCandidate) {
+    public MonitoringWithSecurityIT(@Name("yaml") RestTestCandidate testCandidate) {
         super(testCandidate);
     }
 
diff --git a/elasticsearch/qa/smoke-test-plugins-ssl/src/test/java/org/elasticsearch/smoketest/SmokeTestMonitoringWithShieldIT.java b/elasticsearch/qa/smoke-test-plugins-ssl/src/test/java/org/elasticsearch/smoketest/SmokeTestMonitoringWithSecurityIT.java
similarity index 92%
rename from elasticsearch/qa/smoke-test-plugins-ssl/src/test/java/org/elasticsearch/smoketest/SmokeTestMonitoringWithShieldIT.java
rename to elasticsearch/qa/smoke-test-plugins-ssl/src/test/java/org/elasticsearch/smoketest/SmokeTestMonitoringWithSecurityIT.java
index 23dc1b4a34a..229d84bcae2 100644
--- a/elasticsearch/qa/smoke-test-plugins-ssl/src/test/java/org/elasticsearch/smoketest/SmokeTestMonitoringWithShieldIT.java
+++ b/elasticsearch/qa/smoke-test-plugins-ssl/src/test/java/org/elasticsearch/smoketest/SmokeTestMonitoringWithSecurityIT.java
@@ -12,8 +12,8 @@ import org.elasticsearch.common.io.PathUtils;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.transport.InetSocketTransportAddress;
 import org.elasticsearch.plugins.Plugin;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.transport.netty.ShieldNettyTransport;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
 import org.elasticsearch.test.ESIntegTestCase;
 import org.elasticsearch.xpack.XPackPlugin;
 import org.junit.After;
@@ -37,14 +37,14 @@ import static org.hamcrest.Matchers.greaterThanOrEqualTo;
 
 /**
  * This test checks that a Monitoring's HTTP exporter correctly exports to a monitoring cluster
- * protected by Shield with HTTPS/SSL.
+ * protected by security with HTTPS/SSL.
  *
- * It sets up a cluster with Monitoring and Shield configured with SSL. Once started,
+ * It sets up a cluster with Monitoring and Security configured with SSL. Once started,
  * an HTTP exporter is activated and it exports data locally over HTTPS/SSL. The test
  * then uses a transport client to check that the data have been correctly received and
  * indexed in the cluster.
  */
-public class SmokeTestMonitoringWithShieldIT extends ESIntegTestCase {
+public class SmokeTestMonitoringWithSecurityIT extends ESIntegTestCase {
 
     private static final String USER = "test_user";
     private static final String PASS = "changeme";
@@ -61,7 +61,7 @@ public class SmokeTestMonitoringWithShieldIT extends ESIntegTestCase {
     protected Settings externalClusterClientSettings() {
         return Settings.builder()
                 .put(Security.USER_SETTING.getKey(), USER + ":" + PASS)
-                .put(ShieldNettyTransport.SSL_SETTING.getKey(), true)
+                .put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
                 .put("xpack.security.ssl.keystore.path", clientKeyStore)
                 .put("xpack.security.ssl.keystore.password", KEYSTORE_PASS)
                 .build();
@@ -133,7 +133,7 @@ public class SmokeTestMonitoringWithShieldIT extends ESIntegTestCase {
     @BeforeClass
     public static void loadKeyStore() {
         try {
-            clientKeyStore = PathUtils.get(SmokeTestMonitoringWithShieldIT.class.getResource("/test-client.jks").toURI());
+            clientKeyStore = PathUtils.get(SmokeTestMonitoringWithSecurityIT.class.getResource("/test-client.jks").toURI());
         } catch (URISyntaxException e) {
             throw new ElasticsearchException("exception while reading the store", e);
         }
diff --git a/elasticsearch/qa/smoke-test-plugins-ssl/src/test/java/org/elasticsearch/smoketest/SmokeTestPluginsSslIT.java b/elasticsearch/qa/smoke-test-plugins-ssl/src/test/java/org/elasticsearch/smoketest/SmokeTestPluginsSslIT.java
index 17878a9e51f..fa09330827d 100644
--- a/elasticsearch/qa/smoke-test-plugins-ssl/src/test/java/org/elasticsearch/smoketest/SmokeTestPluginsSslIT.java
+++ b/elasticsearch/qa/smoke-test-plugins-ssl/src/test/java/org/elasticsearch/smoketest/SmokeTestPluginsSslIT.java
@@ -11,7 +11,7 @@ import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.common.io.PathUtils;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
 import org.elasticsearch.test.rest.ESRestTestCase;
 import org.elasticsearch.test.rest.RestTestCandidate;
 import org.elasticsearch.test.rest.client.RestClient;
@@ -24,7 +24,7 @@ import java.net.URISyntaxException;
 import java.nio.file.Files;
 import java.nio.file.Path;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 
 public class SmokeTestPluginsSslIT extends ESRestTestCase {
 
diff --git a/elasticsearch/qa/smoke-test-plugins/src/test/java/org/elasticsearch/smoketest/SmokeTestPluginsIT.java b/elasticsearch/qa/smoke-test-plugins/src/test/java/org/elasticsearch/smoketest/SmokeTestPluginsIT.java
index 1eb52f667c4..4555cc858d2 100644
--- a/elasticsearch/qa/smoke-test-plugins/src/test/java/org/elasticsearch/smoketest/SmokeTestPluginsIT.java
+++ b/elasticsearch/qa/smoke-test-plugins/src/test/java/org/elasticsearch/smoketest/SmokeTestPluginsIT.java
@@ -9,14 +9,14 @@ import com.carrotsearch.randomizedtesting.annotations.Name;
 import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
 import org.elasticsearch.test.rest.ESRestTestCase;
 import org.elasticsearch.test.rest.RestTestCandidate;
 import org.elasticsearch.test.rest.parser.RestTestParseException;
 
 import java.io.IOException;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 
 public class SmokeTestPluginsIT extends ESRestTestCase {
 
diff --git a/elasticsearch/qa/smoke-test-watcher-with-shield/build.gradle b/elasticsearch/qa/smoke-test-watcher-with-security/build.gradle
similarity index 100%
rename from elasticsearch/qa/smoke-test-watcher-with-shield/build.gradle
rename to elasticsearch/qa/smoke-test-watcher-with-security/build.gradle
diff --git a/elasticsearch/qa/smoke-test-watcher-with-shield/roles.yml b/elasticsearch/qa/smoke-test-watcher-with-security/roles.yml
similarity index 100%
rename from elasticsearch/qa/smoke-test-watcher-with-shield/roles.yml
rename to elasticsearch/qa/smoke-test-watcher-with-security/roles.yml
diff --git a/elasticsearch/qa/smoke-test-watcher-with-shield/src/test/java/org/elasticsearch/smoketest/WatcherWithShieldIT.java b/elasticsearch/qa/smoke-test-watcher-with-security/src/test/java/org/elasticsearch/smoketest/WatcherWithSecurityIT.java
similarity index 89%
rename from elasticsearch/qa/smoke-test-watcher-with-shield/src/test/java/org/elasticsearch/smoketest/WatcherWithShieldIT.java
rename to elasticsearch/qa/smoke-test-watcher-with-security/src/test/java/org/elasticsearch/smoketest/WatcherWithSecurityIT.java
index a541b3776d9..8c141e45bfc 100644
--- a/elasticsearch/qa/smoke-test-watcher-with-shield/src/test/java/org/elasticsearch/smoketest/WatcherWithShieldIT.java
+++ b/elasticsearch/qa/smoke-test-watcher-with-security/src/test/java/org/elasticsearch/smoketest/WatcherWithSecurityIT.java
@@ -17,22 +17,22 @@ import org.apache.http.impl.client.HttpClients;
 import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
 import org.elasticsearch.test.rest.ESRestTestCase;
 import org.elasticsearch.test.rest.RestTestCandidate;
 import org.elasticsearch.test.rest.parser.RestTestParseException;
 import org.junit.After;
 import org.junit.Before;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 
-public class WatcherWithShieldIT extends ESRestTestCase {
+public class WatcherWithSecurityIT extends ESRestTestCase {
 
     private final static String TEST_ADMIN_USERNAME = "test_admin";
     private final static String TEST_ADMIN_PASSWORD = "changeme";
 
-    public WatcherWithShieldIT(@Name("yaml") RestTestCandidate testCandidate) {
+    public WatcherWithSecurityIT(@Name("yaml") RestTestCandidate testCandidate) {
         super(testCandidate);
     }
 
diff --git a/elasticsearch/qa/smoke-test-watcher-with-shield/src/test/resources/rest-api-spec/test/watcher/watcher_and_shield/10_insufficient_shield_privs.yaml b/elasticsearch/qa/smoke-test-watcher-with-security/src/test/resources/rest-api-spec/test/watcher/watcher_and_security/10_insufficient_privs.yaml
similarity index 77%
rename from elasticsearch/qa/smoke-test-watcher-with-shield/src/test/resources/rest-api-spec/test/watcher/watcher_and_shield/10_insufficient_shield_privs.yaml
rename to elasticsearch/qa/smoke-test-watcher-with-security/src/test/resources/rest-api-spec/test/watcher/watcher_and_security/10_insufficient_privs.yaml
index 287a3b27cc6..30b7d332e25 100644
--- a/elasticsearch/qa/smoke-test-watcher-with-shield/src/test/resources/rest-api-spec/test/watcher/watcher_and_shield/10_insufficient_shield_privs.yaml
+++ b/elasticsearch/qa/smoke-test-watcher-with-security/src/test/resources/rest-api-spec/test/watcher/watcher_and_security/10_insufficient_privs.yaml
@@ -1,7 +1,7 @@
 ---
-"Test watcher is protected by shield":
+"Test watcher is protected by security":
   - do:
-    headers: { es-shield-runas-user: powerless_user }
+    headers: { es-security-runas-user: powerless_user }
     catch: forbidden
     xpack.watcher.stats: {}
   # there seems to be a bug in the yaml parser we use, where a single element list
diff --git a/elasticsearch/qa/shield-tribe-node-tests/integration-tests.xml b/elasticsearch/qa/tribe-node-tests-with-security/integration-tests.xml
similarity index 95%
rename from elasticsearch/qa/shield-tribe-node-tests/integration-tests.xml
rename to elasticsearch/qa/tribe-node-tests-with-security/integration-tests.xml
index f3dffc65824..69b29c08f24 100644
--- a/elasticsearch/qa/shield-tribe-node-tests/integration-tests.xml
+++ b/elasticsearch/qa/tribe-node-tests-with-security/integration-tests.xml
@@ -16,14 +16,14 @@
   ~ from Elasticsearch Incorporated.
   -->
 
-<project name="smoke-test-tribe-node-with-shield"
+<project name="smoke-test-tribe-node-with-security"
          xmlns:ac="antlib:net.sf.antcontrib">
 
     <taskdef name="xhttp" classname="org.elasticsearch.ant.HttpTask" classpath="${test_classpath}" />
     <typedef name="xhttp" classname="org.elasticsearch.ant.HttpCondition" classpath="${test_classpath}"/>
 
     <import file="${elasticsearch.integ.antfile.default}"/>
-    <import file="${elasticsearch.tools.directory}/ant/shield-overrides.xml"/>
+    <import file="${elasticsearch.tools.directory}/ant/security-overrides.xml"/>
 
     <property name="tribe_node.pidfile" location="${integ.scratch}/tribe-node.pid"/>
     <available property="tribe_node.pidfile.exists" file="${tribe_node.pidfile}"/>
@@ -47,7 +47,7 @@
         </sequential>
     </macrodef>
 
-    <target name="start-tribe-node-and-2-clusters-with-shield" depends="setup-workspace">
+    <target name="start-tribe-node-and-2-clusters-with-security" depends="setup-workspace">
         <ac:for list="${xplugins.list}" param="xplugin.name">
             <sequential>
                 <fail message="Expected @{xplugin.name}-${version}.zip as a dependency, but could not be found in ${integ.deps}/plugins}">
@@ -75,9 +75,9 @@
         <property name="home" location="${integ.scratch}/elasticsearch-${elasticsearch.version}"/>
 
         <echo>Adding roles.yml</echo>
-        <copy file="shield-roles.yml" tofile="${home}/config/x-pack/roles.yml" overwrite="true"/>
+        <copy file="roles.yml" tofile="${home}/config/x-pack/roles.yml" overwrite="true"/>
 
-        <echo>Adding shield users...</echo>
+        <echo>Adding security users...</echo>
         <run-script script="${home}/bin/x-pack/esusers">
             <nested>
                 <arg value="useradd"/>
diff --git a/elasticsearch/qa/shield-tribe-node-tests/rest-api-spec/test/tribe_node/10_basic.yaml b/elasticsearch/qa/tribe-node-tests-with-security/rest-api-spec/test/tribe_node/10_basic.yaml
similarity index 100%
rename from elasticsearch/qa/shield-tribe-node-tests/rest-api-spec/test/tribe_node/10_basic.yaml
rename to elasticsearch/qa/tribe-node-tests-with-security/rest-api-spec/test/tribe_node/10_basic.yaml
diff --git a/elasticsearch/qa/shield-tribe-node-tests/shield-roles.yml b/elasticsearch/qa/tribe-node-tests-with-security/roles.yml
similarity index 100%
rename from elasticsearch/qa/shield-tribe-node-tests/shield-roles.yml
rename to elasticsearch/qa/tribe-node-tests-with-security/roles.yml
diff --git a/elasticsearch/qa/shield-tribe-node-tests/src/test/java/org/elasticsearch/ant/HttpCondition.java b/elasticsearch/qa/tribe-node-tests-with-security/src/test/java/org/elasticsearch/ant/HttpCondition.java
similarity index 100%
rename from elasticsearch/qa/shield-tribe-node-tests/src/test/java/org/elasticsearch/ant/HttpCondition.java
rename to elasticsearch/qa/tribe-node-tests-with-security/src/test/java/org/elasticsearch/ant/HttpCondition.java
diff --git a/elasticsearch/qa/shield-tribe-node-tests/src/test/java/org/elasticsearch/ant/HttpTask.java b/elasticsearch/qa/tribe-node-tests-with-security/src/test/java/org/elasticsearch/ant/HttpTask.java
similarity index 100%
rename from elasticsearch/qa/shield-tribe-node-tests/src/test/java/org/elasticsearch/ant/HttpTask.java
rename to elasticsearch/qa/tribe-node-tests-with-security/src/test/java/org/elasticsearch/ant/HttpTask.java
diff --git a/elasticsearch/qa/shield-tribe-node-tests/src/test/java/org/elasticsearch/shield/RestIT.java b/elasticsearch/qa/tribe-node-tests-with-security/src/test/java/org/elasticsearch/xpack.security/RestIT.java
similarity index 86%
rename from elasticsearch/qa/shield-tribe-node-tests/src/test/java/org/elasticsearch/shield/RestIT.java
rename to elasticsearch/qa/tribe-node-tests-with-security/src/test/java/org/elasticsearch/xpack.security/RestIT.java
index a98de39cb33..b6d3b59aa27 100644
--- a/elasticsearch/qa/shield-tribe-node-tests/src/test/java/org/elasticsearch/shield/RestIT.java
+++ b/elasticsearch/qa/tribe-node-tests-with-security/src/test/java/org/elasticsearch/xpack.security/RestIT.java
@@ -3,20 +3,20 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import com.carrotsearch.randomizedtesting.annotations.Name;
 import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
 import org.elasticsearch.client.support.Headers;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
 import org.elasticsearch.test.rest.ESRestTestCase;
 import org.elasticsearch.test.rest.RestTestCandidate;
 import org.elasticsearch.test.rest.parser.RestTestParseException;
 
 import java.io.IOException;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 
 public class RestIT extends TribeRestTestCase {
 
diff --git a/elasticsearch/qa/shield-tribe-node-tests/src/test/java/org/elasticsearch/shield/TribeRestTestCase.java b/elasticsearch/qa/tribe-node-tests-with-security/src/test/java/org/elasticsearch/xpack.security/TribeRestTestCase.java
similarity index 99%
rename from elasticsearch/qa/shield-tribe-node-tests/src/test/java/org/elasticsearch/shield/TribeRestTestCase.java
rename to elasticsearch/qa/tribe-node-tests-with-security/src/test/java/org/elasticsearch/xpack.security/TribeRestTestCase.java
index c307292197b..973d06493c8 100644
--- a/elasticsearch/qa/shield-tribe-node-tests/src/test/java/org/elasticsearch/shield/TribeRestTestCase.java
+++ b/elasticsearch/qa/tribe-node-tests-with-security/src/test/java/org/elasticsearch/xpack.security/TribeRestTestCase.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import com.carrotsearch.randomizedtesting.RandomizedTest;
 import com.carrotsearch.randomizedtesting.annotations.TestGroup;
diff --git a/elasticsearch/x-pack/build.gradle b/elasticsearch/x-pack/build.gradle
index 5f4431a1399..e1f75abd90a 100644
--- a/elasticsearch/x-pack/build.gradle
+++ b/elasticsearch/x-pack/build.gradle
@@ -24,7 +24,7 @@ dependencies {
   compile project(':x-plugins:elasticsearch:license:base')
   testCompile project(':x-plugins:elasticsearch:license:licensor')
 
-  // shield deps
+  // security deps
   compile 'dk.brics.automaton:automaton:1.11-8'
   compile 'com.unboundid:unboundid-ldapsdk:2.3.8'
   compile 'org.bouncycastle:bcprov-jdk15on:1.54'
@@ -33,7 +33,7 @@ dependencies {
 
   // watcher deps
   compile 'com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:r239'
-  compile 'com.google.guava:guava:16.0.1' // needed by watcher for the html sanitizer and shield tests for jimfs
+  compile 'com.google.guava:guava:16.0.1' // needed by watcher for the html sanitizer and security tests for jimfs
   compile 'com.sun.mail:javax.mail:1.5.3'
   // HACK: java 9 removed javax.activation from the default modules, so instead of trying to add modules, which would have
   // to be conditionalized for java 8/9, we pull in the classes directly
@@ -57,7 +57,7 @@ dependencies {
 
 // we keep the source directories in the original structure of split plugins,
 // in order to facilitate backports to 2.x.  TODO: remove after 5.0 release
-for (String module : ['', 'license-plugin/', 'shield/', 'watcher/', 'marvel/', 'graph/']) {
+for (String module : ['', 'license-plugin/', 'security/', 'watcher/', 'marvel/', 'graph/']) {
   sourceSets {
     main {
       java.srcDir("${module}src/main/java")
@@ -116,10 +116,10 @@ bundlePlugin {
   from('bin/x-pack') {
     into 'bin'
   }
-  from('shield/bin/x-pack') {
+  from('security/bin/x-pack') {
     into 'bin'
   }
-  from('shield/config/x-pack') {
+  from('security/config/x-pack') {
     into 'config'
   }
   from('watcher/bin/x-pack') {
diff --git a/elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/xpack/graph/test/GraphTests.java b/elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/xpack/graph/test/GraphTests.java
index cb25cdae64c..26c7e77394d 100644
--- a/elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/xpack/graph/test/GraphTests.java
+++ b/elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/xpack/graph/test/GraphTests.java
@@ -22,7 +22,7 @@ import org.elasticsearch.script.NativeScriptFactory;
 import org.elasticsearch.script.Script;
 import org.elasticsearch.script.ScriptModule;
 import org.elasticsearch.script.ScriptService.ScriptType;
-import org.elasticsearch.shield.Security;
+import org.elasticsearch.xpack.security.Security;
 import org.elasticsearch.test.ESSingleNodeTestCase;
 import org.elasticsearch.xpack.watcher.Watcher;
 import org.elasticsearch.xpack.XPackPlugin;
@@ -127,7 +127,7 @@ public class GraphTests extends ESSingleNodeTestCase {
     
     @Override
     public Settings nodeSettings()  {
-        // Disable Shield otherwise authentication failures happen creating indices. 
+        // Disable security otherwise authentication failures happen creating indices.
         Builder newSettings = Settings.builder();
         newSettings.put(XPackPlugin.featureEnabledSetting(Security.NAME), false);
         newSettings.put(XPackPlugin.featureEnabledSetting(Monitoring.NAME), false);
diff --git a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/AbstractLicensesIntegrationTestCase.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/AbstractLicensesIntegrationTestCase.java
index 6b5134d2caa..e3758326bd5 100644
--- a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/AbstractLicensesIntegrationTestCase.java
+++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/AbstractLicensesIntegrationTestCase.java
@@ -25,7 +25,7 @@ import org.elasticsearch.license.plugin.core.LicensesMetaData;
 import org.elasticsearch.license.plugin.core.LicensesStatus;
 import org.elasticsearch.marvel.Monitoring;
 import org.elasticsearch.plugins.Plugin;
-import org.elasticsearch.shield.Security;
+import org.elasticsearch.xpack.security.Security;
 import org.elasticsearch.test.ESIntegTestCase;
 import org.elasticsearch.test.InternalTestCluster;
 import org.elasticsearch.xpack.watcher.Watcher;
diff --git a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/LicensesTransportTests.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/LicensesTransportTests.java
index d1ef05defbc..77d76020f88 100644
--- a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/LicensesTransportTests.java
+++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/LicensesTransportTests.java
@@ -22,7 +22,7 @@ import org.elasticsearch.license.plugin.core.LicensesStatus;
 import org.elasticsearch.marvel.Monitoring;
 import org.elasticsearch.node.Node;
 import org.elasticsearch.plugins.Plugin;
-import org.elasticsearch.shield.Security;
+import org.elasticsearch.xpack.security.Security;
 import org.elasticsearch.test.ESSingleNodeTestCase;
 import org.elasticsearch.xpack.XPackPlugin;
 import org.elasticsearch.xpack.watcher.Watcher;
diff --git a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/xpack/TribeTransportTestCase.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/xpack/TribeTransportTestCase.java
index 6e48dece27e..9cb295c296c 100644
--- a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/xpack/TribeTransportTestCase.java
+++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/xpack/TribeTransportTestCase.java
@@ -23,7 +23,7 @@ import org.elasticsearch.discovery.zen.ping.unicast.UnicastZenPing;
 import org.elasticsearch.marvel.Monitoring;
 import org.elasticsearch.node.Node;
 import org.elasticsearch.plugins.Plugin;
-import org.elasticsearch.shield.Security;
+import org.elasticsearch.xpack.security.Security;
 import org.elasticsearch.test.ESIntegTestCase;
 import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
 import org.elasticsearch.test.ESIntegTestCase.Scope;
diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/cluster/ClusterStateCollector.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/cluster/ClusterStateCollector.java
index cd444432395..3c05ac1f3e3 100644
--- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/cluster/ClusterStateCollector.java
+++ b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/cluster/ClusterStateCollector.java
@@ -17,7 +17,7 @@ import org.elasticsearch.marvel.MonitoringSettings;
 import org.elasticsearch.marvel.agent.collector.AbstractCollector;
 import org.elasticsearch.marvel.agent.exporter.MonitoringDoc;
 import org.elasticsearch.marvel.MonitoringLicensee;
-import org.elasticsearch.shield.InternalClient;
+import org.elasticsearch.xpack.security.InternalClient;
 
 import java.util.ArrayList;
 import java.util.Collection;
diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/cluster/ClusterStatsCollector.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/cluster/ClusterStatsCollector.java
index cff6259308a..5ed72507774 100644
--- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/cluster/ClusterStatsCollector.java
+++ b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/cluster/ClusterStatsCollector.java
@@ -20,7 +20,7 @@ import org.elasticsearch.marvel.MonitoringSettings;
 import org.elasticsearch.marvel.agent.collector.AbstractCollector;
 import org.elasticsearch.marvel.agent.exporter.MonitoringDoc;
 import org.elasticsearch.marvel.MonitoringLicensee;
-import org.elasticsearch.shield.InternalClient;
+import org.elasticsearch.xpack.security.InternalClient;
 
 import java.util.ArrayList;
 import java.util.Collection;
diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndexRecoveryCollector.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndexRecoveryCollector.java
index fcd04dabd39..0abee0c0bc9 100644
--- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndexRecoveryCollector.java
+++ b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndexRecoveryCollector.java
@@ -17,8 +17,8 @@ import org.elasticsearch.marvel.MonitoringSettings;
 import org.elasticsearch.marvel.agent.collector.AbstractCollector;
 import org.elasticsearch.marvel.agent.exporter.MonitoringDoc;
 import org.elasticsearch.marvel.MonitoringLicensee;
-import org.elasticsearch.shield.InternalClient;
-import org.elasticsearch.shield.Security;
+import org.elasticsearch.xpack.security.InternalClient;
+import org.elasticsearch.xpack.security.Security;
 
 import java.util.ArrayList;
 import java.util.Arrays;
diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndexStatsCollector.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndexStatsCollector.java
index 367b830fb0d..6a6db850587 100644
--- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndexStatsCollector.java
+++ b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndexStatsCollector.java
@@ -19,8 +19,8 @@ import org.elasticsearch.marvel.MonitoringSettings;
 import org.elasticsearch.marvel.agent.collector.AbstractCollector;
 import org.elasticsearch.marvel.agent.exporter.MonitoringDoc;
 import org.elasticsearch.marvel.MonitoringLicensee;
-import org.elasticsearch.shield.InternalClient;
-import org.elasticsearch.shield.Security;
+import org.elasticsearch.xpack.security.InternalClient;
+import org.elasticsearch.xpack.security.Security;
 
 import java.util.ArrayList;
 import java.util.Arrays;
diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndicesStatsCollector.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndicesStatsCollector.java
index 170e230ff0a..7efa8006a15 100644
--- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndicesStatsCollector.java
+++ b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndicesStatsCollector.java
@@ -17,8 +17,8 @@ import org.elasticsearch.marvel.MonitoringSettings;
 import org.elasticsearch.marvel.agent.collector.AbstractCollector;
 import org.elasticsearch.marvel.agent.exporter.MonitoringDoc;
 import org.elasticsearch.marvel.MonitoringLicensee;
-import org.elasticsearch.shield.InternalClient;
-import org.elasticsearch.shield.Security;
+import org.elasticsearch.xpack.security.InternalClient;
+import org.elasticsearch.xpack.security.Security;
 
 import java.util.Arrays;
 import java.util.Collection;
diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/node/NodeStatsCollector.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/node/NodeStatsCollector.java
index 680596fdf1c..83d6196ef8b 100644
--- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/node/NodeStatsCollector.java
+++ b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/node/NodeStatsCollector.java
@@ -21,7 +21,7 @@ import org.elasticsearch.marvel.MonitoringSettings;
 import org.elasticsearch.marvel.agent.collector.AbstractCollector;
 import org.elasticsearch.marvel.agent.exporter.MonitoringDoc;
 import org.elasticsearch.marvel.MonitoringLicensee;
-import org.elasticsearch.shield.InternalClient;
+import org.elasticsearch.xpack.security.InternalClient;
 
 import java.util.Collection;
 import java.util.Collections;
diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/support/init/proxy/MonitoringClientProxy.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/support/init/proxy/MonitoringClientProxy.java
index 4c7c6bc53ea..c38d84ac5ba 100644
--- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/support/init/proxy/MonitoringClientProxy.java
+++ b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/support/init/proxy/MonitoringClientProxy.java
@@ -6,7 +6,7 @@
 package org.elasticsearch.marvel.support.init.proxy;
 
 import org.elasticsearch.client.Client;
-import org.elasticsearch.shield.InternalClient;
+import org.elasticsearch.xpack.security.InternalClient;
 import org.elasticsearch.xpack.common.init.proxy.ClientProxy;
 
 public class MonitoringClientProxy extends ClientProxy {
diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/AbstractCollectorTestCase.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/AbstractCollectorTestCase.java
index ff72a714fc7..44ed5fe2457 100644
--- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/AbstractCollectorTestCase.java
+++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/AbstractCollectorTestCase.java
@@ -26,7 +26,7 @@ import org.elasticsearch.license.plugin.core.LicensesManagerService;
 import org.elasticsearch.marvel.MonitoringSettings;
 import org.elasticsearch.marvel.test.MarvelIntegTestCase;
 import org.elasticsearch.plugins.Plugin;
-import org.elasticsearch.shield.InternalClient;
+import org.elasticsearch.xpack.security.InternalClient;
 import org.elasticsearch.test.ESIntegTestCase;
 import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
 import org.elasticsearch.xpack.XPackPlugin;
diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/indices/IndicesStatsCollectorTests.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/indices/IndicesStatsCollectorTests.java
index 84ee2b73585..49f177354e7 100644
--- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/indices/IndicesStatsCollectorTests.java
+++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/indices/IndicesStatsCollectorTests.java
@@ -45,7 +45,7 @@ public class IndicesStatsCollectorTests extends AbstractCollectorTestCase {
         waitForNoBlocksOnNode(node);
 
         try {
-            assertThat(newIndicesStatsCollector(node).doCollect(), hasSize(shieldEnabled ? 0 : 1));
+            assertThat(newIndicesStatsCollector(node).doCollect(), hasSize(securityEnabled ? 0 : 1));
         } catch (IndexNotFoundException e) {
             fail("IndexNotFoundException has been thrown but it should have been swallowed by the collector");
         }
@@ -56,7 +56,7 @@ public class IndicesStatsCollectorTests extends AbstractCollectorTestCase {
         waitForNoBlocksOnNode(node);
 
         try {
-            assertThat(newIndicesStatsCollector(node).doCollect(), hasSize(shieldEnabled ? 0 : 1));
+            assertThat(newIndicesStatsCollector(node).doCollect(), hasSize(securityEnabled ? 0 : 1));
         } catch (IndexNotFoundException e) {
             fail("IndexNotFoundException has been thrown but it should have been swallowed by the collector");
         }
diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/node/NodeStatsCollectorTests.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/node/NodeStatsCollectorTests.java
index c30c83602a8..50e94c6aa5a 100644
--- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/node/NodeStatsCollectorTests.java
+++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/node/NodeStatsCollectorTests.java
@@ -16,7 +16,7 @@ import org.elasticsearch.marvel.MonitoredSystem;
 import org.elasticsearch.marvel.agent.collector.AbstractCollectorTestCase;
 import org.elasticsearch.marvel.agent.exporter.MonitoringDoc;
 import org.elasticsearch.marvel.MonitoringLicensee;
-import org.elasticsearch.shield.InternalClient;
+import org.elasticsearch.xpack.security.InternalClient;
 import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
 
 import java.util.Collection;
diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/cleaner/local/LocalIndicesCleanerTests.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/cleaner/local/LocalIndicesCleanerTests.java
index af663ace001..d36ea8f10c2 100644
--- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/cleaner/local/LocalIndicesCleanerTests.java
+++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/cleaner/local/LocalIndicesCleanerTests.java
@@ -50,7 +50,7 @@ public class LocalIndicesCleanerTests extends AbstractIndicesCleanerTestCase {
             try {
                 assertThat(client().admin().indices().prepareGetSettings().get().getIndexToSettings().size(), equalTo(count));
             } catch (IndexNotFoundException e) {
-                if (shieldEnabled) {
+                if (securityEnabled) {
                     assertThat(0, equalTo(count));
                 } else {
                     throw e;
diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/shield/MarvelInternalClientTests.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/security/MarvelInternalClientTests.java
similarity index 97%
rename from elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/shield/MarvelInternalClientTests.java
rename to elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/security/MarvelInternalClientTests.java
index 4a51d2d28c0..3727e937679 100644
--- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/shield/MarvelInternalClientTests.java
+++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/security/MarvelInternalClientTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.marvel.shield;
+package org.elasticsearch.marvel.security;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.action.ActionRequestBuilder;
@@ -13,7 +13,7 @@ import org.elasticsearch.index.IndexNotFoundException;
 import org.elasticsearch.marvel.MonitoringSettings;
 import org.elasticsearch.marvel.test.MarvelIntegTestCase;
 import org.elasticsearch.rest.RestStatus;
-import org.elasticsearch.shield.InternalClient;
+import org.elasticsearch.xpack.security.InternalClient;
 
 import java.util.ArrayList;
 
diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/shield/MarvelSettingsFilterTests.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/security/MarvelSettingsFilterTests.java
similarity index 90%
rename from elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/shield/MarvelSettingsFilterTests.java
rename to elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/security/MarvelSettingsFilterTests.java
index f847966061a..c2f3f185324 100644
--- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/shield/MarvelSettingsFilterTests.java
+++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/security/MarvelSettingsFilterTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.marvel.shield;
+package org.elasticsearch.marvel.security;
 
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClients;
@@ -13,7 +13,7 @@ import org.elasticsearch.common.xcontent.json.JsonXContent;
 import org.elasticsearch.http.HttpServerTransport;
 import org.elasticsearch.marvel.MonitoringSettings;
 import org.elasticsearch.marvel.test.MarvelIntegTestCase;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
 import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
 import org.elasticsearch.test.rest.client.http.HttpResponse;
 import org.hamcrest.Matchers;
@@ -23,8 +23,8 @@ import java.io.IOException;
 import java.util.Map;
 
 import static org.elasticsearch.common.xcontent.support.XContentMapValues.extractValue;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 import static org.hamcrest.CoreMatchers.nullValue;
 
 public class MarvelSettingsFilterTests extends MarvelIntegTestCase {
@@ -89,9 +89,9 @@ public class MarvelSettingsFilterTests extends MarvelIntegTestCase {
         if (body != null) {
             requestBuilder.body(body);
         }
-        if (shieldEnabled) {
+        if (securityEnabled) {
             requestBuilder.addHeader(BASIC_AUTH_HEADER,
-                    basicAuthHeaderValue(ShieldSettings.TEST_USERNAME, new SecuredString(ShieldSettings.TEST_PASSWORD.toCharArray())));
+                    basicAuthHeaderValue(SecuritySettings.TEST_USERNAME, new SecuredString(SecuritySettings.TEST_PASSWORD.toCharArray())));
         }
         return requestBuilder.execute();
     }
diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/test/MarvelIntegTestCase.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/test/MarvelIntegTestCase.java
index 649f26962f3..ef97b11204a 100644
--- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/test/MarvelIntegTestCase.java
+++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/test/MarvelIntegTestCase.java
@@ -25,12 +25,12 @@ import org.elasticsearch.marvel.agent.resolver.MonitoringIndexNameResolver;
 import org.elasticsearch.marvel.agent.resolver.ResolversRegistry;
 import org.elasticsearch.marvel.client.MonitoringClient;
 import org.elasticsearch.plugins.Plugin;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.authc.file.FileRealm;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authz.store.FileRolesStore;
-import org.elasticsearch.shield.crypto.InternalCryptoService;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.authc.file.FileRealm;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authz.store.FileRolesStore;
+import org.elasticsearch.xpack.security.crypto.InternalCryptoService;
 import org.elasticsearch.test.ESIntegTestCase;
 import org.elasticsearch.test.TestCluster;
 import org.elasticsearch.test.store.MockFSIndexStore;
@@ -60,7 +60,7 @@ import java.util.function.Function;
 import java.util.stream.Collectors;
 import java.util.stream.StreamSupport;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
 import static org.hamcrest.Matchers.allOf;
 import static org.hamcrest.Matchers.greaterThan;
@@ -77,10 +77,10 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
     /**
      * Enables individual tests to control the behavior.
      * <p>
-     * Control this by overriding {@link #enableShield()}, which defaults to enabling it randomly.
+     * Control this by overriding {@link #enableSecurity()}, which defaults to enabling it randomly.
      */
     // SCARY: This needs to be static or lots of tests randomly fail, but it's not used statically!
-    protected static Boolean shieldEnabled;
+    protected static Boolean securityEnabled;
     /**
      * Enables individual tests to control the behavior.
      * <p>
@@ -90,14 +90,14 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
 
     @Override
     protected TestCluster buildTestCluster(Scope scope, long seed) throws IOException {
-        if (shieldEnabled == null) {
-            shieldEnabled = enableShield();
+        if (securityEnabled == null) {
+            securityEnabled = enableSecurity();
         }
         if (watcherEnabled == null) {
             watcherEnabled = enableWatcher();
         }
 
-        logger.debug("--> shield {}", shieldEnabled ? "enabled" : "disabled");
+        logger.debug("--> security {}", securityEnabled ? "enabled" : "disabled");
         logger.debug("--> watcher {}", watcherEnabled ? "enabled" : "disabled");
 
         return super.buildTestCluster(scope, seed);
@@ -111,14 +111,14 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
                 // we do this by default in core, but for monitoring this isn't needed and only adds noise.
                 .put("index.store.mock.check_index_on_close", false);
 
-        ShieldSettings.apply(shieldEnabled, builder);
+        SecuritySettings.apply(securityEnabled, builder);
 
         return builder.build();
     }
 
     @Override
     protected Settings transportClientSettings() {
-        if (shieldEnabled) {
+        if (securityEnabled) {
             return Settings.builder()
                     .put(super.transportClientSettings())
                     .put("client.transport.sniff", false)
@@ -133,8 +133,8 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
     @Override
     protected Collection<Class<? extends Plugin>> getMockPlugins() {
         Set<Class<? extends Plugin>> plugins = new HashSet<>(super.getMockPlugins());
-        plugins.remove(MockTransportService.TestPlugin.class); // shield has its own transport service
-        plugins.remove(AssertingLocalTransport.TestPlugin.class); // shield has its own transport
+        plugins.remove(MockTransportService.TestPlugin.class); // security has its own transport service
+        plugins.remove(AssertingLocalTransport.TestPlugin.class); // security has its own transport
         plugins.add(MockFSIndexStore.TestPlugin.class);
         return plugins;
     }
@@ -151,16 +151,16 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
 
     @Override
     protected Function<Client,Client> getClientWrapper() {
-        if (shieldEnabled == false) {
+        if (securityEnabled == false) {
             return Function.identity();
         }
         Map<String, String> headers = Collections.singletonMap("Authorization",
-                basicAuthHeaderValue(ShieldSettings.TEST_USERNAME, new SecuredString(ShieldSettings.TEST_PASSWORD.toCharArray())));
+                basicAuthHeaderValue(SecuritySettings.TEST_USERNAME, new SecuredString(SecuritySettings.TEST_PASSWORD.toCharArray())));
         return client -> (client instanceof NodeClient) ? client.filterWithHeader(headers) : client;
     }
 
     protected MonitoringClient monitoringClient() {
-        Client client = shieldEnabled ? internalCluster().transportClient() : client();
+        Client client = securityEnabled ? internalCluster().transportClient() : client();
         return randomBoolean() ? new XPackClient(client).monitoring() : new MonitoringClient(client);
     }
 
@@ -184,7 +184,7 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
     /**
      * Override and return {@code false} to force running without Security.
      */
-    protected boolean enableShield() {
+    protected boolean enableSecurity() {
         return randomBoolean();
     }
 
@@ -231,11 +231,11 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
     }
 
     protected void deleteMarvelIndices() {
-        if (shieldEnabled) {
+        if (securityEnabled) {
             try {
                 assertAcked(client().admin().indices().prepareDelete(MONITORING_INDICES_PREFIX + "*"));
             } catch (IndexNotFoundException e) {
-                // if shield couldn't resolve any marvel index, it'll throw index not found exception.
+                // if security couldn't resolve any marvel index, it'll throw index not found exception.
             }
         } else {
             assertAcked(client().admin().indices().prepareDelete(MONITORING_INDICES_PREFIX + "*"));
@@ -247,11 +247,11 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
     }
 
     protected void ensureMarvelIndicesYellow() {
-        if (shieldEnabled) {
+        if (securityEnabled) {
             try {
                 ensureYellow(".monitoring-es-*");
             } catch (IndexNotFoundException e) {
-                // might happen with shield...
+                // might happen with security...
             }
         } else {
             ensureYellow(".monitoring-es-*");
@@ -266,7 +266,7 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
             logger.trace("--> searched for [{}] documents, found [{}]", Strings.arrayToCommaDelimitedString(types), count);
             assertThat(count, matcher);
         } catch (IndexNotFoundException e) {
-            if (shieldEnabled) {
+            if (securityEnabled) {
                 assertThat(0L, matcher);
             } else {
                 throw e;
@@ -312,8 +312,8 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
                 try {
                     assertIndicesExists(index);
                 } catch (IndexNotFoundException e) {
-                    if (shieldEnabled) {
-                        // with shield we might get that if wildcards were resolved to no indices
+                    if (securityEnabled) {
+                        // with security we might get that if wildcards were resolved to no indices
                         fail("IndexNotFoundException when checking for existence of index [" + index + "]");
                     } else {
                         throw e;
@@ -336,11 +336,11 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
     }
 
     protected void securedRefresh() {
-        if (shieldEnabled) {
+        if (securityEnabled) {
             try {
                 refresh();
             } catch (IndexNotFoundException e) {
-                // with shield we might get that if wildcards were resolved to no indices
+                // with security we might get that if wildcards were resolved to no indices
             }
         } else {
             refresh();
@@ -348,11 +348,11 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
     }
 
     protected void securedFlush(String... indices) {
-        if (shieldEnabled) {
+        if (securityEnabled) {
             try {
                 flush(indices);
             } catch (IndexNotFoundException e) {
-                // with shield we might get that if wildcards were resolved to no indices
+                // with security we might get that if wildcards were resolved to no indices
             }
         } else {
             flush(indices);
@@ -360,11 +360,11 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
     }
 
     protected void securedFlushAndRefresh(String... indices) {
-        if (shieldEnabled) {
+        if (securityEnabled) {
             try {
                 flushAndRefresh(indices);
             } catch (IndexNotFoundException e) {
-                // with shield we might get that if wildcards were resolved to no indices
+                // with security we might get that if wildcards were resolved to no indices
             }
         } else {
             flushAndRefresh(indices);
@@ -372,11 +372,11 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
     }
 
     protected void securedEnsureGreen(String... indices) {
-        if (shieldEnabled) {
+        if (securityEnabled) {
             try {
                 ensureGreen(indices);
             } catch (IndexNotFoundException e) {
-                // with shield we might get that if wildcards were resolved to no indices
+                // with security we might get that if wildcards were resolved to no indices
             }
         } else {
             ensureGreen(indices);
@@ -477,9 +477,9 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
         }
     }
 
-    /** Shield related settings */
+    /** security related settings */
 
-    public static class ShieldSettings {
+    public static class SecuritySettings {
 
         public static final String TEST_USERNAME = "test";
         public static final String TEST_PASSWORD = "changeme";
@@ -528,7 +528,7 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
                 return;
             }
             try {
-                Path folder = createTempDir().resolve("marvel_shield");
+                Path folder = createTempDir().resolve("marvel_security");
                 Files.createDirectories(folder);
 
                 builder.put("xpack.security.enabled", true)
@@ -541,7 +541,7 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
                         .put("xpack.security.authc.sign_user_header", false)
                         .put("xpack.security.audit.enabled", auditLogsEnabled);
             } catch (IOException ex) {
-                throw new RuntimeException("failed to build settings for shield", ex);
+                throw new RuntimeException("failed to build settings for security", ex);
             }
         }
 
diff --git a/elasticsearch/x-pack/shield/README.asciidoc b/elasticsearch/x-pack/security/README.asciidoc
similarity index 100%
rename from elasticsearch/x-pack/shield/README.asciidoc
rename to elasticsearch/x-pack/security/README.asciidoc
diff --git a/elasticsearch/x-pack/shield/TESTING.asciidoc b/elasticsearch/x-pack/security/TESTING.asciidoc
similarity index 57%
rename from elasticsearch/x-pack/shield/TESTING.asciidoc
rename to elasticsearch/x-pack/security/TESTING.asciidoc
index 2428d6ff7bc..cef0fa44f9a 100644
--- a/elasticsearch/x-pack/shield/TESTING.asciidoc
+++ b/elasticsearch/x-pack/security/TESTING.asciidoc
@@ -3,29 +3,29 @@
 
 [partintro]
 
-Elasticsearch and Shield use jUnit for testing, they also use randomness
+Elasticsearch and X-Pack use jUnit for testing, they also use randomness
 in the tests, that can be set using a seed, please refer to the
 Elasticsearch TESTING.asciidoc cheatsheet to know all about it.
 
 Tests are executed with network transport and unicast discovery, as this is
-the configuration that's secured by shield.
+the configuration that's secured by X-Pack.
 
 == Testing the REST layer
 
-The available integration tests are specific for Shield functionalities
+The available integration tests are specific for Security functionalities
 and make use of the java API to communicate with the elasticsearch nodes,
 using the internal binary transport (port 9300 by default).
-Shield is also tested using the REST tests provided by Elasticsearch core,
-just by running those same tests against a cluster with Shield installed.
+Security is also tested using the REST tests provided by Elasticsearch core,
+just by running those same tests against a cluster with X-Pack installed.
 
 The REST tests are run automatically during the integration test phase
-(`mvn verify`). Some tests are blacklisted as they are known to fail against 
-shield due to different behaviours introduced by the security plugin.
+(`gradle integTest`). Some tests are blacklisted as they are known to fail against
+X-Pack due to different behaviours introduced by the security plugin.
 
 ---------------------------------------------------------------------------
-mvn verify
+gradle integTest
 ---------------------------------------------------------------------------
 
-`ShieldRestIT` is the executable test class that runs all the
+`XPackRestIT` is the executable test class that runs all the
 yaml suites available within the `rest-api-spec` folder.
 
diff --git a/elasticsearch/x-pack/shield/bin/x-pack/syskeygen b/elasticsearch/x-pack/security/bin/x-pack/syskeygen
similarity index 96%
rename from elasticsearch/x-pack/shield/bin/x-pack/syskeygen
rename to elasticsearch/x-pack/security/bin/x-pack/syskeygen
index aaf2da9ab8f..45115b9acab 100755
--- a/elasticsearch/x-pack/shield/bin/x-pack/syskeygen
+++ b/elasticsearch/x-pack/security/bin/x-pack/syskeygen
@@ -72,7 +72,7 @@ fi
 
 export HOSTNAME=`hostname -s`
 
-# include shield jars in classpath
+# include x-pack jars in classpath
 ES_CLASSPATH="$ES_CLASSPATH:$ES_HOME/plugins/x-pack/*"
 
 # don't let JAVA_TOOL_OPTIONS slip in (e.g. crazy agents in ubuntu)
@@ -96,7 +96,7 @@ if [ -e "$CONF_DIR" ]; then
 fi
 
 cd "$ES_HOME" > /dev/null
-"$JAVA" $ES_JAVA_OPTS -Des.path.home="$ES_HOME" -cp "$ES_CLASSPATH" org.elasticsearch.shield.crypto.tool.SystemKeyTool $properties "{args[@]}"
+"$JAVA" $ES_JAVA_OPTS -Des.path.home="$ES_HOME" -cp "$ES_CLASSPATH" org.elasticsearch.xpack.security.crypto.tool.SystemKeyTool $properties "{args[@]}"
 status=$?
 cd - > /dev/null
 exit $status
diff --git a/elasticsearch/x-pack/shield/bin/x-pack/syskeygen.bat b/elasticsearch/x-pack/security/bin/x-pack/syskeygen.bat
similarity index 76%
rename from elasticsearch/x-pack/shield/bin/x-pack/syskeygen.bat
rename to elasticsearch/x-pack/security/bin/x-pack/syskeygen.bat
index 5eccb21346d..74f2d46bd24 100644
--- a/elasticsearch/x-pack/shield/bin/x-pack/syskeygen.bat
+++ b/elasticsearch/x-pack/security/bin/x-pack/syskeygen.bat
@@ -5,5 +5,5 @@ rem or more contributor license agreements. Licensed under the Elastic License;
 rem you may not use this file except in compliance with the Elastic License.
 
 PUSHD "%~dp0"
-CALL "%~dp0.in.bat" org.elasticsearch.shield.crypto.tool.SystemKeyTool %*
+CALL "%~dp0.in.bat" org.elasticsearch.xpack.security.crypto.tool.SystemKeyTool %*
 POPD
\ No newline at end of file
diff --git a/elasticsearch/x-pack/shield/bin/x-pack/users b/elasticsearch/x-pack/security/bin/x-pack/users
similarity index 96%
rename from elasticsearch/x-pack/shield/bin/x-pack/users
rename to elasticsearch/x-pack/security/bin/x-pack/users
index 8efde509c3e..2018273bc1a 100755
--- a/elasticsearch/x-pack/shield/bin/x-pack/users
+++ b/elasticsearch/x-pack/security/bin/x-pack/users
@@ -72,7 +72,7 @@ fi
 
 export HOSTNAME=`hostname -s`
 
-# include shield jars in classpath
+# include x-pack jars in classpath
 ES_CLASSPATH="$ES_CLASSPATH:$ES_HOME/plugins/x-pack/*"
 
 # don't let JAVA_TOOL_OPTIONS slip in (e.g. crazy agents in ubuntu)
@@ -96,7 +96,7 @@ if [ -e "$CONF_DIR" ]; then
 fi
 
 cd "$ES_HOME" > /dev/null
-"$JAVA" $ES_JAVA_OPTS -cp "$ES_CLASSPATH" -Des.path.home="$ES_HOME" org.elasticsearch.shield.authc.file.tool.UsersTool "${args[@]}"
+"$JAVA" $ES_JAVA_OPTS -cp "$ES_CLASSPATH" -Des.path.home="$ES_HOME" org.elasticsearch.xpack.security.authc.file.tool.UsersTool "${args[@]}"
 status=$?
 cd - > /dev/null
 exit $status
diff --git a/elasticsearch/x-pack/shield/bin/x-pack/users.bat b/elasticsearch/x-pack/security/bin/x-pack/users.bat
similarity index 76%
rename from elasticsearch/x-pack/shield/bin/x-pack/users.bat
rename to elasticsearch/x-pack/security/bin/x-pack/users.bat
index 5a9d3d6f39c..e2ac1d594bc 100644
--- a/elasticsearch/x-pack/shield/bin/x-pack/users.bat
+++ b/elasticsearch/x-pack/security/bin/x-pack/users.bat
@@ -5,5 +5,5 @@ rem or more contributor license agreements. Licensed under the Elastic License;
 rem you may not use this file except in compliance with the Elastic License.
 
 PUSHD "%~dp0"
-CALL "%~dp0.in.bat" org.elasticsearch.shield.authc.file.tool.UsersTool %*
+CALL "%~dp0.in.bat" org.elasticsearch.xpack.security.authc.file.tool.UsersTool %*
 POPD
\ No newline at end of file
diff --git a/elasticsearch/x-pack/shield/config/x-pack/logging.yml b/elasticsearch/x-pack/security/config/x-pack/logging.yml
similarity index 75%
rename from elasticsearch/x-pack/shield/config/x-pack/logging.yml
rename to elasticsearch/x-pack/security/config/x-pack/logging.yml
index 568a81b0307..000ded6bd4a 100644
--- a/elasticsearch/x-pack/shield/config/x-pack/logging.yml
+++ b/elasticsearch/x-pack/security/config/x-pack/logging.yml
@@ -1,8 +1,8 @@
 logger:
-  shield.audit.logfile: INFO, access_log
+  security.audit.logfile: INFO, access_log
 
 additivity:
-  shield.audit.logfile: false
+  security.audit.logfile: false
 
 appender:
 
diff --git a/elasticsearch/x-pack/shield/config/x-pack/role_mapping.yml b/elasticsearch/x-pack/security/config/x-pack/role_mapping.yml
similarity index 100%
rename from elasticsearch/x-pack/shield/config/x-pack/role_mapping.yml
rename to elasticsearch/x-pack/security/config/x-pack/role_mapping.yml
diff --git a/elasticsearch/x-pack/shield/config/x-pack/roles.yml b/elasticsearch/x-pack/security/config/x-pack/roles.yml
similarity index 100%
rename from elasticsearch/x-pack/shield/config/x-pack/roles.yml
rename to elasticsearch/x-pack/security/config/x-pack/roles.yml
diff --git a/elasticsearch/x-pack/shield/config/x-pack/users b/elasticsearch/x-pack/security/config/x-pack/users
similarity index 100%
rename from elasticsearch/x-pack/shield/config/x-pack/users
rename to elasticsearch/x-pack/security/config/x-pack/users
diff --git a/elasticsearch/x-pack/shield/config/x-pack/users_roles b/elasticsearch/x-pack/security/config/x-pack/users_roles
similarity index 100%
rename from elasticsearch/x-pack/shield/config/x-pack/users_roles
rename to elasticsearch/x-pack/security/config/x-pack/users_roles
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/common/network/InetAddressHelper.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/common/network/InetAddressHelper.java
similarity index 100%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/common/network/InetAddressHelper.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/common/network/InetAddressHelper.java
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/InternalClient.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/InternalClient.java
similarity index 93%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/InternalClient.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/InternalClient.java
index f5f889737ea..f9c21d6ba3d 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/InternalClient.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/InternalClient.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.action.Action;
@@ -15,8 +15,8 @@ import org.elasticsearch.client.Client;
 import org.elasticsearch.client.FilterClient;
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.authc.AuthenticationService;
-import org.elasticsearch.shield.user.XPackUser;
+import org.elasticsearch.xpack.security.authc.AuthenticationService;
+import org.elasticsearch.xpack.security.user.XPackUser;
 
 import java.io.IOException;
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/Security.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java
similarity index 74%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/Security.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java
index aaa68307b1b..f38a2976c9c 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/Security.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import org.elasticsearch.action.ActionModule;
 import org.elasticsearch.common.Booleans;
@@ -20,68 +20,68 @@ import org.elasticsearch.common.settings.Setting.Property;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
 import org.elasticsearch.index.IndexModule;
-import org.elasticsearch.shield.action.ShieldActionModule;
-import org.elasticsearch.shield.action.filter.ShieldActionFilter;
-import org.elasticsearch.shield.action.realm.ClearRealmCacheAction;
-import org.elasticsearch.shield.action.realm.TransportClearRealmCacheAction;
-import org.elasticsearch.shield.action.role.ClearRolesCacheAction;
-import org.elasticsearch.shield.action.role.DeleteRoleAction;
-import org.elasticsearch.shield.action.role.GetRolesAction;
-import org.elasticsearch.shield.action.role.PutRoleAction;
-import org.elasticsearch.shield.action.role.TransportClearRolesCacheAction;
-import org.elasticsearch.shield.action.role.TransportDeleteRoleAction;
-import org.elasticsearch.shield.action.role.TransportGetRolesAction;
-import org.elasticsearch.shield.action.role.TransportPutRoleAction;
-import org.elasticsearch.shield.action.user.AuthenticateAction;
-import org.elasticsearch.shield.action.user.ChangePasswordAction;
-import org.elasticsearch.shield.action.user.DeleteUserAction;
-import org.elasticsearch.shield.action.user.GetUsersAction;
-import org.elasticsearch.shield.action.user.PutUserAction;
-import org.elasticsearch.shield.action.user.TransportAuthenticateAction;
-import org.elasticsearch.shield.action.user.TransportChangePasswordAction;
-import org.elasticsearch.shield.action.user.TransportDeleteUserAction;
-import org.elasticsearch.shield.action.user.TransportGetUsersAction;
-import org.elasticsearch.shield.action.user.TransportPutUserAction;
-import org.elasticsearch.shield.audit.AuditTrailModule;
-import org.elasticsearch.shield.audit.index.IndexAuditTrail;
-import org.elasticsearch.shield.audit.index.IndexNameResolver;
-import org.elasticsearch.shield.audit.logfile.LoggingAuditTrail;
-import org.elasticsearch.shield.authc.AuthenticationModule;
-import org.elasticsearch.shield.authc.InternalAuthenticationService;
-import org.elasticsearch.shield.authc.Realms;
-import org.elasticsearch.shield.authc.esnative.NativeUsersStore;
-import org.elasticsearch.shield.authc.ldap.support.SessionFactory;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
-import org.elasticsearch.shield.authz.AuthorizationModule;
-import org.elasticsearch.shield.authz.InternalAuthorizationService;
-import org.elasticsearch.shield.authz.accesscontrol.OptOutQueryCache;
-import org.elasticsearch.shield.authz.accesscontrol.ShieldIndexSearcherWrapper;
-import org.elasticsearch.shield.authz.store.FileRolesStore;
-import org.elasticsearch.shield.authz.store.NativeRolesStore;
-import org.elasticsearch.shield.crypto.CryptoModule;
-import org.elasticsearch.shield.crypto.InternalCryptoService;
-import org.elasticsearch.shield.rest.ShieldRestModule;
-import org.elasticsearch.shield.rest.action.RestAuthenticateAction;
-import org.elasticsearch.shield.rest.action.realm.RestClearRealmCacheAction;
-import org.elasticsearch.shield.rest.action.role.RestClearRolesCacheAction;
-import org.elasticsearch.shield.rest.action.role.RestDeleteRoleAction;
-import org.elasticsearch.shield.rest.action.role.RestGetRolesAction;
-import org.elasticsearch.shield.rest.action.role.RestPutRoleAction;
-import org.elasticsearch.shield.rest.action.user.RestChangePasswordAction;
-import org.elasticsearch.shield.rest.action.user.RestDeleteUserAction;
-import org.elasticsearch.shield.rest.action.user.RestGetUsersAction;
-import org.elasticsearch.shield.rest.action.user.RestPutUserAction;
-import org.elasticsearch.shield.ssl.SSLConfiguration;
-import org.elasticsearch.shield.ssl.SSLModule;
-import org.elasticsearch.shield.support.OptionalSettings;
-import org.elasticsearch.shield.transport.ShieldClientTransportService;
-import org.elasticsearch.shield.transport.ShieldServerTransportService;
-import org.elasticsearch.shield.transport.ShieldTransportModule;
-import org.elasticsearch.shield.transport.filter.IPFilter;
-import org.elasticsearch.shield.transport.netty.ShieldNettyHttpServerTransport;
-import org.elasticsearch.shield.transport.netty.ShieldNettyTransport;
-import org.elasticsearch.shield.user.AnonymousUser;
+import org.elasticsearch.xpack.security.action.SecurityActionModule;
+import org.elasticsearch.xpack.security.action.filter.SecurityActionFilter;
+import org.elasticsearch.xpack.security.action.realm.ClearRealmCacheAction;
+import org.elasticsearch.xpack.security.action.realm.TransportClearRealmCacheAction;
+import org.elasticsearch.xpack.security.action.role.ClearRolesCacheAction;
+import org.elasticsearch.xpack.security.action.role.DeleteRoleAction;
+import org.elasticsearch.xpack.security.action.role.GetRolesAction;
+import org.elasticsearch.xpack.security.action.role.PutRoleAction;
+import org.elasticsearch.xpack.security.action.role.TransportClearRolesCacheAction;
+import org.elasticsearch.xpack.security.action.role.TransportDeleteRoleAction;
+import org.elasticsearch.xpack.security.action.role.TransportGetRolesAction;
+import org.elasticsearch.xpack.security.action.role.TransportPutRoleAction;
+import org.elasticsearch.xpack.security.action.user.AuthenticateAction;
+import org.elasticsearch.xpack.security.action.user.ChangePasswordAction;
+import org.elasticsearch.xpack.security.action.user.DeleteUserAction;
+import org.elasticsearch.xpack.security.action.user.GetUsersAction;
+import org.elasticsearch.xpack.security.action.user.PutUserAction;
+import org.elasticsearch.xpack.security.action.user.TransportAuthenticateAction;
+import org.elasticsearch.xpack.security.action.user.TransportChangePasswordAction;
+import org.elasticsearch.xpack.security.action.user.TransportDeleteUserAction;
+import org.elasticsearch.xpack.security.action.user.TransportGetUsersAction;
+import org.elasticsearch.xpack.security.action.user.TransportPutUserAction;
+import org.elasticsearch.xpack.security.audit.AuditTrailModule;
+import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail;
+import org.elasticsearch.xpack.security.audit.index.IndexNameResolver;
+import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail;
+import org.elasticsearch.xpack.security.authc.AuthenticationModule;
+import org.elasticsearch.xpack.security.authc.InternalAuthenticationService;
+import org.elasticsearch.xpack.security.authc.Realms;
+import org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore;
+import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
+import org.elasticsearch.xpack.security.authz.AuthorizationModule;
+import org.elasticsearch.xpack.security.authz.InternalAuthorizationService;
+import org.elasticsearch.xpack.security.authz.accesscontrol.OptOutQueryCache;
+import org.elasticsearch.xpack.security.authz.accesscontrol.SecurityIndexSearcherWrapper;
+import org.elasticsearch.xpack.security.authz.store.FileRolesStore;
+import org.elasticsearch.xpack.security.authz.store.NativeRolesStore;
+import org.elasticsearch.xpack.security.crypto.CryptoModule;
+import org.elasticsearch.xpack.security.crypto.InternalCryptoService;
+import org.elasticsearch.xpack.security.rest.SecurityRestModule;
+import org.elasticsearch.xpack.security.rest.action.RestAuthenticateAction;
+import org.elasticsearch.xpack.security.rest.action.realm.RestClearRealmCacheAction;
+import org.elasticsearch.xpack.security.rest.action.role.RestClearRolesCacheAction;
+import org.elasticsearch.xpack.security.rest.action.role.RestDeleteRoleAction;
+import org.elasticsearch.xpack.security.rest.action.role.RestGetRolesAction;
+import org.elasticsearch.xpack.security.rest.action.role.RestPutRoleAction;
+import org.elasticsearch.xpack.security.rest.action.user.RestChangePasswordAction;
+import org.elasticsearch.xpack.security.rest.action.user.RestDeleteUserAction;
+import org.elasticsearch.xpack.security.rest.action.user.RestGetUsersAction;
+import org.elasticsearch.xpack.security.rest.action.user.RestPutUserAction;
+import org.elasticsearch.xpack.security.ssl.SSLConfiguration;
+import org.elasticsearch.xpack.security.ssl.SSLModule;
+import org.elasticsearch.xpack.security.support.OptionalSettings;
+import org.elasticsearch.xpack.security.transport.SecurityClientTransportService;
+import org.elasticsearch.xpack.security.transport.SecurityServerTransportService;
+import org.elasticsearch.xpack.security.transport.SecurityTransportModule;
+import org.elasticsearch.xpack.security.transport.filter.IPFilter;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
+import org.elasticsearch.xpack.security.user.AnonymousUser;
 import org.elasticsearch.xpack.XPackPlugin;
 import org.joda.time.DateTime;
 import org.joda.time.DateTimeZone;
@@ -104,7 +104,6 @@ public class Security {
 
     public static final String NAME = "security";
     public static final String DLS_FLS_FEATURE = "security.dls_fls";
-    public static final String OPT_OUT_QUERY_CACHE = "opt_out_cache";
     public static final Setting<Optional<String>> USER_SETTING = OptionalSettings.createString(setting("user"), Property.NodeScope);
 
     private final Settings settings;
@@ -129,7 +128,7 @@ public class Security {
                 return modules;
             }
             modules.add(new SecurityModule(settings, securityLicenseState));
-            modules.add(new ShieldTransportModule(settings));
+            modules.add(new SecurityTransportModule(settings));
             modules.add(new SSLModule(settings));
             return modules;
         }
@@ -148,9 +147,9 @@ public class Security {
         modules.add(new CryptoModule(settings));
         modules.add(new AuthorizationModule(settings));
         modules.add(new AuditTrailModule(settings));
-        modules.add(new ShieldRestModule(settings));
-        modules.add(new ShieldActionModule(settings));
-        modules.add(new ShieldTransportModule(settings));
+        modules.add(new SecurityRestModule(settings));
+        modules.add(new SecurityActionModule(settings));
+        modules.add(new SecurityTransportModule(settings));
         modules.add(new SSLModule(settings));
         return modules;
     }
@@ -181,7 +180,7 @@ public class Security {
         settingsBuilder.put(NetworkModule.TRANSPORT_TYPE_KEY, Security.NAME);
         settingsBuilder.put(NetworkModule.TRANSPORT_SERVICE_TYPE_KEY, Security.NAME);
         settingsBuilder.put(NetworkModule.HTTP_TYPE_SETTING.getKey(), Security.NAME);
-        ShieldNettyHttpServerTransport.overrideSettings(settingsBuilder, settings);
+        SecurityNettyHttpServerTransport.overrideSettings(settingsBuilder, settings);
         addUserSettings(settingsBuilder);
         addTribeSettings(settingsBuilder);
         return settingsBuilder.build();
@@ -197,7 +196,7 @@ public class Security {
         SSLConfiguration.Global.addSettings(settingsList);
 
         // transport settings
-        ShieldNettyTransport.addSettings(settingsList);
+        SecurityNettyTransport.addSettings(settingsList);
 
         if (transportClientMode) {
             return settingsList;
@@ -222,7 +221,7 @@ public class Security {
         InternalAuthorizationService.addSettings(settingsList);
 
         // HTTP settings
-        ShieldNettyHttpServerTransport.addSettings(settingsList);
+        SecurityNettyHttpServerTransport.addSettings(settingsList);
 
         // encryption settings
         InternalCryptoService.addSettings(settingsList);
@@ -260,13 +259,13 @@ public class Security {
 
         assert securityLicenseState != null;
         if (flsDlsEnabled(settings)) {
-            module.setSearcherWrapper((indexService) -> new ShieldIndexSearcherWrapper(indexService.getIndexSettings(),
+            module.setSearcherWrapper((indexService) -> new SecurityIndexSearcherWrapper(indexService.getIndexSettings(),
                     indexService.newQueryShardContext(), indexService.mapperService(),
                     indexService.cache().bitsetFilterCache(), indexService.getIndexServices().getThreadPool().getThreadContext(),
                     securityLicenseState));
         }
         if (transportClientMode == false) {
-            /*  We need to forcefully overwrite the query cache implementation to use Shield's opt out query cache implementation.
+            /*  We need to forcefully overwrite the query cache implementation to use security's opt out query cache implementation.
              *  This impl. disabled the query cache if field level security is used for a particular request. If we wouldn't do
              *  forcefully overwrite the query cache implementation then we leave the system vulnerable to leakages of data to
              *  unauthorized users. */
@@ -280,10 +279,10 @@ public class Security {
         }
         // registering the security filter only for nodes
         if (transportClientMode == false) {
-            module.registerFilter(ShieldActionFilter.class);
+            module.registerFilter(SecurityActionFilter.class);
         }
 
-        // registering all shield actions
+        // registering all security actions
         module.registerAction(ClearRealmCacheAction.INSTANCE, TransportClearRealmCacheAction.class);
         module.registerAction(ClearRolesCacheAction.INSTANCE, TransportClearRolesCacheAction.class);
         module.registerAction(GetUsersAction.INSTANCE, TransportGetUsersAction.class);
@@ -300,15 +299,15 @@ public class Security {
 
         if (transportClientMode) {
             if (enabled) {
-                module.registerTransport(Security.NAME, ShieldNettyTransport.class);
-                module.registerTransportService(Security.NAME, ShieldClientTransportService.class);
+                module.registerTransport(Security.NAME, SecurityNettyTransport.class);
+                module.registerTransportService(Security.NAME, SecurityClientTransportService.class);
             }
             return;
         }
 
         if (enabled) {
-            module.registerTransport(Security.NAME, ShieldNettyTransport.class);
-            module.registerTransportService(Security.NAME, ShieldServerTransportService.class);
+            module.registerTransport(Security.NAME, SecurityNettyTransport.class);
+            module.registerTransportService(Security.NAME, SecurityServerTransportService.class);
             module.registerRestHandler(RestAuthenticateAction.class);
             module.registerRestHandler(RestClearRealmCacheAction.class);
             module.registerRestHandler(RestClearRolesCacheAction.class);
@@ -319,7 +318,7 @@ public class Security {
             module.registerRestHandler(RestPutRoleAction.class);
             module.registerRestHandler(RestDeleteRoleAction.class);
             module.registerRestHandler(RestChangePasswordAction.class);
-            module.registerHttpTransport(Security.NAME, ShieldNettyHttpServerTransport.class);
+            module.registerHttpTransport(Security.NAME, SecurityNettyHttpServerTransport.class);
         }
     }
 
@@ -344,12 +343,12 @@ public class Security {
 
     /**
      * If the current node is a tribe node, we inject additional settings on each tribe client. We do this to make sure
-     * that every tribe cluster has shield installed and is enabled. We do that by:
+     * that every tribe cluster has x-pack installed and security is enabled. We do that by:
      *
-     *    - making it mandatory on the tribe client (this means that the tribe node will fail at startup if shield is
+     *    - making it mandatory on the tribe client (this means that the tribe node will fail at startup if x-pack is
      *      not loaded on any tribe due to missing mandatory plugin)
      *
-     *    - forcibly enabling it (that means it's not possible to disable shield on the tribe clients)
+     *    - forcibly enabling it (that means it's not possible to disable security on the tribe clients)
      */
     private void addTribeSettings(Settings.Builder settingsBuilder) {
         Map<String, Settings> tribesSettings = settings.getGroups("tribe", true);
@@ -366,7 +365,7 @@ public class Security {
             // otherwise (arrays don't get merged)
             String[] existingMandatoryPlugins = tribeSettings.getValue().getAsArray("plugin.mandatory", null);
             if (existingMandatoryPlugins == null) {
-                //shield is mandatory on every tribe if installed and enabled on the tribe node
+                //x-pack is mandatory on every tribe if installed and enabled on the tribe node
                 settingsBuilder.putArray(tribePrefix + "plugin.mandatory", XPackPlugin.NAME);
             } else {
                 if (Arrays.binarySearch(existingMandatoryPlugins, XPackPlugin.NAME) < 0) {
@@ -383,11 +382,11 @@ public class Security {
                             + settings.get(tribeEnabledSetting) + "]");
                 }
             } else {
-                //shield must be enabled on every tribe if it's enabled on the tribe node
+                //x-pack security must be enabled on every tribe if it's enabled on the tribe node
                 settingsBuilder.put(tribeEnabledSetting, true);
             }
 
-            // we passed all the checks now we need to copy in all of the shield settings
+            // we passed all the checks now we need to copy in all of the x-pack security settings
             for (Map.Entry<String, String> entry : settingsMap.entrySet()) {
                 String key = entry.getKey();
                 if (key.startsWith("xpack.security.")) {
@@ -433,7 +432,7 @@ public class Security {
         final String auditIndex = indexAuditingEnabled ? "," + IndexAuditTrail.INDEX_NAME_PREFIX + "*" : "";
         String errorMessage = LoggerMessageFormat.format("the [action.auto_create_index] setting value [{}] is too" +
                 " restrictive. disable [action.auto_create_index] or set it to " +
-                "[{}{}]", (Object) value, ShieldTemplateService.SECURITY_INDEX_NAME, auditIndex);
+                "[{}{}]", (Object) value, SecurityTemplateService.SECURITY_INDEX_NAME, auditIndex);
         if (Booleans.isExplicitFalse(value)) {
             throw new IllegalArgumentException(errorMessage);
         }
@@ -444,7 +443,7 @@ public class Security {
 
         String[] matches = Strings.commaDelimitedListToStringArray(value);
         List<String> indices = new ArrayList<>();
-        indices.add(ShieldTemplateService.SECURITY_INDEX_NAME);
+        indices.add(SecurityTemplateService.SECURITY_INDEX_NAME);
         if (indexAuditingEnabled) {
             DateTime now = new DateTime(DateTimeZone.UTC);
             // just use daily rollover
@@ -487,7 +486,7 @@ public class Security {
             logger.warn("the [action.auto_create_index] setting is configured to be restrictive [{}]. " +
                     " for the next 6 months audit indices are allowed to be created, but please make sure" +
                     " that any future history indices after 6 months with the pattern " +
-                    "[.shield_audit_log*] are allowed to be created", value);
+                    "[.security_audit_log*] are allowed to be created", value);
         }
     }
 }
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/SecurityContext.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityContext.java
similarity index 93%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/SecurityContext.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityContext.java
index 4a5e82ead7c..090cdebc455 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/SecurityContext.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityContext.java
@@ -3,14 +3,14 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.authc.Authentication;
-import org.elasticsearch.shield.authc.AuthenticationService;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.authc.Authentication;
+import org.elasticsearch.xpack.security.authc.AuthenticationService;
+import org.elasticsearch.xpack.security.user.User;
 import org.elasticsearch.threadpool.ThreadPool;
 
 import java.io.IOException;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/SecurityFeatureSet.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java
similarity index 94%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/SecurityFeatureSet.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java
index d721531659e..ee09a04cf67 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/SecurityFeatureSet.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import org.elasticsearch.common.Nullable;
 import org.elasticsearch.common.inject.Inject;
@@ -13,9 +13,9 @@ import org.elasticsearch.common.io.stream.StreamOutput;
 import org.elasticsearch.common.io.stream.Writeable;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.xcontent.XContentBuilder;
-import org.elasticsearch.shield.authc.Realm;
-import org.elasticsearch.shield.authc.Realms;
-import org.elasticsearch.shield.authc.esnative.ReservedRealm;
+import org.elasticsearch.xpack.security.authc.Realm;
+import org.elasticsearch.xpack.security.authc.Realms;
+import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm;
 import org.elasticsearch.xpack.XPackFeatureSet;
 
 import java.io.IOException;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/SecurityLicenseState.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityLicenseState.java
similarity index 95%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/SecurityLicenseState.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityLicenseState.java
index d0300885aa5..b62f2f6275d 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/SecurityLicenseState.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityLicenseState.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import org.elasticsearch.license.core.License.OperationMode;
 import org.elasticsearch.license.plugin.core.LicenseState;
@@ -11,7 +11,7 @@ import org.elasticsearch.license.plugin.core.Licensee.Status;
 
 
 /**
- * This class serves to decouple shield code that needs to check the license state from the {@link SecurityLicensee} as the
+ * This class serves to decouple security code that needs to check the license state from the {@link SecurityLicensee} as the
  * tight coupling causes issues with guice injection and circular dependencies
  */
 public class SecurityLicenseState {
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/SecurityLicensee.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityLicensee.java
similarity index 94%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/SecurityLicensee.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityLicensee.java
index d275b6b7ada..95d9d8e5864 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/SecurityLicensee.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityLicensee.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.common.Strings;
@@ -20,19 +20,19 @@ import org.elasticsearch.license.plugin.core.LicenseeRegistry;
 public class SecurityLicensee extends AbstractLicenseeComponent<SecurityLicensee> implements Licensee {
 
     private final boolean isTribeNode;
-    private final SecurityLicenseState shieldLicenseState;
+    private final SecurityLicenseState securityLicenseState;
 
     @Inject
-    public SecurityLicensee(Settings settings, LicenseeRegistry clientService, SecurityLicenseState shieldLicenseState) {
+    public SecurityLicensee(Settings settings, LicenseeRegistry clientService, SecurityLicenseState securityLicenseState) {
         super(settings, Security.NAME, clientService);
-        this.shieldLicenseState = shieldLicenseState;
+        this.securityLicenseState = securityLicenseState;
         this.isTribeNode = settings.getGroups("tribe", true).isEmpty() == false;
     }
 
     @Override
     public void onChange(Status status) {
         super.onChange(status);
-        shieldLicenseState.updateStatus(status);
+        securityLicenseState.updateStatus(status);
     }
 
     @Override
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldLifecycleService.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityLifecycleService.java
similarity index 84%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldLifecycleService.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityLifecycleService.java
index d8c4a5b75b0..f174df21d52 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldLifecycleService.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityLifecycleService.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import org.elasticsearch.cluster.ClusterChangedEvent;
 import org.elasticsearch.cluster.service.ClusterService;
@@ -14,10 +14,10 @@ import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.inject.Provider;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.AbstractRunnable;
-import org.elasticsearch.shield.audit.AuditTrailModule;
-import org.elasticsearch.shield.audit.index.IndexAuditTrail;
-import org.elasticsearch.shield.authc.esnative.NativeUsersStore;
-import org.elasticsearch.shield.authz.store.NativeRolesStore;
+import org.elasticsearch.xpack.security.audit.AuditTrailModule;
+import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail;
+import org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore;
+import org.elasticsearch.xpack.security.authz.store.NativeRolesStore;
 import org.elasticsearch.threadpool.ThreadPool;
 
 /**
@@ -31,7 +31,7 @@ import org.elasticsearch.threadpool.ThreadPool;
  * successful. This lifecycle service allows for this to happen by listening for {@link ClusterChangedEvent} and checking
  * if the services can start. Additionally, the service also provides hooks for stop and close functionality.
  */
-public class ShieldLifecycleService extends AbstractComponent implements ClusterStateListener {
+public class SecurityLifecycleService extends AbstractComponent implements ClusterStateListener {
 
     private final Settings settings;
     private final ThreadPool threadPool;
@@ -40,9 +40,9 @@ public class ShieldLifecycleService extends AbstractComponent implements Cluster
     private final NativeRolesStore nativeRolesStore;
 
     @Inject
-    public ShieldLifecycleService(Settings settings, ClusterService clusterService, ThreadPool threadPool,
-                                  IndexAuditTrail indexAuditTrail, NativeUsersStore nativeUserStore,
-                                  NativeRolesStore nativeRolesStore, Provider<InternalClient> clientProvider) {
+    public SecurityLifecycleService(Settings settings, ClusterService clusterService, ThreadPool threadPool,
+                                    IndexAuditTrail indexAuditTrail, NativeUsersStore nativeUserStore,
+                                    NativeRolesStore nativeRolesStore, Provider<InternalClient> clientProvider) {
         super(settings);
         this.settings = settings;
         this.threadPool = threadPool;
@@ -54,7 +54,7 @@ public class ShieldLifecycleService extends AbstractComponent implements Cluster
         clusterService.add(this);
         clusterService.add(nativeUserStore);
         clusterService.add(nativeRolesStore);
-        clusterService.add(new ShieldTemplateService(settings, clusterService, clientProvider, threadPool));
+        clusterService.add(new SecurityTemplateService(settings, clusterService, clientProvider, threadPool));
         clusterService.addLifecycleListener(new LifecycleListener() {
 
             @Override
@@ -78,7 +78,7 @@ public class ShieldLifecycleService extends AbstractComponent implements Cluster
                     @Override
                     public void onFailure(Throwable throwable) {
                         logger.error("failed to start native user store service", throwable);
-                        assert false : "shield lifecycle services startup failed";
+                        assert false : "security lifecycle services startup failed";
                     }
 
                     @Override
@@ -97,7 +97,7 @@ public class ShieldLifecycleService extends AbstractComponent implements Cluster
                     @Override
                     public void onFailure(Throwable throwable) {
                         logger.error("failed to start native roles store services", throwable);
-                        assert false : "shield lifecycle services startup failed";
+                        assert false : "security lifecycle services startup failed";
                     }
 
                     @Override
@@ -119,7 +119,7 @@ public class ShieldLifecycleService extends AbstractComponent implements Cluster
                         @Override
                         public void onFailure(Throwable throwable) {
                             logger.error("failed to start index audit trail services", throwable);
-                            assert false : "shield lifecycle services startup failed";
+                            assert false : "security lifecycle services startup failed";
                         }
 
                         @Override
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/SecurityModule.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityModule.java
similarity index 85%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/SecurityModule.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityModule.java
index cdfd0121d34..acff075a3ef 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/SecurityModule.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityModule.java
@@ -3,17 +3,17 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import org.elasticsearch.common.inject.util.Providers;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.support.AbstractShieldModule;
+import org.elasticsearch.xpack.security.support.AbstractSecurityModule;
 import org.elasticsearch.xpack.XPackPlugin;
 
 /**
  *
  */
-public class SecurityModule extends AbstractShieldModule {
+public class SecurityModule extends AbstractSecurityModule {
 
     private final SecurityLicenseState securityLicenseState;
 
@@ -36,10 +36,10 @@ public class SecurityModule extends AbstractShieldModule {
 
         XPackPlugin.bindFeatureSet(binder(), SecurityFeatureSet.class);
 
-        if (shieldEnabled) {
+        if (securityEnabled) {
             bind(SecurityContext.Secure.class).asEagerSingleton();
             bind(SecurityContext.class).to(SecurityContext.Secure.class);
-            bind(ShieldLifecycleService.class).asEagerSingleton();
+            bind(SecurityLifecycleService.class).asEagerSingleton();
             bind(InternalClient.Secure.class).asEagerSingleton();
             bind(InternalClient.class).to(InternalClient.Secure.class);
         } else {
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldTemplateService.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityTemplateService.java
similarity index 80%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldTemplateService.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityTemplateService.java
index 1324beced4e..eef53799cf2 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldTemplateService.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityTemplateService.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateRequest;
@@ -28,10 +28,10 @@ import java.io.InputStream;
 import java.util.concurrent.atomic.AtomicBoolean;
 
 /**
- * ShieldTemplateService is responsible for adding the template needed for the
+ * SecurityTemplateService is responsible for adding the template needed for the
  * {@code .security} administrative index.
  */
-public class ShieldTemplateService extends AbstractComponent implements ClusterStateListener {
+public class SecurityTemplateService extends AbstractComponent implements ClusterStateListener {
 
     public static final String SECURITY_INDEX_NAME = ".security";
     public static final String SECURITY_TEMPLATE_NAME = "security-index-template";
@@ -40,31 +40,31 @@ public class ShieldTemplateService extends AbstractComponent implements ClusterS
     private final Provider<InternalClient> clientProvider;
     private final AtomicBoolean templateCreationPending = new AtomicBoolean(false);
 
-    public ShieldTemplateService(Settings settings, ClusterService clusterService,
-            Provider<InternalClient> clientProvider, ThreadPool threadPool) {
+    public SecurityTemplateService(Settings settings, ClusterService clusterService,
+                                   Provider<InternalClient> clientProvider, ThreadPool threadPool) {
         super(settings);
         this.threadPool = threadPool;
         this.clientProvider = clientProvider;
         clusterService.add(this);
     }
 
-    private void createShieldTemplate() {
+    private void createSecurityTemplate() {
         final Client client = clientProvider.get();
         try (InputStream is = getClass().getResourceAsStream("/" + SECURITY_TEMPLATE_NAME + ".json")) {
             ByteArrayOutputStream out = new ByteArrayOutputStream();
             Streams.copy(is, out);
             final byte[] template = out.toByteArray();
-            logger.debug("putting the shield index template");
+            logger.debug("putting the security index template");
             PutIndexTemplateRequest putTemplateRequest = client.admin().indices()
                     .preparePutTemplate(SECURITY_TEMPLATE_NAME).setSource(template).request();
             PutIndexTemplateResponse templateResponse = client.admin().indices().putTemplate(putTemplateRequest).get();
             if (templateResponse.isAcknowledged() == false) {
-                throw new ElasticsearchException("adding template for shield admin index was not acknowledged");
+                throw new ElasticsearchException("adding template for security index was not acknowledged");
             }
         } catch (Exception e) {
-            logger.error("failed to create shield admin index template [{}]",
+            logger.error("failed to create security index template [{}]",
                     e, SECURITY_INDEX_NAME);
-            throw new IllegalStateException("failed to create shield admin index template [" +
+            throw new IllegalStateException("failed to create security index template [" +
                     SECURITY_INDEX_NAME + "]", e);
         }
     }
@@ -72,15 +72,15 @@ public class ShieldTemplateService extends AbstractComponent implements ClusterS
     @Override
     public void clusterChanged(ClusterChangedEvent event) {
         if (event.state().blocks().hasGlobalBlock(GatewayService.STATE_NOT_RECOVERED_BLOCK)) {
-            // wait until the gateway has recovered from disk, otherwise we think may not have .shield-audit-
+            // wait until the gateway has recovered from disk, otherwise we think may not have .security-audit-
             // but they may not have been restored from the cluster state on disk
             logger.debug("template service waiting until state has been recovered");
             return;
         }
         
-        IndexRoutingTable shieldIndexRouting = event.state().routingTable().index(SECURITY_INDEX_NAME);
+        IndexRoutingTable securityIndexRouting = event.state().routingTable().index(SECURITY_INDEX_NAME);
 
-        if (shieldIndexRouting == null) {
+        if (securityIndexRouting == null) {
             if (event.localNodeMaster()) {
                 ClusterState state = event.state();
                 // TODO for the future need to add some checking in the event the template needs to be updated...
@@ -91,14 +91,14 @@ public class ShieldTemplateService extends AbstractComponent implements ClusterS
                     threadPool.generic().execute(new AbstractRunnable() {
                         @Override
                         public void onFailure(Throwable t) {
-                            logger.warn("failed to create shield admin template", t);
+                            logger.warn("failed to create security index template", t);
                             templateCreationPending.set(false);
                         }
 
                         @Override
                         protected void doRun() throws Exception {
                             if (createTemplate) {
-                                createShieldTemplate();
+                                createSecurityTemplate();
                             }
                             templateCreationPending.set(false);
                         }
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/ShieldActionMapper.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/SecurityActionMapper.java
similarity index 90%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/ShieldActionMapper.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/SecurityActionMapper.java
index 871d9d2ef7f..409317bbf89 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/ShieldActionMapper.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/SecurityActionMapper.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action;
+package org.elasticsearch.xpack.security.action;
 
 import org.elasticsearch.action.admin.indices.analyze.AnalyzeAction;
 import org.elasticsearch.action.admin.indices.analyze.AnalyzeRequest;
@@ -12,18 +12,18 @@ import org.elasticsearch.action.search.ClearScrollRequest;
 import org.elasticsearch.transport.TransportRequest;
 
 /**
- * This class analyzes an incoming request and its action name, and returns the shield action name for it.
+ * This class analyzes an incoming request and its action name, and returns the security action name for it.
  * In many cases the action name is the same as the original one used in es core, but in some exceptional cases it might need
  * to be converted. For instance a clear_scroll that targets all opened scrolls gets converted to a different action that requires
  * cluster privileges instead of the default indices privileges, still valid for clear scrolls that target specific scroll ids.
  */
-public class ShieldActionMapper {
+public class SecurityActionMapper {
 
     static final String CLUSTER_PERMISSION_SCROLL_CLEAR_ALL_NAME = "cluster:admin/indices/scroll/clear_all";
     static final String CLUSTER_PERMISSION_ANALYZE = "cluster:admin/analyze";
 
     /**
-     * Returns the shield specific action name given the incoming action name and request
+     * Returns the security specific action name given the incoming action name and request
      */
     public String action(String action, TransportRequest request) {
         switch (action) {
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/ShieldActionModule.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/SecurityActionModule.java
similarity index 54%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/ShieldActionModule.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/SecurityActionModule.java
index d54ca1b89aa..8f6858a18ab 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/ShieldActionModule.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/SecurityActionModule.java
@@ -3,30 +3,30 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action;
+package org.elasticsearch.xpack.security.action;
 
 import org.elasticsearch.common.inject.multibindings.Multibinder;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.action.filter.ShieldActionFilter;
-import org.elasticsearch.shield.action.interceptor.BulkRequestInterceptor;
-import org.elasticsearch.shield.action.interceptor.FieldStatsRequestInterceptor;
-import org.elasticsearch.shield.action.interceptor.RealtimeRequestInterceptor;
-import org.elasticsearch.shield.action.interceptor.RequestInterceptor;
-import org.elasticsearch.shield.action.interceptor.SearchRequestInterceptor;
-import org.elasticsearch.shield.action.interceptor.UpdateRequestInterceptor;
-import org.elasticsearch.shield.support.AbstractShieldModule;
+import org.elasticsearch.xpack.security.action.filter.SecurityActionFilter;
+import org.elasticsearch.xpack.security.action.interceptor.BulkRequestInterceptor;
+import org.elasticsearch.xpack.security.action.interceptor.FieldStatsRequestInterceptor;
+import org.elasticsearch.xpack.security.action.interceptor.RealtimeRequestInterceptor;
+import org.elasticsearch.xpack.security.action.interceptor.RequestInterceptor;
+import org.elasticsearch.xpack.security.action.interceptor.SearchRequestInterceptor;
+import org.elasticsearch.xpack.security.action.interceptor.UpdateRequestInterceptor;
+import org.elasticsearch.xpack.security.support.AbstractSecurityModule;
 
-public class ShieldActionModule extends AbstractShieldModule.Node {
+public class SecurityActionModule extends AbstractSecurityModule.Node {
 
-    public ShieldActionModule(Settings settings) {
+    public SecurityActionModule(Settings settings) {
         super(settings);
     }
 
     @Override
     protected void configureNode() {
-        bind(ShieldActionMapper.class).asEagerSingleton();
+        bind(SecurityActionMapper.class).asEagerSingleton();
         // we need to ensure that there's only a single instance of the action filters
-        bind(ShieldActionFilter.class).asEagerSingleton();
+        bind(SecurityActionFilter.class).asEagerSingleton();
 
         // TODO: we should move these to action filters and only have 1 chain.
         Multibinder<RequestInterceptor> multibinder
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/filter/ShieldActionFilter.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilter.java
similarity index 80%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/filter/ShieldActionFilter.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilter.java
index 4ff41b15cd0..bafdacac3e3 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/filter/ShieldActionFilter.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilter.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.filter;
+package org.elasticsearch.xpack.security.action.filter;
 
 import org.elasticsearch.action.ActionListener;
 import org.elasticsearch.action.ActionRequest;
@@ -19,20 +19,20 @@ import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
 import org.elasticsearch.license.plugin.core.LicenseUtils;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.SecurityContext;
-import org.elasticsearch.shield.action.ShieldActionMapper;
-import org.elasticsearch.shield.authc.Authentication;
-import org.elasticsearch.shield.user.SystemUser;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.action.interceptor.RequestInterceptor;
-import org.elasticsearch.shield.audit.AuditTrail;
-import org.elasticsearch.shield.authc.AuthenticationService;
-import org.elasticsearch.shield.authz.AuthorizationService;
-import org.elasticsearch.shield.authz.AuthorizationUtils;
-import org.elasticsearch.shield.authz.privilege.HealthAndStatsPrivilege;
-import org.elasticsearch.shield.crypto.CryptoService;
-import org.elasticsearch.shield.SecurityLicenseState;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.SecurityContext;
+import org.elasticsearch.xpack.security.action.SecurityActionMapper;
+import org.elasticsearch.xpack.security.authc.Authentication;
+import org.elasticsearch.xpack.security.user.SystemUser;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.action.interceptor.RequestInterceptor;
+import org.elasticsearch.xpack.security.audit.AuditTrail;
+import org.elasticsearch.xpack.security.authc.AuthenticationService;
+import org.elasticsearch.xpack.security.authz.AuthorizationService;
+import org.elasticsearch.xpack.security.authz.AuthorizationUtils;
+import org.elasticsearch.xpack.security.authz.privilege.HealthAndStatsPrivilege;
+import org.elasticsearch.xpack.security.crypto.CryptoService;
+import org.elasticsearch.xpack.security.SecurityLicenseState;
 import org.elasticsearch.tasks.Task;
 import org.elasticsearch.threadpool.ThreadPool;
 
@@ -42,12 +42,12 @@ import java.util.List;
 import java.util.Set;
 import java.util.function.Predicate;
 
-import static org.elasticsearch.shield.support.Exceptions.authorizationError;
+import static org.elasticsearch.xpack.security.support.Exceptions.authorizationError;
 
 /**
  *
  */
-public class ShieldActionFilter extends AbstractComponent implements ActionFilter {
+public class SecurityActionFilter extends AbstractComponent implements ActionFilter {
 
     private static final Predicate<String> LICENSE_EXPIRATION_ACTION_MATCHER = HealthAndStatsPrivilege.INSTANCE.predicate();
 
@@ -55,17 +55,17 @@ public class ShieldActionFilter extends AbstractComponent implements ActionFilte
     private final AuthorizationService authzService;
     private final CryptoService cryptoService;
     private final AuditTrail auditTrail;
-    private final ShieldActionMapper actionMapper;
+    private final SecurityActionMapper actionMapper;
     private final Set<RequestInterceptor> requestInterceptors;
     private final SecurityLicenseState licenseState;
     private final ThreadContext threadContext;
     private final SecurityContext securityContext;
 
     @Inject
-    public ShieldActionFilter(Settings settings, AuthenticationService authcService, AuthorizationService authzService,
-                              CryptoService cryptoService, AuditTrail auditTrail, SecurityLicenseState licenseState,
-                              ShieldActionMapper actionMapper,  Set<RequestInterceptor> requestInterceptors, ThreadPool threadPool,
-                              SecurityContext securityContext) {
+    public SecurityActionFilter(Settings settings, AuthenticationService authcService, AuthorizationService authzService,
+                                CryptoService cryptoService, AuditTrail auditTrail, SecurityLicenseState licenseState,
+                                SecurityActionMapper actionMapper, Set<RequestInterceptor> requestInterceptors, ThreadPool threadPool,
+                                SecurityContext securityContext) {
         super(settings);
         this.authcService = authcService;
         this.authzService = authzService;
@@ -82,12 +82,12 @@ public class ShieldActionFilter extends AbstractComponent implements ActionFilte
     public void apply(Task task, String action, ActionRequest request, ActionListener listener, ActionFilterChain chain) {
 
         /**
-         A functional requirement - when the license of shield is disabled (invalid/expires), shield will continue
+         A functional requirement - when the license of security is disabled (invalid/expires), security will continue
          to operate normally, except all read operations will be blocked.
          */
         if (!licenseState.statsAndHealthEnabled() && LICENSE_EXPIRATION_ACTION_MATCHER.test(action)) {
             logger.error("blocking [{}] operation due to expired license. Cluster health, cluster stats and indices stats \n" +
-                    "operations are blocked on shield license expiration. All data operations (read and write) continue to work. \n" +
+                    "operations are blocked on license expiration. All data operations (read and write) continue to work. \n" +
                     "If you have a new license, please update it. Otherwise, please reach out to your support contact.", action);
             throw LicenseUtils.newComplianceException(Security.NAME);
         }
@@ -136,12 +136,12 @@ public class ShieldActionFilter extends AbstractComponent implements ActionFilte
          the {@link Rest} filter and the {@link ServerTransport} filter respectively), it's safe to assume a system user
          here if a request is not associated with any other user.
          */
-        final String shieldAction = actionMapper.action(action, request);
-        Authentication authentication = authcService.authenticate(shieldAction, request, SystemUser.INSTANCE);
+        final String securityAction = actionMapper.action(action, request);
+        Authentication authentication = authcService.authenticate(securityAction, request, SystemUser.INSTANCE);
         assert authentication != null;
-        authzService.authorize(authentication, shieldAction, request);
+        authzService.authorize(authentication, securityAction, request);
         final User user = authentication.getUser();
-        request = unsign(user, shieldAction, request);
+        request = unsign(user, securityAction, request);
 
         /*
          * We use a separate concept for code that needs to be run after authentication and authorization that could effect the running of
@@ -205,11 +205,11 @@ public class ShieldActionFilter extends AbstractComponent implements ActionFilte
 
     static class SigningListener<Response extends ActionResponse> implements ActionListener<Response> {
 
-        private final ShieldActionFilter filter;
+        private final SecurityActionFilter filter;
         private final ActionListener innerListener;
         private final ThreadContext.StoredContext threadContext;
 
-        private SigningListener(ShieldActionFilter filter, ActionListener innerListener,
+        private SigningListener(SecurityActionFilter filter, ActionListener innerListener,
                                 @Nullable ThreadContext.StoredContext threadContext) {
             this.filter = filter;
             this.innerListener = innerListener;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/BulkRequestInterceptor.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/interceptor/BulkRequestInterceptor.java
similarity index 91%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/BulkRequestInterceptor.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/interceptor/BulkRequestInterceptor.java
index ac6130f5bae..ee6db9b477d 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/BulkRequestInterceptor.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/interceptor/BulkRequestInterceptor.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.interceptor;
+package org.elasticsearch.xpack.security.action.interceptor;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.action.IndicesRequest;
@@ -14,9 +14,9 @@ import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
 import org.elasticsearch.rest.RestStatus;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.authz.InternalAuthorizationService;
-import org.elasticsearch.shield.authz.accesscontrol.IndicesAccessControl;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.authz.InternalAuthorizationService;
+import org.elasticsearch.xpack.security.authz.accesscontrol.IndicesAccessControl;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.TransportRequest;
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/FieldAndDocumentLevelSecurityRequestInterceptor.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/interceptor/FieldAndDocumentLevelSecurityRequestInterceptor.java
similarity index 92%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/FieldAndDocumentLevelSecurityRequestInterceptor.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/interceptor/FieldAndDocumentLevelSecurityRequestInterceptor.java
index b53faa521cf..e81e7e4cd15 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/FieldAndDocumentLevelSecurityRequestInterceptor.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/interceptor/FieldAndDocumentLevelSecurityRequestInterceptor.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.interceptor;
+package org.elasticsearch.xpack.security.action.interceptor;
 
 import org.elasticsearch.action.CompositeIndicesRequest;
 import org.elasticsearch.action.IndicesRequest;
@@ -11,9 +11,9 @@ import org.elasticsearch.common.component.AbstractComponent;
 import org.elasticsearch.common.logging.LoggerMessageFormat;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.authz.InternalAuthorizationService;
-import org.elasticsearch.shield.authz.accesscontrol.IndicesAccessControl;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.authz.InternalAuthorizationService;
+import org.elasticsearch.xpack.security.authz.accesscontrol.IndicesAccessControl;
 
 import java.util.Collections;
 import java.util.List;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/FieldStatsRequestInterceptor.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/interceptor/FieldStatsRequestInterceptor.java
similarity index 95%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/FieldStatsRequestInterceptor.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/interceptor/FieldStatsRequestInterceptor.java
index 46edc92b18a..056d2cc3257 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/FieldStatsRequestInterceptor.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/interceptor/FieldStatsRequestInterceptor.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.interceptor;
+package org.elasticsearch.xpack.security.action.interceptor;
 
 import org.elasticsearch.action.fieldstats.FieldStatsRequest;
 import org.elasticsearch.common.inject.Inject;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/RealtimeRequestInterceptor.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/interceptor/RealtimeRequestInterceptor.java
similarity index 95%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/RealtimeRequestInterceptor.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/interceptor/RealtimeRequestInterceptor.java
index 7dca9937319..278d7e12ae7 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/RealtimeRequestInterceptor.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/interceptor/RealtimeRequestInterceptor.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.interceptor;
+package org.elasticsearch.xpack.security.action.interceptor;
 
 import org.elasticsearch.action.RealtimeRequest;
 import org.elasticsearch.common.inject.Inject;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/RequestInterceptor.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/interceptor/RequestInterceptor.java
similarity index 87%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/RequestInterceptor.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/interceptor/RequestInterceptor.java
index 172d2bc7889..d6549d928ab 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/RequestInterceptor.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/interceptor/RequestInterceptor.java
@@ -3,9 +3,9 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.interceptor;
+package org.elasticsearch.xpack.security.action.interceptor;
 
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.user.User;
 import org.elasticsearch.transport.TransportRequest;
 
 /**
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/SearchRequestInterceptor.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/interceptor/SearchRequestInterceptor.java
similarity index 95%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/SearchRequestInterceptor.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/interceptor/SearchRequestInterceptor.java
index 168ce041885..ba2e09708b6 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/SearchRequestInterceptor.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/interceptor/SearchRequestInterceptor.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.interceptor;
+package org.elasticsearch.xpack.security.action.interceptor;
 
 import org.elasticsearch.action.search.SearchRequest;
 import org.elasticsearch.common.inject.Inject;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/UpdateRequestInterceptor.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/interceptor/UpdateRequestInterceptor.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/UpdateRequestInterceptor.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/interceptor/UpdateRequestInterceptor.java
index 1800265b666..f3f85e067bf 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/UpdateRequestInterceptor.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/interceptor/UpdateRequestInterceptor.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.interceptor;
+package org.elasticsearch.xpack.security.action.interceptor;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.action.update.UpdateRequest;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/realm/ClearRealmCacheAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/realm/ClearRealmCacheAction.java
similarity index 94%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/realm/ClearRealmCacheAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/realm/ClearRealmCacheAction.java
index 07bd31943fb..b5ea8617f13 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/realm/ClearRealmCacheAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/realm/ClearRealmCacheAction.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.realm;
+package org.elasticsearch.xpack.security.action.realm;
 
 import org.elasticsearch.action.Action;
 import org.elasticsearch.client.ElasticsearchClient;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/realm/ClearRealmCacheRequest.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/realm/ClearRealmCacheRequest.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/realm/ClearRealmCacheRequest.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/realm/ClearRealmCacheRequest.java
index 4e74eeb2bd1..ed549692b83 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/realm/ClearRealmCacheRequest.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/realm/ClearRealmCacheRequest.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.realm;
+package org.elasticsearch.xpack.security.action.realm;
 
 import org.elasticsearch.action.support.nodes.BaseNodeRequest;
 import org.elasticsearch.action.support.nodes.BaseNodesRequest;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/realm/ClearRealmCacheRequestBuilder.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/realm/ClearRealmCacheRequestBuilder.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/realm/ClearRealmCacheRequestBuilder.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/realm/ClearRealmCacheRequestBuilder.java
index aae08b9e62f..083cf785530 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/realm/ClearRealmCacheRequestBuilder.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/realm/ClearRealmCacheRequestBuilder.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.realm;
+package org.elasticsearch.xpack.security.action.realm;
 
 import org.elasticsearch.action.support.nodes.NodesOperationRequestBuilder;
 import org.elasticsearch.client.ElasticsearchClient;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/realm/ClearRealmCacheResponse.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/realm/ClearRealmCacheResponse.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/realm/ClearRealmCacheResponse.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/realm/ClearRealmCacheResponse.java
index 6060fae653a..53b6fe425bd 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/realm/ClearRealmCacheResponse.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/realm/ClearRealmCacheResponse.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.realm;
+package org.elasticsearch.xpack.security.action.realm;
 
 import org.elasticsearch.action.FailedNodeException;
 import org.elasticsearch.action.support.nodes.BaseNodeResponse;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/realm/TransportClearRealmCacheAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/realm/TransportClearRealmCacheAction.java
similarity index 94%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/realm/TransportClearRealmCacheAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/realm/TransportClearRealmCacheAction.java
index 99d8dc32889..a1d443fb293 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/realm/TransportClearRealmCacheAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/realm/TransportClearRealmCacheAction.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.realm;
+package org.elasticsearch.xpack.security.action.realm;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.action.FailedNodeException;
@@ -13,9 +13,9 @@ import org.elasticsearch.cluster.service.ClusterService;
 import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authc.Realm;
-import org.elasticsearch.shield.authc.Realms;
-import org.elasticsearch.shield.authc.support.CachingRealm;
+import org.elasticsearch.xpack.security.authc.Realm;
+import org.elasticsearch.xpack.security.authc.Realms;
+import org.elasticsearch.xpack.security.authc.support.CachingRealm;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.TransportService;
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/ClearRolesCacheAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/ClearRolesCacheAction.java
similarity index 95%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/ClearRolesCacheAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/ClearRolesCacheAction.java
index f7d75cfd662..99729719fd3 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/ClearRolesCacheAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/ClearRolesCacheAction.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.role;
+package org.elasticsearch.xpack.security.action.role;
 
 import org.elasticsearch.action.Action;
 import org.elasticsearch.client.ElasticsearchClient;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/ClearRolesCacheRequest.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/ClearRolesCacheRequest.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/ClearRolesCacheRequest.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/ClearRolesCacheRequest.java
index 936f1f81123..542e836e4ff 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/ClearRolesCacheRequest.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/ClearRolesCacheRequest.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.role;
+package org.elasticsearch.xpack.security.action.role;
 
 import org.elasticsearch.action.support.nodes.BaseNodeRequest;
 import org.elasticsearch.action.support.nodes.BaseNodesRequest;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/ClearRolesCacheRequestBuilder.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/ClearRolesCacheRequestBuilder.java
similarity index 95%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/ClearRolesCacheRequestBuilder.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/ClearRolesCacheRequestBuilder.java
index 5f964ea88d1..d3799fb3d89 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/ClearRolesCacheRequestBuilder.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/ClearRolesCacheRequestBuilder.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.role;
+package org.elasticsearch.xpack.security.action.role;
 
 import org.elasticsearch.action.support.nodes.NodesOperationRequestBuilder;
 import org.elasticsearch.client.ElasticsearchClient;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/ClearRolesCacheResponse.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/ClearRolesCacheResponse.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/ClearRolesCacheResponse.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/ClearRolesCacheResponse.java
index 9b2c1d92e5b..d3b79cea5c9 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/ClearRolesCacheResponse.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/ClearRolesCacheResponse.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.role;
+package org.elasticsearch.xpack.security.action.role;
 
 import org.elasticsearch.action.FailedNodeException;
 import org.elasticsearch.action.support.nodes.BaseNodeResponse;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/DeleteRoleAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/DeleteRoleAction.java
similarity index 89%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/DeleteRoleAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/DeleteRoleAction.java
index 3d302912815..f5cc7decfa3 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/DeleteRoleAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/DeleteRoleAction.java
@@ -3,13 +3,13 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.role;
+package org.elasticsearch.xpack.security.action.role;
 
 import org.elasticsearch.action.Action;
 import org.elasticsearch.client.ElasticsearchClient;
 
 /**
- * Action for deleting a role from the shield administrative index
+ * Action for deleting a role from the security index
  */
 public class DeleteRoleAction extends Action<DeleteRoleRequest, DeleteRoleResponse, DeleteRoleRequestBuilder> {
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/DeleteRoleRequest.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/DeleteRoleRequest.java
similarity index 94%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/DeleteRoleRequest.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/DeleteRoleRequest.java
index 20b4812c724..08237d1e476 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/DeleteRoleRequest.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/DeleteRoleRequest.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.role;
+package org.elasticsearch.xpack.security.action.role;
 
 import org.elasticsearch.action.ActionRequest;
 import org.elasticsearch.action.ActionRequestValidationException;
@@ -15,7 +15,7 @@ import java.io.IOException;
 import static org.elasticsearch.action.ValidateActions.addValidationError;
 
 /**
- * A request delete a role from the shield index
+ * A request delete a role from the security index
  */
 public class DeleteRoleRequest extends ActionRequest<DeleteRoleRequest> {
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/DeleteRoleRequestBuilder.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/DeleteRoleRequestBuilder.java
similarity index 89%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/DeleteRoleRequestBuilder.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/DeleteRoleRequestBuilder.java
index fb509d99fba..646be72ca4f 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/DeleteRoleRequestBuilder.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/DeleteRoleRequestBuilder.java
@@ -3,13 +3,13 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.role;
+package org.elasticsearch.xpack.security.action.role;
 
 import org.elasticsearch.action.ActionRequestBuilder;
 import org.elasticsearch.client.ElasticsearchClient;
 
 /**
- * A builder for requests to delete a role from the shield index
+ * A builder for requests to delete a role from the security index
  */
 public class DeleteRoleRequestBuilder extends ActionRequestBuilder<DeleteRoleRequest, DeleteRoleResponse, DeleteRoleRequestBuilder> {
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/DeleteRoleResponse.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/DeleteRoleResponse.java
similarity index 92%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/DeleteRoleResponse.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/DeleteRoleResponse.java
index 89c8d8f5d14..0072d163f2d 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/DeleteRoleResponse.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/DeleteRoleResponse.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.role;
+package org.elasticsearch.xpack.security.action.role;
 
 import org.elasticsearch.action.ActionResponse;
 import org.elasticsearch.common.io.stream.StreamInput;
@@ -14,7 +14,7 @@ import org.elasticsearch.common.xcontent.XContentBuilder;
 import java.io.IOException;
 
 /**
- * Response for a role being deleted from the shield index
+ * Response for a role being deleted from the security index
  */
 public class DeleteRoleResponse extends ActionResponse implements ToXContent {
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/GetRolesAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/GetRolesAction.java
similarity index 89%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/GetRolesAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/GetRolesAction.java
index e84236bf987..89ff1d8e8d7 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/GetRolesAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/GetRolesAction.java
@@ -3,13 +3,13 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.role;
+package org.elasticsearch.xpack.security.action.role;
 
 import org.elasticsearch.action.Action;
 import org.elasticsearch.client.ElasticsearchClient;
 
 /**
- * Action to retrieve a role from the shield index
+ * Action to retrieve a role from the security index
  */
 public class GetRolesAction extends Action<GetRolesRequest, GetRolesResponse, GetRolesRequestBuilder> {
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/GetRolesRequest.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/GetRolesRequest.java
similarity index 93%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/GetRolesRequest.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/GetRolesRequest.java
index 4637171447d..250fa73cde6 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/GetRolesRequest.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/GetRolesRequest.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.role;
+package org.elasticsearch.xpack.security.action.role;
 
 import org.elasticsearch.action.ActionRequest;
 import org.elasticsearch.action.ActionRequestValidationException;
@@ -16,7 +16,7 @@ import java.io.IOException;
 import static org.elasticsearch.action.ValidateActions.addValidationError;
 
 /**
- * Request to retrieve roles from the shield index
+ * Request to retrieve roles from the security index
  */
 public class GetRolesRequest extends ActionRequest<GetRolesRequest> {
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/GetRolesRequestBuilder.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/GetRolesRequestBuilder.java
similarity index 87%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/GetRolesRequestBuilder.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/GetRolesRequestBuilder.java
index 83cfcf4a6eb..94e4734435e 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/GetRolesRequestBuilder.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/GetRolesRequestBuilder.java
@@ -3,13 +3,13 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.role;
+package org.elasticsearch.xpack.security.action.role;
 
 import org.elasticsearch.action.ActionRequestBuilder;
 import org.elasticsearch.client.ElasticsearchClient;
 
 /**
- * Builder for requests to retrieve a role from the shield index
+ * Builder for requests to retrieve a role from the security index
  */
 public class GetRolesRequestBuilder extends ActionRequestBuilder<GetRolesRequest, GetRolesResponse, GetRolesRequestBuilder> {
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/GetRolesResponse.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/GetRolesResponse.java
similarity index 92%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/GetRolesResponse.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/GetRolesResponse.java
index f99935a4bad..41e254f5c15 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/GetRolesResponse.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/GetRolesResponse.java
@@ -3,12 +3,12 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.role;
+package org.elasticsearch.xpack.security.action.role;
 
 import org.elasticsearch.action.ActionResponse;
 import org.elasticsearch.common.io.stream.StreamInput;
 import org.elasticsearch.common.io.stream.StreamOutput;
-import org.elasticsearch.shield.authz.RoleDescriptor;
+import org.elasticsearch.xpack.security.authz.RoleDescriptor;
 
 import java.io.IOException;
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/PutRoleAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/PutRoleAction.java
similarity index 89%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/PutRoleAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/PutRoleAction.java
index 3e8d9fdf1af..e80353983d2 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/PutRoleAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/PutRoleAction.java
@@ -3,13 +3,13 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.role;
+package org.elasticsearch.xpack.security.action.role;
 
 import org.elasticsearch.action.Action;
 import org.elasticsearch.client.ElasticsearchClient;
 
 /**
- * Action for adding a role to the shield administrative index
+ * Action for adding a role to the security index
  */
 public class PutRoleAction extends Action<PutRoleRequest, PutRoleResponse, PutRoleRequestBuilder> {
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/PutRoleRequest.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/PutRoleRequest.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/PutRoleRequest.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/PutRoleRequest.java
index 05f45513aee..70a2b0f3104 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/PutRoleRequest.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/PutRoleRequest.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.role;
+package org.elasticsearch.xpack.security.action.role;
 
 import org.elasticsearch.action.ActionRequest;
 import org.elasticsearch.action.ActionRequestValidationException;
@@ -14,7 +14,7 @@ import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.bytes.BytesReference;
 import org.elasticsearch.common.io.stream.StreamInput;
 import org.elasticsearch.common.io.stream.StreamOutput;
-import org.elasticsearch.shield.authz.RoleDescriptor;
+import org.elasticsearch.xpack.security.authz.RoleDescriptor;
 
 import java.io.IOException;
 import java.util.ArrayList;
@@ -24,7 +24,7 @@ import java.util.List;
 import static org.elasticsearch.action.ValidateActions.addValidationError;
 
 /**
- * Request object for adding a role to the shield index
+ * Request object for adding a role to the security index
  */
 public class PutRoleRequest extends ActionRequest<PutRoleRequest> implements WriteRequest<PutRoleRequest> {
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/PutRoleRequestBuilder.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/PutRoleRequestBuilder.java
similarity index 94%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/PutRoleRequestBuilder.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/PutRoleRequestBuilder.java
index 8b63fc32de4..9360e982451 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/PutRoleRequestBuilder.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/PutRoleRequestBuilder.java
@@ -3,14 +3,14 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.role;
+package org.elasticsearch.xpack.security.action.role;
 
 import org.elasticsearch.action.ActionRequestBuilder;
 import org.elasticsearch.action.support.WriteRequestBuilder;
 import org.elasticsearch.client.ElasticsearchClient;
 import org.elasticsearch.common.Nullable;
 import org.elasticsearch.common.bytes.BytesReference;
-import org.elasticsearch.shield.authz.RoleDescriptor;
+import org.elasticsearch.xpack.security.authz.RoleDescriptor;
 
 /**
  * Builder for requests to add a role to the administrative index
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/PutRoleResponse.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/PutRoleResponse.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/PutRoleResponse.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/PutRoleResponse.java
index 54f14385157..a7c26416356 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/PutRoleResponse.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/PutRoleResponse.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.role;
+package org.elasticsearch.xpack.security.action.role;
 
 import org.elasticsearch.action.ActionResponse;
 import org.elasticsearch.common.io.stream.StreamInput;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/TransportClearRolesCacheAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/TransportClearRolesCacheAction.java
similarity index 95%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/TransportClearRolesCacheAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/TransportClearRolesCacheAction.java
index b029b6de167..954e416aedc 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/TransportClearRolesCacheAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/TransportClearRolesCacheAction.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.role;
+package org.elasticsearch.xpack.security.action.role;
 
 import org.elasticsearch.action.FailedNodeException;
 import org.elasticsearch.action.support.ActionFilters;
@@ -12,7 +12,7 @@ import org.elasticsearch.cluster.service.ClusterService;
 import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authz.store.NativeRolesStore;
+import org.elasticsearch.xpack.security.authz.store.NativeRolesStore;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.TransportService;
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/TransportDeleteRoleAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/TransportDeleteRoleAction.java
similarity index 92%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/TransportDeleteRoleAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/TransportDeleteRoleAction.java
index 5150ea5aa12..48b65921541 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/TransportDeleteRoleAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/TransportDeleteRoleAction.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.role;
+package org.elasticsearch.xpack.security.action.role;
 
 import org.elasticsearch.action.ActionListener;
 import org.elasticsearch.action.support.ActionFilters;
@@ -11,8 +11,8 @@ import org.elasticsearch.action.support.HandledTransportAction;
 import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authz.store.NativeRolesStore;
-import org.elasticsearch.shield.authz.store.ReservedRolesStore;
+import org.elasticsearch.xpack.security.authz.store.NativeRolesStore;
+import org.elasticsearch.xpack.security.authz.store.ReservedRolesStore;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.TransportService;
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/TransportGetRolesAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/TransportGetRolesAction.java
similarity index 93%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/TransportGetRolesAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/TransportGetRolesAction.java
index 2e8f1b70b2f..bfaa684c04e 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/TransportGetRolesAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/TransportGetRolesAction.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.role;
+package org.elasticsearch.xpack.security.action.role;
 
 import org.elasticsearch.action.ActionListener;
 import org.elasticsearch.action.support.ActionFilters;
@@ -12,10 +12,10 @@ import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
 import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authz.RoleDescriptor;
-import org.elasticsearch.shield.authz.permission.KibanaRole;
-import org.elasticsearch.shield.authz.store.ReservedRolesStore;
-import org.elasticsearch.shield.authz.store.NativeRolesStore;
+import org.elasticsearch.xpack.security.authz.RoleDescriptor;
+import org.elasticsearch.xpack.security.authz.permission.KibanaRole;
+import org.elasticsearch.xpack.security.authz.store.ReservedRolesStore;
+import org.elasticsearch.xpack.security.authz.store.NativeRolesStore;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.TransportService;
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/TransportPutRoleAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/TransportPutRoleAction.java
similarity index 92%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/TransportPutRoleAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/TransportPutRoleAction.java
index 492e35f7ac9..2cb1f983135 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/TransportPutRoleAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/TransportPutRoleAction.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.role;
+package org.elasticsearch.xpack.security.action.role;
 
 import org.elasticsearch.action.ActionListener;
 import org.elasticsearch.action.support.ActionFilters;
@@ -11,8 +11,8 @@ import org.elasticsearch.action.support.HandledTransportAction;
 import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authz.store.NativeRolesStore;
-import org.elasticsearch.shield.authz.store.ReservedRolesStore;
+import org.elasticsearch.xpack.security.authz.store.NativeRolesStore;
+import org.elasticsearch.xpack.security.authz.store.ReservedRolesStore;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.TransportService;
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/AuthenticateAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/AuthenticateAction.java
similarity index 94%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/AuthenticateAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/AuthenticateAction.java
index c282a2eeeef..964b7d17ce9 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/AuthenticateAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/AuthenticateAction.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.action.Action;
 import org.elasticsearch.client.ElasticsearchClient;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/AuthenticateRequest.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/AuthenticateRequest.java
similarity index 93%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/AuthenticateRequest.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/AuthenticateRequest.java
index 2415ba5fbff..97779ac00ab 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/AuthenticateRequest.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/AuthenticateRequest.java
@@ -3,13 +3,13 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.action.ActionRequest;
 import org.elasticsearch.action.ActionRequestValidationException;
 import org.elasticsearch.common.io.stream.StreamInput;
 import org.elasticsearch.common.io.stream.StreamOutput;
-import org.elasticsearch.shield.support.Validation;
+import org.elasticsearch.xpack.security.support.Validation;
 
 import java.io.IOException;
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/AuthenticateRequestBuilder.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/AuthenticateRequestBuilder.java
similarity index 94%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/AuthenticateRequestBuilder.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/AuthenticateRequestBuilder.java
index 5188d51f579..78ea046e3e8 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/AuthenticateRequestBuilder.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/AuthenticateRequestBuilder.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.action.ActionRequestBuilder;
 import org.elasticsearch.client.ElasticsearchClient;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/AuthenticateResponse.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/AuthenticateResponse.java
similarity index 90%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/AuthenticateResponse.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/AuthenticateResponse.java
index 953886c1aeb..3c4d66cd3e7 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/AuthenticateResponse.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/AuthenticateResponse.java
@@ -3,12 +3,12 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.action.ActionResponse;
 import org.elasticsearch.common.io.stream.StreamInput;
 import org.elasticsearch.common.io.stream.StreamOutput;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.user.User;
 
 import java.io.IOException;
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/ChangePasswordAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/ChangePasswordAction.java
similarity index 94%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/ChangePasswordAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/ChangePasswordAction.java
index 85452887495..4e6b758f961 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/ChangePasswordAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/ChangePasswordAction.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.action.Action;
 import org.elasticsearch.client.ElasticsearchClient;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/ChangePasswordRequest.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/ChangePasswordRequest.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/ChangePasswordRequest.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/ChangePasswordRequest.java
index 5ceef12fca1..dcf3e30ec83 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/ChangePasswordRequest.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/ChangePasswordRequest.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.action.ActionRequest;
 import org.elasticsearch.action.ActionRequestValidationException;
@@ -12,7 +12,7 @@ import org.elasticsearch.action.support.WriteRequest.RefreshPolicy;
 import org.elasticsearch.common.bytes.BytesArray;
 import org.elasticsearch.common.io.stream.StreamInput;
 import org.elasticsearch.common.io.stream.StreamOutput;
-import org.elasticsearch.shield.authc.support.CharArrays;
+import org.elasticsearch.xpack.security.authc.support.CharArrays;
 
 import java.io.IOException;
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/ChangePasswordRequestBuilder.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/ChangePasswordRequestBuilder.java
similarity index 92%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/ChangePasswordRequestBuilder.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/ChangePasswordRequestBuilder.java
index 7177f1b56eb..590d1563e17 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/ChangePasswordRequestBuilder.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/ChangePasswordRequestBuilder.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.ElasticsearchParseException;
 import org.elasticsearch.action.ActionRequestBuilder;
@@ -14,10 +14,10 @@ import org.elasticsearch.common.ValidationException;
 import org.elasticsearch.common.bytes.BytesReference;
 import org.elasticsearch.common.xcontent.XContentHelper;
 import org.elasticsearch.common.xcontent.XContentParser;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.support.Validation;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.support.Validation;
+import org.elasticsearch.xpack.security.user.User;
 import org.elasticsearch.xpack.common.xcontent.XContentUtils;
 
 import java.io.IOException;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/ChangePasswordResponse.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/ChangePasswordResponse.java
similarity index 88%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/ChangePasswordResponse.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/ChangePasswordResponse.java
index 0bf8fd202d8..a0d4465e93c 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/ChangePasswordResponse.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/ChangePasswordResponse.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.action.ActionResponse;
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/DeleteUserAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/DeleteUserAction.java
similarity index 94%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/DeleteUserAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/DeleteUserAction.java
index 89c91c9c148..b1e6e9cd1c7 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/DeleteUserAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/DeleteUserAction.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.action.Action;
 import org.elasticsearch.client.ElasticsearchClient;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/DeleteUserRequest.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/DeleteUserRequest.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/DeleteUserRequest.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/DeleteUserRequest.java
index c899747ce0e..54edc4c437c 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/DeleteUserRequest.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/DeleteUserRequest.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.action.ActionRequest;
 import org.elasticsearch.action.ActionRequestValidationException;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/DeleteUserRequestBuilder.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/DeleteUserRequestBuilder.java
similarity index 94%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/DeleteUserRequestBuilder.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/DeleteUserRequestBuilder.java
index c82dd47f6d6..b228e979eb4 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/DeleteUserRequestBuilder.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/DeleteUserRequestBuilder.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.action.ActionRequestBuilder;
 import org.elasticsearch.client.ElasticsearchClient;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/DeleteUserResponse.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/DeleteUserResponse.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/DeleteUserResponse.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/DeleteUserResponse.java
index d76d3cd8132..ddefee59a6e 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/DeleteUserResponse.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/DeleteUserResponse.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.action.ActionResponse;
 import org.elasticsearch.common.io.stream.StreamInput;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/GetUsersAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/GetUsersAction.java
similarity index 88%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/GetUsersAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/GetUsersAction.java
index fff2a3569d5..bbf6f499a33 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/GetUsersAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/GetUsersAction.java
@@ -3,13 +3,13 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.action.Action;
 import org.elasticsearch.client.ElasticsearchClient;
 
 /**
- * Action for retrieving a user from the shield administrative index
+ * Action for retrieving a user from the security index
  */
 public class GetUsersAction extends Action<GetUsersRequest, GetUsersResponse, GetUsersRequestBuilder> {
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/GetUsersRequest.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/GetUsersRequest.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/GetUsersRequest.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/GetUsersRequest.java
index 50cfaf83375..1d2786a5d3c 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/GetUsersRequest.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/GetUsersRequest.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.action.ActionRequest;
 import org.elasticsearch.action.ActionRequestValidationException;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/GetUsersRequestBuilder.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/GetUsersRequestBuilder.java
similarity index 94%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/GetUsersRequestBuilder.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/GetUsersRequestBuilder.java
index bc3af1c3279..f5b6a080ffa 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/GetUsersRequestBuilder.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/GetUsersRequestBuilder.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.action.ActionRequestBuilder;
 import org.elasticsearch.client.ElasticsearchClient;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/GetUsersResponse.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/GetUsersResponse.java
similarity index 90%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/GetUsersResponse.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/GetUsersResponse.java
index c0e16271a95..7b63e3b8b8b 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/GetUsersResponse.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/GetUsersResponse.java
@@ -3,18 +3,18 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.action.ActionResponse;
 import org.elasticsearch.common.io.stream.StreamInput;
 import org.elasticsearch.common.io.stream.StreamOutput;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.user.User;
 
 import java.io.IOException;
 import java.util.Collection;
 
 /**
- * Response containing a User retrieved from the shield administrative index
+ * Response containing a User retrieved from the security index
  */
 public class GetUsersResponse extends ActionResponse {
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/PutUserAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/PutUserAction.java
similarity index 94%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/PutUserAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/PutUserAction.java
index 33ec4aa6668..29d2cebbfa7 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/PutUserAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/PutUserAction.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.action.Action;
 import org.elasticsearch.client.ElasticsearchClient;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/PutUserRequest.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/PutUserRequest.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/PutUserRequest.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/PutUserRequest.java
index bcf4891f882..bd7bd2f11c6 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/PutUserRequest.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/PutUserRequest.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.action.ActionRequest;
 import org.elasticsearch.action.ActionRequestValidationException;
@@ -14,7 +14,7 @@ import org.elasticsearch.common.bytes.BytesArray;
 import org.elasticsearch.common.bytes.BytesReference;
 import org.elasticsearch.common.io.stream.StreamInput;
 import org.elasticsearch.common.io.stream.StreamOutput;
-import org.elasticsearch.shield.authc.support.CharArrays;
+import org.elasticsearch.xpack.security.authc.support.CharArrays;
 
 import java.io.IOException;
 import java.util.Map;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/PutUserRequestBuilder.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/PutUserRequestBuilder.java
similarity index 95%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/PutUserRequestBuilder.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/PutUserRequestBuilder.java
index 3a5bf7b54d4..7b753e9ba97 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/PutUserRequestBuilder.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/PutUserRequestBuilder.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.ElasticsearchParseException;
 import org.elasticsearch.action.ActionRequestBuilder;
@@ -16,10 +16,10 @@ import org.elasticsearch.common.ValidationException;
 import org.elasticsearch.common.bytes.BytesReference;
 import org.elasticsearch.common.xcontent.XContentHelper;
 import org.elasticsearch.common.xcontent.XContentParser;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.support.Validation;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.support.Validation;
+import org.elasticsearch.xpack.security.user.User;
 import org.elasticsearch.xpack.common.xcontent.XContentUtils;
 
 import java.io.IOException;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/PutUserResponse.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/PutUserResponse.java
similarity index 92%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/PutUserResponse.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/PutUserResponse.java
index d5ecda1fcc4..3badc5f7edc 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/PutUserResponse.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/PutUserResponse.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.action.ActionResponse;
 import org.elasticsearch.common.io.stream.StreamInput;
@@ -14,7 +14,7 @@ import org.elasticsearch.common.xcontent.XContentBuilder;
 import java.io.IOException;
 
 /**
- * Response when adding a user to the shield administrative index. Returns a
+ * Response when adding a user to the security index. Returns a
  * single boolean field for whether the user was created or updated.
  */
 public class PutUserResponse extends ActionResponse implements ToXContent {
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/TransportAuthenticateAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/TransportAuthenticateAction.java
similarity index 90%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/TransportAuthenticateAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/TransportAuthenticateAction.java
index 92a676f8a99..b05959caec3 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/TransportAuthenticateAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/TransportAuthenticateAction.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.action.ActionListener;
@@ -12,9 +12,9 @@ import org.elasticsearch.action.support.HandledTransportAction;
 import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.SecurityContext;
-import org.elasticsearch.shield.user.SystemUser;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.SecurityContext;
+import org.elasticsearch.xpack.security.user.SystemUser;
+import org.elasticsearch.xpack.security.user.User;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.TransportService;
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/TransportChangePasswordAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/TransportChangePasswordAction.java
similarity index 88%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/TransportChangePasswordAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/TransportChangePasswordAction.java
index c01f3923354..0cffe5bab86 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/TransportChangePasswordAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/TransportChangePasswordAction.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.action.ActionListener;
 import org.elasticsearch.action.support.ActionFilters;
@@ -11,10 +11,10 @@ import org.elasticsearch.action.support.HandledTransportAction;
 import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authc.esnative.NativeUsersStore;
-import org.elasticsearch.shield.authc.esnative.ReservedRealm;
-import org.elasticsearch.shield.user.AnonymousUser;
-import org.elasticsearch.shield.user.SystemUser;
+import org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore;
+import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm;
+import org.elasticsearch.xpack.security.user.AnonymousUser;
+import org.elasticsearch.xpack.security.user.SystemUser;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.TransportService;
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/TransportDeleteUserAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/TransportDeleteUserAction.java
similarity index 89%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/TransportDeleteUserAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/TransportDeleteUserAction.java
index 8e37748519c..387da62f59f 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/TransportDeleteUserAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/TransportDeleteUserAction.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.action.ActionListener;
 import org.elasticsearch.action.support.ActionFilters;
@@ -11,10 +11,10 @@ import org.elasticsearch.action.support.HandledTransportAction;
 import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authc.esnative.NativeUsersStore;
-import org.elasticsearch.shield.authc.esnative.ReservedRealm;
-import org.elasticsearch.shield.user.AnonymousUser;
-import org.elasticsearch.shield.user.SystemUser;
+import org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore;
+import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm;
+import org.elasticsearch.xpack.security.user.AnonymousUser;
+import org.elasticsearch.xpack.security.user.SystemUser;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.TransportService;
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/TransportGetUsersAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/TransportGetUsersAction.java
similarity index 92%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/TransportGetUsersAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/TransportGetUsersAction.java
index 91ff6fabe76..645871ded3e 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/TransportGetUsersAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/TransportGetUsersAction.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.action.ActionListener;
 import org.elasticsearch.action.support.ActionFilters;
@@ -12,11 +12,11 @@ import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
 import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.user.AnonymousUser;
-import org.elasticsearch.shield.user.SystemUser;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.authc.esnative.NativeUsersStore;
-import org.elasticsearch.shield.authc.esnative.ReservedRealm;
+import org.elasticsearch.xpack.security.user.AnonymousUser;
+import org.elasticsearch.xpack.security.user.SystemUser;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore;
+import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.TransportService;
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/TransportPutUserAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/TransportPutUserAction.java
similarity index 90%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/TransportPutUserAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/TransportPutUserAction.java
index 4af577c4a72..b4352ce454a 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/TransportPutUserAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/TransportPutUserAction.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.action.ActionListener;
 import org.elasticsearch.action.support.ActionFilters;
@@ -11,10 +11,10 @@ import org.elasticsearch.action.support.HandledTransportAction;
 import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authc.esnative.NativeUsersStore;
-import org.elasticsearch.shield.authc.esnative.ReservedRealm;
-import org.elasticsearch.shield.user.AnonymousUser;
-import org.elasticsearch.shield.user.SystemUser;
+import org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore;
+import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm;
+import org.elasticsearch.xpack.security.user.AnonymousUser;
+import org.elasticsearch.xpack.security.user.SystemUser;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.TransportService;
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/UserRequest.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/UserRequest.java
similarity index 90%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/UserRequest.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/UserRequest.java
index f91015b3866..cec40bc48fc 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/UserRequest.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/UserRequest.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 /**
  * Interface for requests that involve user operations
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/AuditTrail.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrail.java
similarity index 90%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/AuditTrail.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrail.java
index 196570f4fe6..07f196cbbf9 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/AuditTrail.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrail.java
@@ -3,12 +3,12 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.audit;
+package org.elasticsearch.xpack.security.audit;
 
 import org.elasticsearch.rest.RestRequest;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.authc.AuthenticationToken;
-import org.elasticsearch.shield.transport.filter.ShieldIpFilterRule;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.authc.AuthenticationToken;
+import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
 import org.elasticsearch.transport.TransportMessage;
 
 import java.net.InetAddress;
@@ -80,11 +80,11 @@ public interface AuditTrail {
         }
 
         @Override
-        public void connectionGranted(InetAddress inetAddress, String profile, ShieldIpFilterRule rule) {
+        public void connectionGranted(InetAddress inetAddress, String profile, SecurityIpFilterRule rule) {
         }
 
         @Override
-        public void connectionDenied(InetAddress inetAddress, String profile, ShieldIpFilterRule rule) {
+        public void connectionDenied(InetAddress inetAddress, String profile, SecurityIpFilterRule rule) {
         }
 
         @Override
@@ -128,9 +128,9 @@ public interface AuditTrail {
 
     void tamperedRequest(User user, String action, TransportMessage request);
 
-    void connectionGranted(InetAddress inetAddress, String profile, ShieldIpFilterRule rule);
+    void connectionGranted(InetAddress inetAddress, String profile, SecurityIpFilterRule rule);
 
-    void connectionDenied(InetAddress inetAddress, String profile, ShieldIpFilterRule rule);
+    void connectionDenied(InetAddress inetAddress, String profile, SecurityIpFilterRule rule);
 
     void runAsGranted(User user, String action, TransportMessage message);
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/AuditTrailModule.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrailModule.java
similarity index 88%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/AuditTrailModule.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrailModule.java
index 1b1a18c0e21..f50eef9757c 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/AuditTrailModule.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrailModule.java
@@ -3,31 +3,30 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.audit;
+package org.elasticsearch.xpack.security.audit;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.common.inject.multibindings.Multibinder;
 import org.elasticsearch.common.settings.Setting;
 import org.elasticsearch.common.settings.Setting.Property;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.common.settings.SettingsModule;
 import org.elasticsearch.common.util.set.Sets;
-import org.elasticsearch.shield.audit.index.IndexAuditTrail;
-import org.elasticsearch.shield.audit.logfile.LoggingAuditTrail;
-import org.elasticsearch.shield.support.AbstractShieldModule;
+import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail;
+import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail;
+import org.elasticsearch.xpack.security.support.AbstractSecurityModule;
 
 import java.util.Collections;
 import java.util.List;
 import java.util.Set;
 import java.util.function.Function;
 
-import static org.elasticsearch.shield.Security.featureEnabledSetting;
-import static org.elasticsearch.shield.Security.setting;
+import static org.elasticsearch.xpack.security.Security.featureEnabledSetting;
+import static org.elasticsearch.xpack.security.Security.setting;
 
 /**
  *
  */
-public class AuditTrailModule extends AbstractShieldModule.Node {
+public class AuditTrailModule extends AbstractSecurityModule.Node {
 
     public static final Setting<Boolean> ENABLED_SETTING =
             Setting.boolSetting(featureEnabledSetting("audit"), false, Property.NodeScope);
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/AuditTrailService.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrailService.java
similarity index 94%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/AuditTrailService.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrailService.java
index d717811c1fd..690bc6c76f1 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/AuditTrailService.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrailService.java
@@ -3,16 +3,16 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.audit;
+package org.elasticsearch.xpack.security.audit;
 
 import org.elasticsearch.common.component.AbstractComponent;
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.rest.RestRequest;
-import org.elasticsearch.shield.SecurityLicenseState;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.authc.AuthenticationToken;
-import org.elasticsearch.shield.transport.filter.ShieldIpFilterRule;
+import org.elasticsearch.xpack.security.SecurityLicenseState;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.authc.AuthenticationToken;
+import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
 import org.elasticsearch.transport.TransportMessage;
 
 import java.net.InetAddress;
@@ -154,7 +154,7 @@ public class AuditTrailService extends AbstractComponent implements AuditTrail {
     }
 
     @Override
-    public void connectionGranted(InetAddress inetAddress, String profile, ShieldIpFilterRule rule) {
+    public void connectionGranted(InetAddress inetAddress, String profile, SecurityIpFilterRule rule) {
         if (securityLicenseState.auditingEnabled()) {
             for (AuditTrail auditTrail : auditTrails) {
                 auditTrail.connectionGranted(inetAddress, profile, rule);
@@ -163,7 +163,7 @@ public class AuditTrailService extends AbstractComponent implements AuditTrail {
     }
 
     @Override
-    public void connectionDenied(InetAddress inetAddress, String profile, ShieldIpFilterRule rule) {
+    public void connectionDenied(InetAddress inetAddress, String profile, SecurityIpFilterRule rule) {
         if (securityLicenseState.auditingEnabled()) {
             for (AuditTrail auditTrail : auditTrails) {
                 auditTrail.connectionDenied(inetAddress, profile, rule);
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/AuditUtil.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditUtil.java
similarity index 95%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/AuditUtil.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditUtil.java
index bf6079c56cf..f19416f8001 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/AuditUtil.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditUtil.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.audit;
+package org.elasticsearch.xpack.security.audit;
 
 import org.elasticsearch.action.IndicesRequest;
 import org.elasticsearch.common.xcontent.XContentHelper;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditLevel.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/index/IndexAuditLevel.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditLevel.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/index/IndexAuditLevel.java
index 178dabde1a1..30a68b04777 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditLevel.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/index/IndexAuditLevel.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.audit.index;
+package org.elasticsearch.xpack.security.audit.index;
 
 import java.util.Arrays;
 import java.util.EnumSet;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrail.java
similarity index 92%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrail.java
index e7b70374089..5d257a6837c 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrail.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.audit.index;
+package org.elasticsearch.xpack.security.audit.index;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.action.admin.cluster.state.ClusterStateResponse;
@@ -33,7 +33,6 @@ import org.elasticsearch.common.network.NetworkAddress;
 import org.elasticsearch.common.settings.Setting;
 import org.elasticsearch.common.settings.Setting.Property;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.common.settings.SettingsModule;
 import org.elasticsearch.common.transport.InetSocketTransportAddress;
 import org.elasticsearch.common.transport.TransportAddress;
 import org.elasticsearch.common.unit.TimeValue;
@@ -45,15 +44,15 @@ import org.elasticsearch.common.xcontent.XContentFactory;
 import org.elasticsearch.gateway.GatewayService;
 import org.elasticsearch.node.Node;
 import org.elasticsearch.rest.RestRequest;
-import org.elasticsearch.shield.InternalClient;
-import org.elasticsearch.shield.user.SystemUser;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.user.XPackUser;
-import org.elasticsearch.shield.audit.AuditTrail;
-import org.elasticsearch.shield.authc.AuthenticationToken;
-import org.elasticsearch.shield.authz.privilege.SystemPrivilege;
-import org.elasticsearch.shield.rest.RemoteHostHeader;
-import org.elasticsearch.shield.transport.filter.ShieldIpFilterRule;
+import org.elasticsearch.xpack.security.InternalClient;
+import org.elasticsearch.xpack.security.user.SystemUser;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.user.XPackUser;
+import org.elasticsearch.xpack.security.audit.AuditTrail;
+import org.elasticsearch.xpack.security.authc.AuthenticationToken;
+import org.elasticsearch.xpack.security.authz.privilege.SystemPrivilege;
+import org.elasticsearch.xpack.security.rest.RemoteHostHeader;
+import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.Transport;
 import org.elasticsearch.transport.TransportMessage;
@@ -82,21 +81,21 @@ import java.util.concurrent.locks.Lock;
 import java.util.concurrent.locks.ReentrantLock;
 import java.util.function.Function;
 
-import static org.elasticsearch.shield.audit.AuditUtil.indices;
-import static org.elasticsearch.shield.audit.AuditUtil.restRequestContent;
-import static org.elasticsearch.shield.audit.index.IndexAuditLevel.ACCESS_DENIED;
-import static org.elasticsearch.shield.audit.index.IndexAuditLevel.ACCESS_GRANTED;
-import static org.elasticsearch.shield.audit.index.IndexAuditLevel.ANONYMOUS_ACCESS_DENIED;
-import static org.elasticsearch.shield.audit.index.IndexAuditLevel.AUTHENTICATION_FAILED;
-import static org.elasticsearch.shield.audit.index.IndexAuditLevel.CONNECTION_DENIED;
-import static org.elasticsearch.shield.audit.index.IndexAuditLevel.CONNECTION_GRANTED;
-import static org.elasticsearch.shield.audit.index.IndexAuditLevel.RUN_AS_DENIED;
-import static org.elasticsearch.shield.audit.index.IndexAuditLevel.RUN_AS_GRANTED;
-import static org.elasticsearch.shield.audit.index.IndexAuditLevel.SYSTEM_ACCESS_GRANTED;
-import static org.elasticsearch.shield.audit.index.IndexAuditLevel.TAMPERED_REQUEST;
-import static org.elasticsearch.shield.audit.index.IndexAuditLevel.parse;
-import static org.elasticsearch.shield.audit.index.IndexNameResolver.resolve;
-import static org.elasticsearch.shield.Security.setting;
+import static org.elasticsearch.xpack.security.audit.AuditUtil.indices;
+import static org.elasticsearch.xpack.security.audit.AuditUtil.restRequestContent;
+import static org.elasticsearch.xpack.security.audit.index.IndexAuditLevel.ACCESS_DENIED;
+import static org.elasticsearch.xpack.security.audit.index.IndexAuditLevel.ACCESS_GRANTED;
+import static org.elasticsearch.xpack.security.audit.index.IndexAuditLevel.ANONYMOUS_ACCESS_DENIED;
+import static org.elasticsearch.xpack.security.audit.index.IndexAuditLevel.AUTHENTICATION_FAILED;
+import static org.elasticsearch.xpack.security.audit.index.IndexAuditLevel.CONNECTION_DENIED;
+import static org.elasticsearch.xpack.security.audit.index.IndexAuditLevel.CONNECTION_GRANTED;
+import static org.elasticsearch.xpack.security.audit.index.IndexAuditLevel.RUN_AS_DENIED;
+import static org.elasticsearch.xpack.security.audit.index.IndexAuditLevel.RUN_AS_GRANTED;
+import static org.elasticsearch.xpack.security.audit.index.IndexAuditLevel.SYSTEM_ACCESS_GRANTED;
+import static org.elasticsearch.xpack.security.audit.index.IndexAuditLevel.TAMPERED_REQUEST;
+import static org.elasticsearch.xpack.security.audit.index.IndexAuditLevel.parse;
+import static org.elasticsearch.xpack.security.audit.index.IndexNameResolver.resolve;
+import static org.elasticsearch.xpack.security.Security.setting;
 
 /**
  * Audit trail implementation that writes events into an index.
@@ -109,15 +108,15 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
     public static final TimeValue DEFAULT_FLUSH_INTERVAL = TimeValue.timeValueSeconds(1);
     public static final IndexNameResolver.Rollover DEFAULT_ROLLOVER = IndexNameResolver.Rollover.DAILY;
     public static final String NAME = "index";
-    public static final String INDEX_NAME_PREFIX = ".shield_audit_log";
+    public static final String INDEX_NAME_PREFIX = ".security_audit_log";
     public static final String DOC_TYPE = "event";
     public static final Setting<IndexNameResolver.Rollover> ROLLOVER_SETTING =
             new Setting<>(setting("audit.index.rollover"), (s) -> DEFAULT_ROLLOVER.name(),
                     s -> IndexNameResolver.Rollover.valueOf(s.toUpperCase(Locale.ENGLISH)), Property.NodeScope);
     public static final Setting<Integer> QUEUE_SIZE_SETTING =
             Setting.intSetting(setting("audit.index.queue_max_size"), DEFAULT_MAX_QUEUE_SIZE, 1, Property.NodeScope);
-    public static final String INDEX_TEMPLATE_NAME = "shield_audit_log";
-    public static final String DEFAULT_CLIENT_NAME = "shield-audit-client";
+    public static final String INDEX_TEMPLATE_NAME = "security_audit_log";
+    public static final String DEFAULT_CLIENT_NAME = "security-audit-client";
 
     static final List<String> DEFAULT_EVENT_INCLUDES = Arrays.asList(
             ACCESS_DENIED.toString(),
@@ -213,7 +212,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
      * <ol>
      * <li>The cluster must not have a {@link GatewayService#STATE_NOT_RECOVERED_BLOCK}; in other words the gateway
      * must have recovered from disk already.</li>
-     * <li>The current node must be the master OR the <code>shield_audit_log</code> index template must exist</li>
+     * <li>The current node must be the master OR the <code>security_audit_log</code> index template must exist</li>
      * <li>The current audit index must not exist or have all primary shards active. The current audit index name
      * is determined by the rollover settings and current time</li>
      * </ol>
@@ -242,36 +241,36 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
 
     private boolean canStart(ClusterState clusterState, boolean master) {
         if (clusterState.blocks().hasGlobalBlock(GatewayService.STATE_NOT_RECOVERED_BLOCK)) {
-            // wait until the gateway has recovered from disk, otherwise we think may not have .shield-audit-
+            // wait until the gateway has recovered from disk, otherwise we think may not have audit indices
             // but they may not have been restored from the cluster state on disk
             logger.debug("index audit trail waiting until gateway has recovered from disk");
             return false;
         }
 
         if (!master && clusterState.metaData().templates().get(INDEX_TEMPLATE_NAME) == null) {
-            logger.debug("shield audit index template [{}] does not exist, so service cannot start", INDEX_TEMPLATE_NAME);
+            logger.debug("security audit index template [{}] does not exist, so service cannot start", INDEX_TEMPLATE_NAME);
             return false;
         }
 
         String index = resolve(INDEX_NAME_PREFIX, DateTime.now(DateTimeZone.UTC), rollover);
         IndexMetaData metaData = clusterState.metaData().index(index);
         if (metaData == null) {
-            logger.debug("shield audit index [{}] does not exist, so service can start", index);
+            logger.debug("security audit index [{}] does not exist, so service can start", index);
             return true;
         }
 
         if (clusterState.routingTable().index(index).allPrimaryShardsActive()) {
-            logger.debug("shield audit index [{}] all primary shards started, so service can start", index);
+            logger.debug("security audit index [{}] all primary shards started, so service can start", index);
             return true;
         }
-        logger.debug("shield audit index [{}] does not have all primary shards started, so service cannot start", index);
+        logger.debug("security audit index [{}] does not have all primary shards started, so service cannot start", index);
         return false;
     }
 
     /**
-     * Starts the service. The state is moved to {@link org.elasticsearch.shield.audit.index.IndexAuditTrail.State#STARTING}
+     * Starts the service. The state is moved to {@link org.elasticsearch.xpack.security.audit.index.IndexAuditTrail.State#STARTING}
      * at the beginning of the method. The service's components are initialized and if the current node is the master, the index
-     * template will be stored. The state is moved {@link org.elasticsearch.shield.audit.index.IndexAuditTrail.State#STARTED}
+     * template will be stored. The state is moved {@link org.elasticsearch.xpack.security.audit.index.IndexAuditTrail.State#STARTED}
      * and before returning the queue of messages that came before the service started is drained.
      *
      * @param master flag indicating if the current node is master
@@ -487,7 +486,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
     }
 
     @Override
-    public void connectionGranted(InetAddress inetAddress, String profile, ShieldIpFilterRule rule) {
+    public void connectionGranted(InetAddress inetAddress, String profile, SecurityIpFilterRule rule) {
         if (events.contains(CONNECTION_GRANTED)) {
             try {
                 enqueue(message("ip_filter", "connection_granted", inetAddress, profile, rule), "connection_granted");
@@ -498,7 +497,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
     }
 
     @Override
-    public void connectionDenied(InetAddress inetAddress, String profile, ShieldIpFilterRule rule) {
+    public void connectionDenied(InetAddress inetAddress, String profile, SecurityIpFilterRule rule) {
         if (events.contains(CONNECTION_DENIED)) {
             try {
                 enqueue(message("ip_filter", "connection_denied", inetAddress, profile, rule), "connection_denied");
@@ -652,7 +651,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
     }
 
     private Message message(String layer, String type, InetAddress originAddress, String profile,
-                            ShieldIpFilterRule rule) throws IOException {
+                            SecurityIpFilterRule rule) throws IOException {
 
         Message msg = new Message().start();
         common(layer, type, msg.builder);
@@ -883,12 +882,12 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
             return;
         }
         if (clusterChangedEvent.state().metaData().templates().get(INDEX_TEMPLATE_NAME) == null) {
-            logger.debug("shield audit index template [{}] does not exist. it may have been deleted - putting the template",
+            logger.debug("security audit index template [{}] does not exist. it may have been deleted - putting the template",
                     INDEX_TEMPLATE_NAME);
             threadPool.generic().execute(new AbstractRunnable() {
                 @Override
                 public void onFailure(Throwable throwable) {
-                    logger.error("failed to update shield audit index template [{}]", throwable, INDEX_TEMPLATE_NAME);
+                    logger.error("failed to update security audit index template [{}]", throwable, INDEX_TEMPLATE_NAME);
                 }
 
                 @Override
@@ -901,7 +900,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
                             putMappingLock.unlock();
                         }
                     } else {
-                        logger.trace("unable to PUT shield audit index template as the lock is already held");
+                        logger.trace("unable to PUT security audit index template as the lock is already held");
                     }
                 }
             });
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexNameResolver.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/index/IndexNameResolver.java
similarity index 95%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexNameResolver.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/index/IndexNameResolver.java
index 92198c0e255..5a65bf81305 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexNameResolver.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/index/IndexNameResolver.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.audit.index;
+package org.elasticsearch.xpack.security.audit.index;
 
 import org.joda.time.DateTime;
 import org.joda.time.format.DateTimeFormat;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrail.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrail.java
index 5df0f9f2d5e..f730873c145 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrail.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.audit.logfile;
+package org.elasticsearch.xpack.security.audit.logfile;
 
 import org.elasticsearch.common.component.AbstractLifecycleComponent;
 import org.elasticsearch.common.component.Lifecycle;
@@ -15,19 +15,18 @@ import org.elasticsearch.common.network.NetworkAddress;
 import org.elasticsearch.common.settings.Setting;
 import org.elasticsearch.common.settings.Setting.Property;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.common.settings.SettingsModule;
 import org.elasticsearch.common.transport.InetSocketTransportAddress;
 import org.elasticsearch.common.transport.TransportAddress;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
 import org.elasticsearch.rest.RestRequest;
-import org.elasticsearch.shield.user.SystemUser;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.user.XPackUser;
-import org.elasticsearch.shield.audit.AuditTrail;
-import org.elasticsearch.shield.authc.AuthenticationToken;
-import org.elasticsearch.shield.authz.privilege.SystemPrivilege;
-import org.elasticsearch.shield.rest.RemoteHostHeader;
-import org.elasticsearch.shield.transport.filter.ShieldIpFilterRule;
+import org.elasticsearch.xpack.security.user.SystemUser;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.user.XPackUser;
+import org.elasticsearch.xpack.security.audit.AuditTrail;
+import org.elasticsearch.xpack.security.authc.AuthenticationToken;
+import org.elasticsearch.xpack.security.authz.privilege.SystemPrivilege;
+import org.elasticsearch.xpack.security.rest.RemoteHostHeader;
+import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.Transport;
 import org.elasticsearch.transport.TransportMessage;
@@ -38,9 +37,9 @@ import java.net.SocketAddress;
 import java.util.List;
 
 import static org.elasticsearch.common.Strings.arrayToCommaDelimitedString;
-import static org.elasticsearch.shield.audit.AuditUtil.indices;
-import static org.elasticsearch.shield.audit.AuditUtil.restRequestContent;
-import static org.elasticsearch.shield.Security.setting;
+import static org.elasticsearch.xpack.security.audit.AuditUtil.indices;
+import static org.elasticsearch.xpack.security.audit.AuditUtil.restRequestContent;
+import static org.elasticsearch.xpack.security.Security.setting;
 
 /**
  *
@@ -347,7 +346,7 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent<LoggingAuditTr
     }
 
     @Override
-    public void connectionGranted(InetAddress inetAddress, String profile, ShieldIpFilterRule rule) {
+    public void connectionGranted(InetAddress inetAddress, String profile, SecurityIpFilterRule rule) {
         if (logger.isTraceEnabled()) {
             logger.trace("{}[ip_filter] [connection_granted]\torigin_address=[{}], transport_profile=[{}], rule=[{}]", prefix,
                     NetworkAddress.format(inetAddress), profile, rule);
@@ -355,7 +354,7 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent<LoggingAuditTr
     }
 
     @Override
-    public void connectionDenied(InetAddress inetAddress, String profile, ShieldIpFilterRule rule) {
+    public void connectionDenied(InetAddress inetAddress, String profile, SecurityIpFilterRule rule) {
         logger.error("{}[ip_filter] [connection_denied]\torigin_address=[{}], transport_profile=[{}], rule=[{}]", prefix,
                 NetworkAddress.format(inetAddress), profile, rule);
     }
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Authentication.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/Authentication.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Authentication.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/Authentication.java
index 9e08a7b7dc8..b486b6ac191 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Authentication.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/Authentication.java
@@ -3,15 +3,15 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc;
+package org.elasticsearch.xpack.security.authc;
 
 import org.elasticsearch.Version;
 import org.elasticsearch.common.io.stream.BytesStreamOutput;
 import org.elasticsearch.common.io.stream.StreamInput;
 import org.elasticsearch.common.io.stream.StreamOutput;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.crypto.CryptoService;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.crypto.CryptoService;
+import org.elasticsearch.xpack.security.user.User;
 
 import java.io.IOException;
 import java.util.Base64;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/AuthenticationFailureHandler.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticationFailureHandler.java
similarity index 99%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/AuthenticationFailureHandler.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticationFailureHandler.java
index f4c5ae4c655..bf6128e15e0 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/AuthenticationFailureHandler.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticationFailureHandler.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc;
+package org.elasticsearch.xpack.security.authc;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/AuthenticationModule.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticationModule.java
similarity index 83%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/AuthenticationModule.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticationModule.java
index 5751aed66d0..afdf6f563c2 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/AuthenticationModule.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticationModule.java
@@ -3,20 +3,20 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc;
+package org.elasticsearch.xpack.security.authc;
 
 import org.elasticsearch.common.inject.multibindings.MapBinder;
 import org.elasticsearch.common.inject.util.Providers;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authc.activedirectory.ActiveDirectoryRealm;
-import org.elasticsearch.shield.authc.esnative.NativeRealm;
-import org.elasticsearch.shield.authc.esnative.NativeUsersStore;
-import org.elasticsearch.shield.authc.file.FileRealm;
-import org.elasticsearch.shield.authc.esnative.ReservedRealm;
-import org.elasticsearch.shield.authc.ldap.LdapRealm;
-import org.elasticsearch.shield.authc.pki.PkiRealm;
-import org.elasticsearch.shield.support.AbstractShieldModule;
-import org.elasticsearch.shield.user.AnonymousUser;
+import org.elasticsearch.xpack.security.authc.activedirectory.ActiveDirectoryRealm;
+import org.elasticsearch.xpack.security.authc.esnative.NativeRealm;
+import org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore;
+import org.elasticsearch.xpack.security.authc.file.FileRealm;
+import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm;
+import org.elasticsearch.xpack.security.authc.ldap.LdapRealm;
+import org.elasticsearch.xpack.security.authc.pki.PkiRealm;
+import org.elasticsearch.xpack.security.support.AbstractSecurityModule;
+import org.elasticsearch.xpack.security.user.AnonymousUser;
 
 import java.util.Arrays;
 import java.util.HashMap;
@@ -27,7 +27,7 @@ import java.util.Map.Entry;
 /**
  *
  */
-public class AuthenticationModule extends AbstractShieldModule.Node {
+public class AuthenticationModule extends AbstractSecurityModule.Node {
 
     static final List<String> INTERNAL_REALM_TYPES =
             Arrays.asList(ReservedRealm.TYPE, NativeRealm.TYPE, FileRealm.TYPE, ActiveDirectoryRealm.TYPE, LdapRealm.TYPE, PkiRealm.TYPE);
@@ -43,7 +43,7 @@ public class AuthenticationModule extends AbstractShieldModule.Node {
 
     @Override
     protected void configureNode() {
-        if (!shieldEnabled) {
+        if (!securityEnabled) {
             bind(Realms.class).toProvider(Providers.of(null));
             return;
         }
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/AuthenticationService.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticationService.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/AuthenticationService.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticationService.java
index d074a89243d..bab60b48076 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/AuthenticationService.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticationService.java
@@ -3,11 +3,11 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc;
+package org.elasticsearch.xpack.security.authc;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.rest.RestRequest;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.user.User;
 import org.elasticsearch.transport.TransportMessage;
 
 import java.io.IOException;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/AuthenticationToken.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticationToken.java
similarity index 93%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/AuthenticationToken.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticationToken.java
index 54746d0e75c..2669e1c460d 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/AuthenticationToken.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticationToken.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc;
+package org.elasticsearch.xpack.security.authc;
 
 /**
  * Interface for a token that is used for authentication. This token is the representation of the authentication
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/DefaultAuthenticationFailureHandler.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/DefaultAuthenticationFailureHandler.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/DefaultAuthenticationFailureHandler.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/DefaultAuthenticationFailureHandler.java
index e56def1924a..9af11e1af80 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/DefaultAuthenticationFailureHandler.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/DefaultAuthenticationFailureHandler.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc;
+package org.elasticsearch.xpack.security.authc;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
@@ -11,7 +11,7 @@ import org.elasticsearch.rest.RestRequest;
 import org.elasticsearch.rest.RestStatus;
 import org.elasticsearch.transport.TransportMessage;
 
-import static org.elasticsearch.shield.support.Exceptions.authenticationError;
+import static org.elasticsearch.xpack.security.support.Exceptions.authenticationError;
 
 /**
  * The default implementation of a {@link AuthenticationFailureHandler}. This handler will return an exception with a
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/InternalAuthenticationService.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/InternalAuthenticationService.java
index a3a7fe4fe0b..5e99745bf0f 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/InternalAuthenticationService.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc;
+package org.elasticsearch.xpack.security.authc;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.common.Nullable;
@@ -17,18 +17,18 @@ import org.elasticsearch.common.util.concurrent.ThreadContext;
 import org.elasticsearch.rest.RestController;
 import org.elasticsearch.node.Node;
 import org.elasticsearch.rest.RestRequest;
-import org.elasticsearch.shield.authc.Authentication.RealmRef;
-import org.elasticsearch.shield.user.AnonymousUser;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.audit.AuditTrail;
-import org.elasticsearch.shield.crypto.CryptoService;
+import org.elasticsearch.xpack.security.authc.Authentication.RealmRef;
+import org.elasticsearch.xpack.security.user.AnonymousUser;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.audit.AuditTrail;
+import org.elasticsearch.xpack.security.crypto.CryptoService;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.TransportMessage;
 
 import java.io.IOException;
 import java.util.List;
 
-import static org.elasticsearch.shield.Security.setting;
+import static org.elasticsearch.xpack.security.Security.setting;
 
 /**
  * An authentication service that delegates the authentication process to its configured {@link Realm realms}.
@@ -41,7 +41,7 @@ public class InternalAuthenticationService extends AbstractComponent implements
             Setting.boolSetting(setting("authc.sign_user_header"), true, Property.NodeScope);
     public static final Setting<Boolean> RUN_AS_ENABLED =
             Setting.boolSetting(setting("authc.run_as.enabled"), true, Property.NodeScope);
-    public static final String RUN_AS_USER_HEADER = "es-shield-runas-user";
+    public static final String RUN_AS_USER_HEADER = "es-security-runas-user";
 
     private final Realms realms;
     private final AuditTrail auditTrail;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Realm.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/Realm.java
similarity index 94%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Realm.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/Realm.java
index b9aac447ac0..53c0cdd55fb 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Realm.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/Realm.java
@@ -3,18 +3,18 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc;
+package org.elasticsearch.xpack.security.authc;
 
 import org.elasticsearch.common.logging.ESLogger;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.user.User;
 
 import java.util.HashMap;
 import java.util.Map;
 
 /**
- * An authentication mechanism to which the default authentication {@link org.elasticsearch.shield.authc.AuthenticationService service}
- * delegates the authentication process. Different realms may be defined, each may be based on different
+ * An authentication mechanism to which the default authentication {@link org.elasticsearch.xpack.security.authc.AuthenticationService
+ * service } delegates the authentication process. Different realms may be defined, each may be based on different
  * authentication mechanism supporting its own specific authentication token type.
  */
 public abstract class Realm<T extends AuthenticationToken> implements Comparable<Realm> {
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/RealmConfig.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/RealmConfig.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/RealmConfig.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/RealmConfig.java
index 611079941cc..a6e4d42dba7 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/RealmConfig.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/RealmConfig.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc;
+package org.elasticsearch.xpack.security.authc;
 
 import org.elasticsearch.common.logging.ESLogger;
 import org.elasticsearch.common.logging.Loggers;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Realms.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/Realms.java
similarity index 90%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Realms.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/Realms.java
index b2981ec9d1f..971d0fb7c75 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Realms.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/Realms.java
@@ -3,22 +3,20 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc;
+package org.elasticsearch.xpack.security.authc;
 
 import org.elasticsearch.ElasticsearchException;
-import org.elasticsearch.common.collect.Iterators;
 import org.elasticsearch.common.component.AbstractLifecycleComponent;
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.settings.Setting;
 import org.elasticsearch.common.settings.Setting.Property;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.common.settings.SettingsModule;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.shield.SecurityLicenseState.EnabledRealmType;
-import org.elasticsearch.shield.authc.esnative.ReservedRealm;
-import org.elasticsearch.shield.authc.esnative.NativeRealm;
-import org.elasticsearch.shield.authc.file.FileRealm;
-import org.elasticsearch.shield.SecurityLicenseState;
+import org.elasticsearch.xpack.security.SecurityLicenseState.EnabledRealmType;
+import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm;
+import org.elasticsearch.xpack.security.authc.esnative.NativeRealm;
+import org.elasticsearch.xpack.security.authc.file.FileRealm;
+import org.elasticsearch.xpack.security.SecurityLicenseState;
 
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -29,7 +27,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
-import static org.elasticsearch.shield.Security.setting;
+import static org.elasticsearch.xpack.security.Security.setting;
 
 /**
  * Serves as a realms registry (also responsible for ordering the realms appropriately)
@@ -40,7 +38,7 @@ public class Realms extends AbstractLifecycleComponent<Realms> implements Iterab
 
     private final Environment env;
     private final Map<String, Realm.Factory> factories;
-    private final SecurityLicenseState shieldLicenseState;
+    private final SecurityLicenseState securityLicenseState;
     private final ReservedRealm reservedRealm;
 
     protected List<Realm> realms = Collections.emptyList();
@@ -50,12 +48,12 @@ public class Realms extends AbstractLifecycleComponent<Realms> implements Iterab
     protected List<Realm> nativeRealmsOnly = Collections.emptyList();
 
     @Inject
-    public Realms(Settings settings, Environment env, Map<String, Realm.Factory> factories, SecurityLicenseState shieldLicenseState,
+    public Realms(Settings settings, Environment env, Map<String, Realm.Factory> factories, SecurityLicenseState securityLicenseState,
                   ReservedRealm reservedRealm) {
         super(settings);
         this.env = env;
         this.factories = factories;
-        this.shieldLicenseState = shieldLicenseState;
+        this.securityLicenseState = securityLicenseState;
         this.reservedRealm = reservedRealm;
     }
 
@@ -102,11 +100,11 @@ public class Realms extends AbstractLifecycleComponent<Realms> implements Iterab
 
     @Override
     public Iterator<Realm> iterator() {
-        if (shieldLicenseState.authenticationAndAuthorizationEnabled() == false) {
+        if (securityLicenseState.authenticationAndAuthorizationEnabled() == false) {
             return Collections.emptyIterator();
         }
 
-        EnabledRealmType enabledRealmType = shieldLicenseState.enabledRealmType();
+        EnabledRealmType enabledRealmType = securityLicenseState.enabledRealmType();
         switch (enabledRealmType) {
             case ALL:
                 return realms.iterator();
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryGroupsResolver.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryGroupsResolver.java
similarity index 88%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryGroupsResolver.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryGroupsResolver.java
index 5f71e1fcbb0..1d98ce6ea54 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryGroupsResolver.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryGroupsResolver.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.activedirectory;
+package org.elasticsearch.xpack.security.authc.activedirectory;
 
 import com.unboundid.ldap.sdk.Attribute;
 import com.unboundid.ldap.sdk.Filter;
@@ -17,16 +17,16 @@ import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.logging.ESLogger;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.unit.TimeValue;
-import org.elasticsearch.shield.authc.ldap.support.LdapSearchScope;
-import org.elasticsearch.shield.authc.ldap.support.LdapSession.GroupsResolver;
-import org.elasticsearch.shield.support.Exceptions;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapSearchScope;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession.GroupsResolver;
+import org.elasticsearch.xpack.security.support.Exceptions;
 
 import java.util.ArrayList;
 import java.util.List;
 
-import static org.elasticsearch.shield.authc.ldap.support.LdapUtils.OBJECT_CLASS_PRESENCE_FILTER;
-import static org.elasticsearch.shield.authc.ldap.support.LdapUtils.search;
-import static org.elasticsearch.shield.authc.ldap.support.LdapUtils.searchForEntry;
+import static org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils.OBJECT_CLASS_PRESENCE_FILTER;
+import static org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils.search;
+import static org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils.searchForEntry;
 
 /**
  *
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryRealm.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryRealm.java
similarity index 83%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryRealm.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryRealm.java
index 254ce8312a3..e32d5124f9c 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryRealm.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryRealm.java
@@ -3,14 +3,14 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.activedirectory;
+package org.elasticsearch.xpack.security.authc.activedirectory;
 
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.rest.RestController;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.ldap.support.AbstractLdapRealm;
-import org.elasticsearch.shield.authc.support.DnRoleMapper;
-import org.elasticsearch.shield.ssl.ClientSSLService;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.ldap.support.AbstractLdapRealm;
+import org.elasticsearch.xpack.security.authc.support.DnRoleMapper;
+import org.elasticsearch.xpack.security.ssl.ClientSSLService;
 import org.elasticsearch.watcher.ResourceWatcherService;
 
 /**
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectorySessionFactory.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectorySessionFactory.java
similarity index 85%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectorySessionFactory.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectorySessionFactory.java
index 3648bd9d3cb..365724ee2f0 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectorySessionFactory.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectorySessionFactory.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.activedirectory;
+package org.elasticsearch.xpack.security.authc.activedirectory;
 
 import com.unboundid.ldap.sdk.LDAPConnection;
 import com.unboundid.ldap.sdk.LDAPException;
@@ -11,19 +11,19 @@ import com.unboundid.ldap.sdk.SearchRequest;
 import com.unboundid.ldap.sdk.SearchResult;
 import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.ldap.support.LdapSearchScope;
-import org.elasticsearch.shield.authc.ldap.support.LdapSession;
-import org.elasticsearch.shield.authc.ldap.support.LdapSession.GroupsResolver;
-import org.elasticsearch.shield.authc.ldap.support.SessionFactory;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.ssl.ClientSSLService;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapSearchScope;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession.GroupsResolver;
+import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.ssl.ClientSSLService;
 
 import java.io.IOException;
 
-import static org.elasticsearch.shield.authc.ldap.support.LdapUtils.createFilter;
-import static org.elasticsearch.shield.authc.ldap.support.LdapUtils.search;
-import static org.elasticsearch.shield.support.Exceptions.authenticationError;
+import static org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils.createFilter;
+import static org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils.search;
+import static org.elasticsearch.xpack.security.support.Exceptions.authenticationError;
 
 /**
  * This Class creates LdapSessions authenticating via the custom Active Directory protocol.  (that being
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/esnative/NativeRealm.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/NativeRealm.java
similarity index 86%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/esnative/NativeRealm.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/NativeRealm.java
index a7eadbdaef9..be8b2a65250 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/esnative/NativeRealm.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/NativeRealm.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.esnative;
+package org.elasticsearch.xpack.security.authc.esnative;
 
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.settings.Setting;
@@ -11,11 +11,11 @@ import org.elasticsearch.common.settings.Setting.Property;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.unit.TimeValue;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.authc.Realm;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.support.CachingUsernamePasswordRealm;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.authc.Realm;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
 
 import java.util.List;
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/esnative/NativeUsersStore.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/NativeUsersStore.java
similarity index 92%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/esnative/NativeUsersStore.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/NativeUsersStore.java
index 052813d801f..37bc6a135ad 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/esnative/NativeUsersStore.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/NativeUsersStore.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.esnative;
+package org.elasticsearch.xpack.security.authc.esnative;
 
 import com.carrotsearch.hppc.ObjectHashSet;
 import com.carrotsearch.hppc.ObjectLongHashMap;
@@ -40,7 +40,6 @@ import org.elasticsearch.common.inject.Provider;
 import org.elasticsearch.common.settings.Setting;
 import org.elasticsearch.common.settings.Setting.Property;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.common.settings.SettingsModule;
 import org.elasticsearch.common.unit.TimeValue;
 import org.elasticsearch.common.util.concurrent.AbstractRunnable;
 import org.elasticsearch.gateway.GatewayService;
@@ -49,20 +48,20 @@ import org.elasticsearch.index.engine.DocumentMissingException;
 import org.elasticsearch.index.query.QueryBuilder;
 import org.elasticsearch.index.query.QueryBuilders;
 import org.elasticsearch.search.SearchHit;
-import org.elasticsearch.shield.InternalClient;
-import org.elasticsearch.shield.ShieldTemplateService;
-import org.elasticsearch.shield.action.realm.ClearRealmCacheRequest;
-import org.elasticsearch.shield.action.realm.ClearRealmCacheResponse;
-import org.elasticsearch.shield.action.user.ChangePasswordRequest;
-import org.elasticsearch.shield.action.user.DeleteUserRequest;
-import org.elasticsearch.shield.action.user.PutUserRequest;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.client.SecurityClient;
-import org.elasticsearch.shield.support.SelfReschedulingRunnable;
-import org.elasticsearch.shield.user.SystemUser;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.user.User.Fields;
+import org.elasticsearch.xpack.security.InternalClient;
+import org.elasticsearch.xpack.security.SecurityTemplateService;
+import org.elasticsearch.xpack.security.action.realm.ClearRealmCacheRequest;
+import org.elasticsearch.xpack.security.action.realm.ClearRealmCacheResponse;
+import org.elasticsearch.xpack.security.action.user.ChangePasswordRequest;
+import org.elasticsearch.xpack.security.action.user.DeleteUserRequest;
+import org.elasticsearch.xpack.security.action.user.PutUserRequest;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.client.SecurityClient;
+import org.elasticsearch.xpack.security.support.SelfReschedulingRunnable;
+import org.elasticsearch.xpack.security.user.SystemUser;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.user.User.Fields;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.threadpool.ThreadPool.Names;
 
@@ -78,7 +77,7 @@ import java.util.concurrent.TimeUnit;
 import java.util.concurrent.TimeoutException;
 import java.util.concurrent.atomic.AtomicReference;
 
-import static org.elasticsearch.shield.Security.setting;
+import static org.elasticsearch.xpack.security.Security.setting;
 
 /**
  * ESNativeUsersStore is a {@code UserStore} that, instead of reading from a
@@ -123,7 +122,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
     private int scrollSize;
     private TimeValue scrollKeepAlive;
 
-    private volatile boolean shieldIndexExists = false;
+    private volatile boolean securityIndexExists = false;
 
     @Inject
     public NativeUsersStore(Settings settings, Provider<InternalClient> clientProvider, ThreadPool threadPool) {
@@ -191,7 +190,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
             } else {
                 query = QueryBuilders.boolQuery().filter(QueryBuilders.idsQuery(USER_DOC_TYPE).addIds(usernames));
             }
-            SearchRequest request = client.prepareSearch(ShieldTemplateService.SECURITY_INDEX_NAME)
+            SearchRequest request = client.prepareSearch(SecurityTemplateService.SECURITY_INDEX_NAME)
                     .setScroll(scrollKeepAlive)
                     .setTypes(USER_DOC_TYPE)
                     .setQuery(query)
@@ -280,7 +279,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
 
     private void getUserAndPassword(final String user, final ActionListener<UserAndPassword> listener) {
         try {
-            GetRequest request = client.prepareGet(ShieldTemplateService.SECURITY_INDEX_NAME, USER_DOC_TYPE, user).request();
+            GetRequest request = client.prepareGet(SecurityTemplateService.SECURITY_INDEX_NAME, USER_DOC_TYPE, user).request();
             client.get(request, new ActionListener<GetResponse>() {
                 @Override
                 public void onResponse(GetResponse response) {
@@ -324,7 +323,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
             docType = USER_DOC_TYPE;
         }
 
-        client.prepareUpdate(ShieldTemplateService.SECURITY_INDEX_NAME, docType, username)
+        client.prepareUpdate(SecurityTemplateService.SECURITY_INDEX_NAME, docType, username)
                 .setDoc(Fields.PASSWORD.getPreferredName(), String.valueOf(request.passwordHash()))
                 .setRefreshPolicy(request.getRefreshPolicy())
                 .execute(new ActionListener<UpdateResponse>() {
@@ -359,7 +358,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
     }
 
     private void createReservedUser(String username, char[] passwordHash, RefreshPolicy refresh, ActionListener<Void> listener) {
-        client.prepareIndex(ShieldTemplateService.SECURITY_INDEX_NAME, RESERVED_USER_DOC_TYPE, username)
+        client.prepareIndex(SecurityTemplateService.SECURITY_INDEX_NAME, RESERVED_USER_DOC_TYPE, username)
                 .setSource(Fields.PASSWORD.getPreferredName(), String.valueOf(passwordHash))
                 .setRefreshPolicy(refresh)
                 .execute(new ActionListener<IndexResponse>() {
@@ -396,7 +395,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
     private void updateUserWithoutPassword(final PutUserRequest putUserRequest, final ActionListener<Boolean> listener) {
         assert putUserRequest.passwordHash() == null;
         // We must have an existing document
-        client.prepareUpdate(ShieldTemplateService.SECURITY_INDEX_NAME, USER_DOC_TYPE, putUserRequest.username())
+        client.prepareUpdate(SecurityTemplateService.SECURITY_INDEX_NAME, USER_DOC_TYPE, putUserRequest.username())
                 .setDoc(User.Fields.USERNAME.getPreferredName(), putUserRequest.username(),
                         User.Fields.ROLES.getPreferredName(), putUserRequest.roles(),
                         User.Fields.FULL_NAME.getPreferredName(), putUserRequest.fullName(),
@@ -434,7 +433,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
 
     private void indexUser(final PutUserRequest putUserRequest, final ActionListener<Boolean> listener) {
         assert putUserRequest.passwordHash() != null;
-        client.prepareIndex(ShieldTemplateService.SECURITY_INDEX_NAME,
+        client.prepareIndex(SecurityTemplateService.SECURITY_INDEX_NAME,
                 USER_DOC_TYPE, putUserRequest.username())
                 .setSource(User.Fields.USERNAME.getPreferredName(), putUserRequest.username(),
                         User.Fields.PASSWORD.getPreferredName(), String.valueOf(putUserRequest.passwordHash()),
@@ -469,7 +468,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
         }
 
         try {
-            DeleteRequest request = client.prepareDelete(ShieldTemplateService.SECURITY_INDEX_NAME,
+            DeleteRequest request = client.prepareDelete(SecurityTemplateService.SECURITY_INDEX_NAME,
                     USER_DOC_TYPE, deleteUserRequest.username()).request();
             request.indicesOptions().ignoreUnavailable();
             request.setRefreshPolicy(deleteUserRequest.refresh() ? RefreshPolicy.IMMEDIATE : RefreshPolicy.WAIT_UNTIL);
@@ -503,22 +502,22 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
             return false;
         }
 
-        if (clusterState.metaData().templates().get(ShieldTemplateService.SECURITY_TEMPLATE_NAME) == null) {
+        if (clusterState.metaData().templates().get(SecurityTemplateService.SECURITY_TEMPLATE_NAME) == null) {
             logger.debug("native users template [{}] does not exist, so service cannot start",
-                    ShieldTemplateService.SECURITY_TEMPLATE_NAME);
+                    SecurityTemplateService.SECURITY_TEMPLATE_NAME);
             return false;
         }
 
-        IndexMetaData metaData = clusterState.metaData().index(ShieldTemplateService.SECURITY_INDEX_NAME);
+        IndexMetaData metaData = clusterState.metaData().index(SecurityTemplateService.SECURITY_INDEX_NAME);
         if (metaData == null) {
-            logger.debug("security index [{}] does not exist, so service can start", ShieldTemplateService.SECURITY_INDEX_NAME);
+            logger.debug("security index [{}] does not exist, so service can start", SecurityTemplateService.SECURITY_INDEX_NAME);
             return true;
         }
 
-        if (clusterState.routingTable().index(ShieldTemplateService.SECURITY_INDEX_NAME).allPrimaryShardsActive()) {
+        if (clusterState.routingTable().index(SecurityTemplateService.SECURITY_INDEX_NAME).allPrimaryShardsActive()) {
             logger.debug("security index [{}] all primary shards started, so service can start",
-                    ShieldTemplateService.SECURITY_INDEX_NAME);
-            shieldIndexExists = true;
+                    SecurityTemplateService.SECURITY_INDEX_NAME);
+            securityIndexExists = true;
             return true;
         }
         return false;
@@ -591,8 +590,8 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
         return state() == State.STARTED;
     }
 
-    boolean shieldIndexExists() {
-        return shieldIndexExists;
+    boolean securityIndexExists() {
+        return securityIndexExists;
     }
 
     char[] reservedUserPassword(String username) throws Throwable {
@@ -600,7 +599,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
         final AtomicReference<char[]> passwordHash = new AtomicReference<>();
         final AtomicReference<Throwable> failure = new AtomicReference<>();
         final CountDownLatch latch = new CountDownLatch(1);
-        client.prepareGet(ShieldTemplateService.SECURITY_INDEX_NAME, RESERVED_USER_DOC_TYPE, username)
+        client.prepareGet(SecurityTemplateService.SECURITY_INDEX_NAME, RESERVED_USER_DOC_TYPE, username)
                 .execute(new LatchedActionListener<>(new ActionListener<GetResponse>() {
                     @Override
                     public void onResponse(GetResponse getResponse) {
@@ -681,15 +680,15 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
 
     @Override
     public void clusterChanged(ClusterChangedEvent event) {
-        final boolean exists = event.state().metaData().indices().get(ShieldTemplateService.SECURITY_INDEX_NAME) != null;
+        final boolean exists = event.state().metaData().indices().get(SecurityTemplateService.SECURITY_INDEX_NAME) != null;
         // make sure all the primaries are active
-        if (exists && event.state().routingTable().index(ShieldTemplateService.SECURITY_INDEX_NAME).allPrimaryShardsActive()) {
+        if (exists && event.state().routingTable().index(SecurityTemplateService.SECURITY_INDEX_NAME).allPrimaryShardsActive()) {
             logger.debug("security index [{}] all primary shards started, so polling can start",
-                    ShieldTemplateService.SECURITY_INDEX_NAME);
-            shieldIndexExists = true;
+                    SecurityTemplateService.SECURITY_INDEX_NAME);
+            securityIndexExists = true;
         } else {
             // always set the value - it may have changed...
-            shieldIndexExists = false;
+            securityIndexExists = false;
         }
     }
 
@@ -705,7 +704,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
         }
         this.listeners.clear();
         this.client = null;
-        this.shieldIndexExists = false;
+        this.securityIndexExists = false;
         this.state.set(State.INITIALIZED);
     }
 
@@ -742,8 +741,8 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
             if (isStopped()) {
                 return;
             }
-            if (shieldIndexExists == false) {
-                logger.trace("cannot poll for user changes since security index [{}] does not exist", ShieldTemplateService
+            if (securityIndexExists == false) {
+                logger.trace("cannot poll for user changes since security index [{}] does not exist", SecurityTemplateService
                         .SECURITY_INDEX_NAME);
                 return;
             }
@@ -770,8 +769,8 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
 
             SearchResponse response = null;
             try {
-                client.admin().indices().prepareRefresh(ShieldTemplateService.SECURITY_INDEX_NAME).get();
-                response = client.prepareSearch(ShieldTemplateService.SECURITY_INDEX_NAME)
+                client.admin().indices().prepareRefresh(SecurityTemplateService.SECURITY_INDEX_NAME).get();
+                response = client.prepareSearch(SecurityTemplateService.SECURITY_INDEX_NAME)
                         .setScroll(scrollKeepAlive)
                         .setQuery(QueryBuilders.typeQuery(docType))
                         .setSize(scrollSize)
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/esnative/ReservedRealm.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ReservedRealm.java
similarity index 83%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/esnative/ReservedRealm.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ReservedRealm.java
index 115ef62a5f1..2c2d0a09a29 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/esnative/ReservedRealm.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ReservedRealm.java
@@ -3,22 +3,22 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.esnative;
+package org.elasticsearch.xpack.security.authc.esnative;
 
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.esnative.NativeUsersStore.ChangeListener;
-import org.elasticsearch.shield.authc.support.CachingUsernamePasswordRealm;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
-import org.elasticsearch.shield.support.Exceptions;
-import org.elasticsearch.shield.user.AnonymousUser;
-import org.elasticsearch.shield.user.KibanaUser;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.user.ElasticUser;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore.ChangeListener;
+import org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
+import org.elasticsearch.xpack.security.support.Exceptions;
+import org.elasticsearch.xpack.security.user.AnonymousUser;
+import org.elasticsearch.xpack.security.user.KibanaUser;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.user.ElasticUser;
 
 import java.util.Arrays;
 import java.util.Collection;
@@ -122,7 +122,7 @@ public class ReservedRealm extends CachingUsernamePasswordRealm {
             return null;
         }
 
-        if (nativeUsersStore.shieldIndexExists() == false) {
+        if (nativeUsersStore.securityIndexExists() == false) {
             return DEFAULT_PASSWORD_HASH;
         }
         try {
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/esnative/UserAndPassword.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/UserAndPassword.java
similarity index 91%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/esnative/UserAndPassword.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/UserAndPassword.java
index 701b9764b8a..ac548dcd38d 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/esnative/UserAndPassword.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/UserAndPassword.java
@@ -3,9 +3,9 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.esnative;
+package org.elasticsearch.xpack.security.authc.esnative;
 
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.user.User;
 
 /**
  * Like User, but includes the hashed password
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/file/FileRealm.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileRealm.java
similarity index 87%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/file/FileRealm.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileRealm.java
index 3a17b6ec243..b30bde9b75a 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/file/FileRealm.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileRealm.java
@@ -3,18 +3,18 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.file;
+package org.elasticsearch.xpack.security.authc.file;
 
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.env.Environment;
 import org.elasticsearch.rest.RestController;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.support.CachingUsernamePasswordRealm;
-import org.elasticsearch.shield.authc.support.RefreshListener;
-import org.elasticsearch.shield.authc.support.UsernamePasswordRealm;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm;
+import org.elasticsearch.xpack.security.authc.support.RefreshListener;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordRealm;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
+import org.elasticsearch.xpack.security.user.User;
 import org.elasticsearch.watcher.ResourceWatcherService;
 
 import java.util.Map;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/file/FileUserPasswdStore.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserPasswdStore.java
similarity index 91%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/file/FileUserPasswdStore.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserPasswdStore.java
index 0086bf39fe5..ebd14bae17b 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/file/FileUserPasswdStore.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserPasswdStore.java
@@ -3,20 +3,20 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.file;
+package org.elasticsearch.xpack.security.authc.file;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.common.inject.internal.Nullable;
 import org.elasticsearch.common.logging.ESLogger;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.RefreshListener;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.support.NoOpLogger;
-import org.elasticsearch.shield.support.Validation;
-import org.elasticsearch.shield.support.Validation.Users;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.RefreshListener;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.support.NoOpLogger;
+import org.elasticsearch.xpack.security.support.Validation;
+import org.elasticsearch.xpack.security.support.Validation.Users;
 import org.elasticsearch.watcher.FileChangesListener;
 import org.elasticsearch.watcher.FileWatcher;
 import org.elasticsearch.watcher.ResourceWatcherService;
@@ -35,7 +35,7 @@ import java.util.concurrent.CopyOnWriteArrayList;
 
 import static java.util.Collections.emptyMap;
 import static java.util.Collections.unmodifiableMap;
-import static org.elasticsearch.shield.support.ShieldFiles.openAtomicMoveWriter;
+import static org.elasticsearch.xpack.security.support.SecurityFiles.openAtomicMoveWriter;
 
 /**
  *
@@ -106,7 +106,7 @@ public class FileUserPasswdStore {
 
     /**
      * Internally in this class, we try to load the file, but if for some reason we can't, we're being more lenient by
-     * logging the error and skipping all users. This is aligned with how we handle other auto-loaded files in shield.
+     * logging the error and skipping all users. This is aligned with how we handle other auto-loaded files in security.
      */
     static Map<String, char[]> parseFileLenient(Path path, ESLogger logger) {
         try {
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/file/FileUserRolesStore.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserRolesStore.java
similarity index 95%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/file/FileUserRolesStore.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserRolesStore.java
index 566adca87d0..b5bee42e46b 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/file/FileUserRolesStore.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserRolesStore.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.file;
+package org.elasticsearch.xpack.security.authc.file;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.common.Strings;
@@ -11,10 +11,10 @@ import org.elasticsearch.common.inject.internal.Nullable;
 import org.elasticsearch.common.logging.ESLogger;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.support.RefreshListener;
-import org.elasticsearch.shield.support.NoOpLogger;
-import org.elasticsearch.shield.support.Validation;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.support.RefreshListener;
+import org.elasticsearch.xpack.security.support.NoOpLogger;
+import org.elasticsearch.xpack.security.support.Validation;
 import org.elasticsearch.watcher.FileChangesListener;
 import org.elasticsearch.watcher.FileWatcher;
 import org.elasticsearch.watcher.ResourceWatcherService;
@@ -35,7 +35,7 @@ import java.util.regex.Pattern;
 
 import static java.util.Collections.emptyMap;
 import static java.util.Collections.unmodifiableMap;
-import static org.elasticsearch.shield.support.ShieldFiles.openAtomicMoveWriter;
+import static org.elasticsearch.xpack.security.support.SecurityFiles.openAtomicMoveWriter;
 
 /**
  *
@@ -98,7 +98,7 @@ public class FileUserRolesStore {
 
     /**
      * Internally in this class, we try to load the file, but if for some reason we can't, we're being more lenient by
-     * logging the error and skipping all enries. This is aligned with how we handle other auto-loaded files in shield.
+     * logging the error and skipping all enries. This is aligned with how we handle other auto-loaded files in security.
      */
     static Map<String, String[]> parseFileLenient(Path path, ESLogger logger) {
         try {
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/file/tool/UsersTool.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/file/tool/UsersTool.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/file/tool/UsersTool.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/file/tool/UsersTool.java
index f9a54452358..d86c747b3df 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/file/tool/UsersTool.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/file/tool/UsersTool.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.file.tool;
+package org.elasticsearch.xpack.security.authc.file.tool;
 
 import joptsimple.OptionSet;
 import joptsimple.OptionSpec;
@@ -17,16 +17,16 @@ import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.set.Sets;
 import org.elasticsearch.env.Environment;
 import org.elasticsearch.node.internal.InternalSettingsPreparer;
-import org.elasticsearch.shield.authc.Realms;
-import org.elasticsearch.shield.authc.file.FileUserPasswdStore;
-import org.elasticsearch.shield.authc.file.FileUserRolesStore;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authz.store.FileRolesStore;
-import org.elasticsearch.shield.authz.store.ReservedRolesStore;
-import org.elasticsearch.shield.support.FileAttributesChecker;
-import org.elasticsearch.shield.support.Validation;
-import org.elasticsearch.shield.support.Validation.Users;
+import org.elasticsearch.xpack.security.authc.Realms;
+import org.elasticsearch.xpack.security.authc.file.FileUserPasswdStore;
+import org.elasticsearch.xpack.security.authc.file.FileUserRolesStore;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authz.store.FileRolesStore;
+import org.elasticsearch.xpack.security.authz.store.ReservedRolesStore;
+import org.elasticsearch.xpack.security.support.FileAttributesChecker;
+import org.elasticsearch.xpack.security.support.Validation;
+import org.elasticsearch.xpack.security.support.Validation.Users;
 
 import java.nio.file.Files;
 import java.nio.file.Path;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/LdapRealm.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/LdapRealm.java
similarity index 86%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/LdapRealm.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/LdapRealm.java
index 02abc0843db..792e6975012 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/LdapRealm.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/LdapRealm.java
@@ -3,17 +3,17 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.ldap;
+package org.elasticsearch.xpack.security.authc.ldap;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.rest.RestController;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.ldap.support.AbstractLdapRealm;
-import org.elasticsearch.shield.authc.ldap.support.SessionFactory;
-import org.elasticsearch.shield.authc.support.DnRoleMapper;
-import org.elasticsearch.shield.ssl.ClientSSLService;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.ldap.support.AbstractLdapRealm;
+import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory;
+import org.elasticsearch.xpack.security.authc.support.DnRoleMapper;
+import org.elasticsearch.xpack.security.ssl.ClientSSLService;
 import org.elasticsearch.watcher.ResourceWatcherService;
 
 import java.io.IOException;
@@ -66,7 +66,7 @@ public class LdapRealm extends AbstractLdapRealm {
                 if (config.settings().getAsArray(LdapSessionFactory.USER_DN_TEMPLATES_SETTING).length > 0) {
                     throw new IllegalArgumentException("settings were found for both user search and user template modes of operation. " +
                             "Please remove the settings for the mode you do not wish to use. For more details refer to the ldap " +
-                            "authentication section of the Shield guide.");
+                            "authentication section of the X-Pack guide.");
                 }
                 return new LdapUserSearchSessionFactory(config, clientSSLService).init();
             }
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/LdapSessionFactory.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/LdapSessionFactory.java
similarity index 86%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/LdapSessionFactory.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/LdapSessionFactory.java
index bf05db74f62..f54c4399609 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/LdapSessionFactory.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/LdapSessionFactory.java
@@ -3,24 +3,24 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.ldap;
+package org.elasticsearch.xpack.security.authc.ldap;
 
 import com.unboundid.ldap.sdk.LDAPConnection;
 import com.unboundid.ldap.sdk.LDAPException;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.ldap.support.LdapSession;
-import org.elasticsearch.shield.authc.ldap.support.LdapSession.GroupsResolver;
-import org.elasticsearch.shield.authc.ldap.support.SessionFactory;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.ssl.ClientSSLService;
-import org.elasticsearch.shield.support.Exceptions;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession.GroupsResolver;
+import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.ssl.ClientSSLService;
+import org.elasticsearch.xpack.security.support.Exceptions;
 
 import java.io.IOException;
 import java.text.MessageFormat;
 import java.util.Locale;
 
-import static org.elasticsearch.shield.authc.ldap.support.LdapUtils.escapedRDNValue;
+import static org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils.escapedRDNValue;
 
 /**
  * This factory creates LDAP connections via iterating through user templates.
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/LdapUserSearchSessionFactory.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/LdapUserSearchSessionFactory.java
similarity index 92%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/LdapUserSearchSessionFactory.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/LdapUserSearchSessionFactory.java
index 0acb7b10088..fd84514a547 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/LdapUserSearchSessionFactory.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/LdapUserSearchSessionFactory.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.ldap;
+package org.elasticsearch.xpack.security.authc.ldap;
 
 import com.unboundid.ldap.sdk.GetEntryLDAPConnectionPoolHealthCheck;
 import com.unboundid.ldap.sdk.LDAPConnection;
@@ -17,21 +17,21 @@ import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.logging.ESLogger;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.unit.TimeValue;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.ldap.support.LdapSearchScope;
-import org.elasticsearch.shield.authc.ldap.support.LdapSession;
-import org.elasticsearch.shield.authc.ldap.support.LdapSession.GroupsResolver;
-import org.elasticsearch.shield.authc.ldap.support.SessionFactory;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.ssl.ClientSSLService;
-import org.elasticsearch.shield.support.Exceptions;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapSearchScope;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession.GroupsResolver;
+import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.ssl.ClientSSLService;
+import org.elasticsearch.xpack.security.support.Exceptions;
 
 import java.io.IOException;
 import java.util.Locale;
 
 import static com.unboundid.ldap.sdk.Filter.createEqualityFilter;
 import static com.unboundid.ldap.sdk.Filter.encodeValue;
-import static org.elasticsearch.shield.authc.ldap.support.LdapUtils.searchForEntry;
+import static org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils.searchForEntry;
 
 public class LdapUserSearchSessionFactory extends SessionFactory {
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/SearchGroupsResolver.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/SearchGroupsResolver.java
similarity index 84%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/SearchGroupsResolver.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/SearchGroupsResolver.java
index 776237e1bbc..12600548baf 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/SearchGroupsResolver.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/SearchGroupsResolver.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.ldap;
+package org.elasticsearch.xpack.security.authc.ldap;
 
 import com.unboundid.ldap.sdk.Attribute;
 import com.unboundid.ldap.sdk.LDAPException;
@@ -16,17 +16,17 @@ import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.logging.ESLogger;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.unit.TimeValue;
-import org.elasticsearch.shield.authc.ldap.support.LdapSearchScope;
-import org.elasticsearch.shield.authc.ldap.support.LdapSession.GroupsResolver;
-import org.elasticsearch.shield.support.Exceptions;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapSearchScope;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession.GroupsResolver;
+import org.elasticsearch.xpack.security.support.Exceptions;
 
 import java.util.LinkedList;
 import java.util.List;
 
-import static org.elasticsearch.shield.authc.ldap.support.LdapUtils.OBJECT_CLASS_PRESENCE_FILTER;
-import static org.elasticsearch.shield.authc.ldap.support.LdapUtils.createFilter;
-import static org.elasticsearch.shield.authc.ldap.support.LdapUtils.search;
-import static org.elasticsearch.shield.authc.ldap.support.LdapUtils.searchForEntry;
+import static org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils.OBJECT_CLASS_PRESENCE_FILTER;
+import static org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils.createFilter;
+import static org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils.search;
+import static org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils.searchForEntry;
 
 /**
 *
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/UserAttributeGroupsResolver.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/UserAttributeGroupsResolver.java
similarity index 85%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/UserAttributeGroupsResolver.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/UserAttributeGroupsResolver.java
index 97574faf73a..9ae30969696 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/UserAttributeGroupsResolver.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/UserAttributeGroupsResolver.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.ldap;
+package org.elasticsearch.xpack.security.authc.ldap;
 
 import com.unboundid.ldap.sdk.Attribute;
 import com.unboundid.ldap.sdk.LDAPException;
@@ -15,14 +15,14 @@ import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.common.logging.ESLogger;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.unit.TimeValue;
-import org.elasticsearch.shield.authc.ldap.support.LdapSession.GroupsResolver;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession.GroupsResolver;
 
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 
-import static org.elasticsearch.shield.authc.ldap.support.LdapUtils.OBJECT_CLASS_PRESENCE_FILTER;
-import static org.elasticsearch.shield.authc.ldap.support.LdapUtils.searchForEntry;
+import static org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils.OBJECT_CLASS_PRESENCE_FILTER;
+import static org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils.searchForEntry;
 
 /**
 *
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/support/AbstractLdapRealm.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/AbstractLdapRealm.java
similarity index 87%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/support/AbstractLdapRealm.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/AbstractLdapRealm.java
index c327a8d0d24..77e7a5baeb2 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/support/AbstractLdapRealm.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/AbstractLdapRealm.java
@@ -3,16 +3,16 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.ldap.support;
+package org.elasticsearch.xpack.security.authc.ldap.support;
 
 import org.elasticsearch.rest.RestController;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.support.CachingUsernamePasswordRealm;
-import org.elasticsearch.shield.authc.support.DnRoleMapper;
-import org.elasticsearch.shield.authc.support.RefreshListener;
-import org.elasticsearch.shield.authc.support.UsernamePasswordRealm;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm;
+import org.elasticsearch.xpack.security.authc.support.DnRoleMapper;
+import org.elasticsearch.xpack.security.authc.support.RefreshListener;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordRealm;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
 
 import java.util.List;
 import java.util.Map;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/support/LdapLoadBalancing.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapLoadBalancing.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/support/LdapLoadBalancing.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapLoadBalancing.java
index f0454530099..ba8b270790d 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/support/LdapLoadBalancing.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapLoadBalancing.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.ldap.support;
+package org.elasticsearch.xpack.security.authc.ldap.support;
 
 import com.unboundid.ldap.sdk.FailoverServerSet;
 import com.unboundid.ldap.sdk.LDAPConnectionOptions;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/support/LdapSearchScope.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapSearchScope.java
similarity index 94%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/support/LdapSearchScope.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapSearchScope.java
index a3407caa41e..0959f147e2c 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/support/LdapSearchScope.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapSearchScope.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.ldap.support;
+package org.elasticsearch.xpack.security.authc.ldap.support;
 
 import com.unboundid.ldap.sdk.SearchScope;
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/support/LdapSession.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapSession.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/support/LdapSession.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapSession.java
index cb0fc940b39..0e52ca56897 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/support/LdapSession.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapSession.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.ldap.support;
+package org.elasticsearch.xpack.security.authc.ldap.support;
 
 import com.unboundid.ldap.sdk.LDAPConnection;
 import com.unboundid.ldap.sdk.LDAPInterface;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/support/LdapUtils.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapUtils.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/support/LdapUtils.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapUtils.java
index e0eaf3a813f..a66964e4e76 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/support/LdapUtils.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapUtils.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.ldap.support;
+package org.elasticsearch.xpack.security.authc.ldap.support;
 
 import com.unboundid.ldap.sdk.DN;
 import com.unboundid.ldap.sdk.Filter;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/support/SessionFactory.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactory.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/support/SessionFactory.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactory.java
index af82cb43545..e707247cbc1 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/support/SessionFactory.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactory.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.ldap.support;
+package org.elasticsearch.xpack.security.authc.ldap.support;
 
 import com.unboundid.ldap.sdk.LDAPConnectionOptions;
 import com.unboundid.ldap.sdk.LDAPException;
@@ -14,9 +14,9 @@ import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.logging.ESLogger;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.unit.TimeValue;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.ssl.ClientSSLService;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.ssl.ClientSSLService;
 
 import javax.net.SocketFactory;
 import java.util.regex.Pattern;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/pki/PkiRealm.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/pki/PkiRealm.java
similarity index 87%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/pki/PkiRealm.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/pki/PkiRealm.java
index 4e3a362f175..fff17be10e0 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/pki/PkiRealm.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/pki/PkiRealm.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.pki;
+package org.elasticsearch.xpack.security.authc.pki;
 
 import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.inject.Inject;
@@ -11,15 +11,15 @@ import org.elasticsearch.common.logging.ESLogger;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.authc.AuthenticationToken;
-import org.elasticsearch.shield.authc.Realm;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.support.DnRoleMapper;
-import org.elasticsearch.shield.transport.SSLClientAuth;
-import org.elasticsearch.shield.transport.netty.ShieldNettyHttpServerTransport;
-import org.elasticsearch.shield.transport.netty.ShieldNettyTransport;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.authc.AuthenticationToken;
+import org.elasticsearch.xpack.security.authc.Realm;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.support.DnRoleMapper;
+import org.elasticsearch.xpack.security.transport.SSLClientAuth;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
 import org.elasticsearch.watcher.ResourceWatcherService;
 
 import javax.net.ssl.TrustManager;
@@ -40,7 +40,7 @@ import java.util.regex.Pattern;
 
 public class PkiRealm extends Realm<X509AuthenticationToken> {
 
-    public static final String PKI_CERT_HEADER_NAME = "__SHIELD_CLIENT_CERTIFICATE";
+    public static final String PKI_CERT_HEADER_NAME = "__SECURITY_CLIENT_CERTIFICATE";
     public static final String TYPE = "pki";
     public static final String DEFAULT_USERNAME_PATTERN = "CN=(.*?)(?:,|$)";
 
@@ -195,16 +195,16 @@ public class PkiRealm extends Realm<X509AuthenticationToken> {
     static void checkSSLEnabled(RealmConfig config, ESLogger logger) {
         Settings settings = config.globalSettings();
 
-        final boolean httpSsl = ShieldNettyHttpServerTransport.SSL_SETTING.get(settings);
-        final boolean httpClientAuth = ShieldNettyHttpServerTransport.CLIENT_AUTH_SETTING.get(settings).enabled();
+        final boolean httpSsl = SecurityNettyHttpServerTransport.SSL_SETTING.get(settings);
+        final boolean httpClientAuth = SecurityNettyHttpServerTransport.CLIENT_AUTH_SETTING.get(settings).enabled();
         // HTTP
         if (httpSsl && httpClientAuth) {
             return;
         }
 
         // Default Transport
-        final boolean ssl = ShieldNettyTransport.SSL_SETTING.get(settings);
-        final SSLClientAuth clientAuth = ShieldNettyTransport.CLIENT_AUTH_SETTING.get(settings);
+        final boolean ssl = SecurityNettyTransport.SSL_SETTING.get(settings);
+        final SSLClientAuth clientAuth = SecurityNettyTransport.CLIENT_AUTH_SETTING.get(settings);
         if (ssl && clientAuth.enabled()) {
             return;
         }
@@ -213,8 +213,8 @@ public class PkiRealm extends Realm<X509AuthenticationToken> {
         Map<String, Settings> groupedSettings = settings.getGroups("transport.profiles.");
         for (Map.Entry<String, Settings> entry : groupedSettings.entrySet()) {
             Settings profileSettings = entry.getValue().getByPrefix(Security.settingPrefix());
-            if (ShieldNettyTransport.profileSsl(profileSettings, settings)
-                    && ShieldNettyTransport.CLIENT_AUTH_SETTING.get(profileSettings, settings).enabled()) {
+            if (SecurityNettyTransport.profileSsl(profileSettings, settings)
+                    && SecurityNettyTransport.CLIENT_AUTH_SETTING.get(profileSettings, settings).enabled()) {
                 return;
             }
         }
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/pki/X509AuthenticationToken.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/pki/X509AuthenticationToken.java
similarity index 89%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/pki/X509AuthenticationToken.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/pki/X509AuthenticationToken.java
index 1d5afa69bc0..4eacafd9647 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/pki/X509AuthenticationToken.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/pki/X509AuthenticationToken.java
@@ -3,9 +3,9 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.pki;
+package org.elasticsearch.xpack.security.authc.pki;
 
-import org.elasticsearch.shield.authc.AuthenticationToken;
+import org.elasticsearch.xpack.security.authc.AuthenticationToken;
 
 import java.security.cert.X509Certificate;
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/BCrypt.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/BCrypt.java
similarity index 99%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/BCrypt.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/BCrypt.java
index af89eed181f..b4c323bc590 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/BCrypt.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/BCrypt.java
@@ -1,4 +1,4 @@
-package org.elasticsearch.shield.authc.support;
+package org.elasticsearch.xpack.security.authc.support;
 
 // Copyright (c) 2006 Damien Miller <djm@mindrot.org>
 //
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/CachingRealm.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/CachingRealm.java
similarity index 78%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/CachingRealm.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/CachingRealm.java
index d80717098db..61ac9e266f8 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/CachingRealm.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/CachingRealm.java
@@ -3,10 +3,10 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.support;
+package org.elasticsearch.xpack.security.authc.support;
 
 /**
- * This interface allows a {@link org.elasticsearch.shield.authc.Realm} to indicate that it supports caching user credentials
+ * This interface allows a {@link org.elasticsearch.xpack.security.authc.Realm} to indicate that it supports caching user credentials
  * and expose the ability to clear the cache for a given String identifier or all of the cache
  */
 public interface CachingRealm {
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/CachingUsernamePasswordRealm.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/CachingUsernamePasswordRealm.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/CachingUsernamePasswordRealm.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/CachingUsernamePasswordRealm.java
index c95616e9f94..5cd1e69288d 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/CachingUsernamePasswordRealm.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/CachingUsernamePasswordRealm.java
@@ -3,16 +3,16 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.support;
+package org.elasticsearch.xpack.security.authc.support;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.common.cache.Cache;
 import org.elasticsearch.common.cache.CacheBuilder;
 import org.elasticsearch.common.cache.CacheLoader;
 import org.elasticsearch.common.unit.TimeValue;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.support.Exceptions;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.support.Exceptions;
+import org.elasticsearch.xpack.security.user.User;
 
 import java.util.Map;
 import java.util.concurrent.ExecutionException;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/CharArrays.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/CharArrays.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/CharArrays.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/CharArrays.java
index 8f3a8c53792..65c2acec9ed 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/CharArrays.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/CharArrays.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.support;
+package org.elasticsearch.xpack.security.authc.support;
 
 import java.nio.ByteBuffer;
 import java.nio.CharBuffer;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/DnRoleMapper.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/DnRoleMapper.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/DnRoleMapper.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/DnRoleMapper.java
index 36790e2b35a..bfa74b9f190 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/DnRoleMapper.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/DnRoleMapper.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.support;
+package org.elasticsearch.xpack.security.authc.support;
 
 import com.unboundid.ldap.sdk.DN;
 import com.unboundid.ldap.sdk.LDAPException;
@@ -12,7 +12,7 @@ import org.elasticsearch.common.Nullable;
 import org.elasticsearch.common.logging.ESLogger;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.shield.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
 import org.elasticsearch.watcher.FileChangesListener;
 import org.elasticsearch.watcher.FileWatcher;
 import org.elasticsearch.watcher.ResourceWatcherService;
@@ -32,8 +32,8 @@ import java.util.concurrent.CopyOnWriteArrayList;
 
 import static java.util.Collections.emptyMap;
 import static java.util.Collections.unmodifiableMap;
-import static org.elasticsearch.shield.authc.ldap.support.LdapUtils.dn;
-import static org.elasticsearch.shield.authc.ldap.support.LdapUtils.relativeName;
+import static org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils.dn;
+import static org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils.relativeName;
 
 /**
  * This class loads and monitors the file defining the mappings of DNs to internal ES Roles.
@@ -90,7 +90,7 @@ public class DnRoleMapper {
     /**
      * Internally in this class, we try to load the file, but if for some reason we can't, we're being more lenient by
      * logging the error and skipping/removing all mappings. This is aligned with how we handle other auto-loaded files
-     * in shield.
+     * in security.
      */
     public static Map<DN, Set<String>> parseFileLenient(Path path, ESLogger logger, String realmType, String realmName) {
         try {
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/Hasher.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/Hasher.java
similarity index 93%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/Hasher.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/Hasher.java
index 73acdaaf8ac..c6e910ab65a 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/Hasher.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/Hasher.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.support;
+package org.elasticsearch.xpack.security.authc.support;
 
 import org.elasticsearch.common.Randomness;
 import org.elasticsearch.common.hash.MessageDigests;
@@ -22,7 +22,7 @@ public enum Hasher {
     BCRYPT() {
         @Override
         public char[] hash(SecuredString text) {
-            String salt = org.elasticsearch.shield.authc.support.BCrypt.gensalt();
+            String salt = org.elasticsearch.xpack.security.authc.support.BCrypt.gensalt();
             return BCrypt.hashpw(text, salt).toCharArray();
         }
 
@@ -39,7 +39,7 @@ public enum Hasher {
     BCRYPT4() {
         @Override
         public char[] hash(SecuredString text) {
-            String salt = org.elasticsearch.shield.authc.support.BCrypt.gensalt(4);
+            String salt = org.elasticsearch.xpack.security.authc.support.BCrypt.gensalt(4);
             return BCrypt.hashpw(text, salt).toCharArray();
         }
 
@@ -56,7 +56,7 @@ public enum Hasher {
     BCRYPT5() {
         @Override
         public char[] hash(SecuredString text) {
-            String salt = org.elasticsearch.shield.authc.support.BCrypt.gensalt(5);
+            String salt = org.elasticsearch.xpack.security.authc.support.BCrypt.gensalt(5);
             return BCrypt.hashpw(text, salt).toCharArray();
         }
 
@@ -73,7 +73,7 @@ public enum Hasher {
     BCRYPT6() {
         @Override
         public char[] hash(SecuredString text) {
-            String salt = org.elasticsearch.shield.authc.support.BCrypt.gensalt(6);
+            String salt = org.elasticsearch.xpack.security.authc.support.BCrypt.gensalt(6);
             return BCrypt.hashpw(text, salt).toCharArray();
         }
 
@@ -90,7 +90,7 @@ public enum Hasher {
     BCRYPT7() {
         @Override
         public char[] hash(SecuredString text) {
-            String salt = org.elasticsearch.shield.authc.support.BCrypt.gensalt(7);
+            String salt = org.elasticsearch.xpack.security.authc.support.BCrypt.gensalt(7);
             return BCrypt.hashpw(text, salt).toCharArray();
         }
 
@@ -107,7 +107,7 @@ public enum Hasher {
     BCRYPT8() {
         @Override
         public char[] hash(SecuredString text) {
-            String salt = org.elasticsearch.shield.authc.support.BCrypt.gensalt(8);
+            String salt = org.elasticsearch.xpack.security.authc.support.BCrypt.gensalt(8);
             return BCrypt.hashpw(text, salt).toCharArray();
         }
 
@@ -124,7 +124,7 @@ public enum Hasher {
     BCRYPT9() {
         @Override
         public char[] hash(SecuredString text) {
-            String salt = org.elasticsearch.shield.authc.support.BCrypt.gensalt(9);
+            String salt = org.elasticsearch.xpack.security.authc.support.BCrypt.gensalt(9);
             return BCrypt.hashpw(text, salt).toCharArray();
         }
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/RefreshListener.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/RefreshListener.java
similarity index 88%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/RefreshListener.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/RefreshListener.java
index fd43c68b84c..e50916d0d59 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/RefreshListener.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/RefreshListener.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.support;
+package org.elasticsearch.xpack.security.authc.support;
 
 /**
  *
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/SecuredString.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/SecuredString.java
similarity index 99%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/SecuredString.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/SecuredString.java
index a581325f70e..56175f52b7c 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/SecuredString.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/SecuredString.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.support;
+package org.elasticsearch.xpack.security.authc.support;
 
 import org.elasticsearch.ElasticsearchException;
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/UsernamePasswordRealm.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/UsernamePasswordRealm.java
similarity index 88%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/UsernamePasswordRealm.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/UsernamePasswordRealm.java
index 57886b923d6..4a471a44cac 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/UsernamePasswordRealm.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/UsernamePasswordRealm.java
@@ -3,13 +3,13 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.support;
+package org.elasticsearch.xpack.security.authc.support;
 
 import org.elasticsearch.common.util.concurrent.ThreadContext;
 import org.elasticsearch.rest.RestController;
-import org.elasticsearch.shield.authc.AuthenticationToken;
-import org.elasticsearch.shield.authc.Realm;
-import org.elasticsearch.shield.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.AuthenticationToken;
+import org.elasticsearch.xpack.security.authc.Realm;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
 
 import java.util.Locale;
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/UsernamePasswordToken.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/UsernamePasswordToken.java
similarity index 94%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/UsernamePasswordToken.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/UsernamePasswordToken.java
index 4dd4f0f08d7..cad951baf64 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/UsernamePasswordToken.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/UsernamePasswordToken.java
@@ -3,17 +3,17 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.support;
+package org.elasticsearch.xpack.security.authc.support;
 
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.authc.AuthenticationToken;
+import org.elasticsearch.xpack.security.authc.AuthenticationToken;
 
 import java.nio.CharBuffer;
 import java.util.Arrays;
 import java.util.Base64;
 import java.util.Objects;
 
-import static org.elasticsearch.shield.support.Exceptions.authenticationError;
+import static org.elasticsearch.xpack.security.support.Exceptions.authenticationError;
 
 /**
  *
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/AuthorizationModule.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/AuthorizationModule.java
similarity index 65%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/AuthorizationModule.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/AuthorizationModule.java
index f38516fa0c5..c1ed7bda2f3 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/AuthorizationModule.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/AuthorizationModule.java
@@ -3,20 +3,20 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz;
+package org.elasticsearch.xpack.security.authz;
 
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authz.store.CompositeRolesStore;
-import org.elasticsearch.shield.authz.store.FileRolesStore;
-import org.elasticsearch.shield.authz.store.NativeRolesStore;
-import org.elasticsearch.shield.authz.store.ReservedRolesStore;
-import org.elasticsearch.shield.authz.store.RolesStore;
-import org.elasticsearch.shield.support.AbstractShieldModule;
+import org.elasticsearch.xpack.security.authz.store.CompositeRolesStore;
+import org.elasticsearch.xpack.security.authz.store.FileRolesStore;
+import org.elasticsearch.xpack.security.authz.store.NativeRolesStore;
+import org.elasticsearch.xpack.security.authz.store.ReservedRolesStore;
+import org.elasticsearch.xpack.security.authz.store.RolesStore;
+import org.elasticsearch.xpack.security.support.AbstractSecurityModule;
 
 /**
  * Module used to bind various classes necessary for authorization
  */
-public class AuthorizationModule extends AbstractShieldModule.Node {
+public class AuthorizationModule extends AbstractSecurityModule.Node {
 
     public AuthorizationModule(Settings settings) {
         super(settings);
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/AuthorizationService.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/AuthorizationService.java
similarity index 89%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/AuthorizationService.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/AuthorizationService.java
index 0804b9b658e..d80f693f2d5 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/AuthorizationService.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/AuthorizationService.java
@@ -3,11 +3,11 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz;
+package org.elasticsearch.xpack.security.authz;
 
 import org.elasticsearch.ElasticsearchSecurityException;
-import org.elasticsearch.shield.authc.Authentication;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.authc.Authentication;
+import org.elasticsearch.xpack.security.user.User;
 import org.elasticsearch.transport.TransportRequest;
 
 import java.util.List;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/AuthorizationUtils.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/AuthorizationUtils.java
similarity index 85%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/AuthorizationUtils.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/AuthorizationUtils.java
index cbd67e982eb..955e64f2258 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/AuthorizationUtils.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/AuthorizationUtils.java
@@ -3,15 +3,15 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz;
+package org.elasticsearch.xpack.security.authz;
 
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.authc.Authentication;
-import org.elasticsearch.shield.user.SystemUser;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.authc.InternalAuthenticationService;
-import org.elasticsearch.shield.support.AutomatonPredicate;
-import org.elasticsearch.shield.support.Automatons;
+import org.elasticsearch.xpack.security.authc.Authentication;
+import org.elasticsearch.xpack.security.user.SystemUser;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.authc.InternalAuthenticationService;
+import org.elasticsearch.xpack.security.support.AutomatonPredicate;
+import org.elasticsearch.xpack.security.support.Automatons;
 
 import java.util.function.Predicate;
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/InternalAuthorizationService.java
similarity index 89%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/InternalAuthorizationService.java
index a01029475e1..6a21e03b042 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/InternalAuthorizationService.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz;
+package org.elasticsearch.xpack.security.authz;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.action.CompositeIndicesRequest;
@@ -26,25 +26,25 @@ import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
 import org.elasticsearch.common.util.set.Sets;
 import org.elasticsearch.search.action.SearchTransportService;
-import org.elasticsearch.shield.ShieldTemplateService;
-import org.elasticsearch.shield.authc.Authentication;
-import org.elasticsearch.shield.user.AnonymousUser;
-import org.elasticsearch.shield.user.SystemUser;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.user.XPackUser;
-import org.elasticsearch.shield.audit.AuditTrail;
-import org.elasticsearch.shield.authc.AuthenticationFailureHandler;
-import org.elasticsearch.shield.authz.accesscontrol.IndicesAccessControl;
-import org.elasticsearch.shield.authz.indicesresolver.DefaultIndicesAndAliasesResolver;
-import org.elasticsearch.shield.authz.indicesresolver.IndicesAndAliasesResolver;
-import org.elasticsearch.shield.authz.permission.ClusterPermission;
-import org.elasticsearch.shield.authz.permission.DefaultRole;
-import org.elasticsearch.shield.authz.permission.GlobalPermission;
-import org.elasticsearch.shield.authz.permission.Role;
-import org.elasticsearch.shield.authz.permission.RunAsPermission;
-import org.elasticsearch.shield.authz.privilege.ClusterPrivilege;
-import org.elasticsearch.shield.authz.privilege.IndexPrivilege;
-import org.elasticsearch.shield.authz.store.RolesStore;
+import org.elasticsearch.xpack.security.SecurityTemplateService;
+import org.elasticsearch.xpack.security.authc.Authentication;
+import org.elasticsearch.xpack.security.user.AnonymousUser;
+import org.elasticsearch.xpack.security.user.SystemUser;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.user.XPackUser;
+import org.elasticsearch.xpack.security.audit.AuditTrail;
+import org.elasticsearch.xpack.security.authc.AuthenticationFailureHandler;
+import org.elasticsearch.xpack.security.authz.accesscontrol.IndicesAccessControl;
+import org.elasticsearch.xpack.security.authz.indicesresolver.DefaultIndicesAndAliasesResolver;
+import org.elasticsearch.xpack.security.authz.indicesresolver.IndicesAndAliasesResolver;
+import org.elasticsearch.xpack.security.authz.permission.ClusterPermission;
+import org.elasticsearch.xpack.security.authz.permission.DefaultRole;
+import org.elasticsearch.xpack.security.authz.permission.GlobalPermission;
+import org.elasticsearch.xpack.security.authz.permission.Role;
+import org.elasticsearch.xpack.security.authz.permission.RunAsPermission;
+import org.elasticsearch.xpack.security.authz.privilege.ClusterPrivilege;
+import org.elasticsearch.xpack.security.authz.privilege.IndexPrivilege;
+import org.elasticsearch.xpack.security.authz.store.RolesStore;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.TransportRequest;
 
@@ -55,8 +55,8 @@ import java.util.Map;
 import java.util.Set;
 import java.util.function.Predicate;
 
-import static org.elasticsearch.shield.Security.setting;
-import static org.elasticsearch.shield.support.Exceptions.authorizationError;
+import static org.elasticsearch.xpack.security.Security.setting;
+import static org.elasticsearch.xpack.security.support.Exceptions.authorizationError;
 
 /**
  *
@@ -131,9 +131,9 @@ public class InternalAuthorizationService extends AbstractComponent implements A
 
         if (XPackUser.is(user) == false) {
             // we should filter out the .security index from wildcards
-            if (indicesAndAliases.remove(ShieldTemplateService.SECURITY_INDEX_NAME)) {
+            if (indicesAndAliases.remove(SecurityTemplateService.SECURITY_INDEX_NAME)) {
                 logger.debug("removed [{}] from user [{}] list of authorized indices",
-                        ShieldTemplateService.SECURITY_INDEX_NAME, user.principal());
+                        SecurityTemplateService.SECURITY_INDEX_NAME, user.principal());
             }
         }
         return Collections.unmodifiableList(indicesAndAliases);
@@ -234,15 +234,15 @@ public class InternalAuthorizationService extends AbstractComponent implements A
         IndicesAccessControl indicesAccessControl = permission.authorize(action, indexNames, metaData);
         if (!indicesAccessControl.isGranted()) {
             throw denial(authentication, action, request);
-        } else if (indicesAccessControl.getIndexPermissions(ShieldTemplateService.SECURITY_INDEX_NAME) != null
-                && indicesAccessControl.getIndexPermissions(ShieldTemplateService.SECURITY_INDEX_NAME).isGranted()
+        } else if (indicesAccessControl.getIndexPermissions(SecurityTemplateService.SECURITY_INDEX_NAME) != null
+                && indicesAccessControl.getIndexPermissions(SecurityTemplateService.SECURITY_INDEX_NAME).isGranted()
                 && XPackUser.is(authentication.getRunAsUser()) == false
                 && MONITOR_INDEX_PREDICATE.test(action) == false) {
             // only the XPackUser is allowed to work with this index, but we should allow indices monitoring actions through for debugging
             // purposes. These monitor requests also sometimes resolve indices concretely and then requests them
             // FIXME its not just the XPackUser. We said the elastic user and superusers could access this!
             logger.debug("user [{}] attempted to directly perform [{}] against the security index [{}]",
-                    authentication.getRunAsUser().principal(), action, ShieldTemplateService.SECURITY_INDEX_NAME);
+                    authentication.getRunAsUser().principal(), action, SecurityTemplateService.SECURITY_INDEX_NAME);
             throw denial(authentication, action, request);
         } else {
             setIndicesAccessControl(indicesAccessControl);
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/RoleDescriptor.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/RoleDescriptor.java
similarity index 99%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/RoleDescriptor.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/RoleDescriptor.java
index bb07adac08a..9ab3dd6f329 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/RoleDescriptor.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/RoleDescriptor.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz;
+package org.elasticsearch.xpack.security.authz;
 
 import org.elasticsearch.ElasticsearchParseException;
 import org.elasticsearch.common.Nullable;
@@ -22,7 +22,7 @@ import org.elasticsearch.common.xcontent.XContentBuilder;
 import org.elasticsearch.common.xcontent.XContentHelper;
 import org.elasticsearch.common.xcontent.XContentParser;
 import org.elasticsearch.common.xcontent.json.JsonXContent;
-import org.elasticsearch.shield.support.Validation;
+import org.elasticsearch.xpack.security.support.Validation;
 import org.elasticsearch.xpack.common.xcontent.XContentUtils;
 
 import java.io.IOException;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/DocumentSubsetReader.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/accesscontrol/DocumentSubsetReader.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/DocumentSubsetReader.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/accesscontrol/DocumentSubsetReader.java
index 5a56a303dd6..abacf63a69b 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/DocumentSubsetReader.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/accesscontrol/DocumentSubsetReader.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.accesscontrol;
+package org.elasticsearch.xpack.security.authz.accesscontrol;
 
 import org.apache.lucene.index.DirectoryReader;
 import org.apache.lucene.index.FilterDirectoryReader;
@@ -115,7 +115,7 @@ public final class DocumentSubsetReader extends FilterLeafReader {
     public int numDocs() {
         // The reason the implement this method is that numDocs should be equal to the number of set bits in liveDocs. (would be weird
         // otherwise)
-        // for the Shield DSL use case this get invoked in the QueryPhase class (in core ES) if match_all query is used as main query
+        // for the security DSL use case this get invoked in the QueryPhase class (in core ES) if match_all query is used as main query
         // and this is also invoked in tests.
         if (numDocs == -1) {
             final Bits liveDocs = in.getLiveDocs();
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/FieldSubsetReader.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/accesscontrol/FieldSubsetReader.java
similarity index 99%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/FieldSubsetReader.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/accesscontrol/FieldSubsetReader.java
index 36e39462aca..145f1365201 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/FieldSubsetReader.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/accesscontrol/FieldSubsetReader.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.accesscontrol;
+package org.elasticsearch.xpack.security.authz.accesscontrol;
 
 import org.apache.lucene.index.BinaryDocValues;
 import org.apache.lucene.index.DirectoryReader;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/IndicesAccessControl.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/accesscontrol/IndicesAccessControl.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/IndicesAccessControl.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/accesscontrol/IndicesAccessControl.java
index 25f9b1faba4..0d2f500acd5 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/IndicesAccessControl.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/accesscontrol/IndicesAccessControl.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.accesscontrol;
+package org.elasticsearch.xpack.security.authz.accesscontrol;
 
 import org.elasticsearch.common.Nullable;
 import org.elasticsearch.common.bytes.BytesReference;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/OptOutQueryCache.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/accesscontrol/OptOutQueryCache.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/OptOutQueryCache.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/accesscontrol/OptOutQueryCache.java
index ce8e6cfa7c7..c95d44096c8 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/OptOutQueryCache.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/accesscontrol/OptOutQueryCache.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.accesscontrol;
+package org.elasticsearch.xpack.security.authz.accesscontrol;
 
 import org.apache.lucene.search.QueryCachingPolicy;
 import org.apache.lucene.search.Weight;
@@ -14,7 +14,7 @@ import org.elasticsearch.index.IndexSettings;
 import org.elasticsearch.index.cache.query.QueryCache;
 import org.elasticsearch.indices.IndicesQueryCache;
 import org.elasticsearch.search.internal.ShardSearchRequest;
-import org.elasticsearch.shield.authz.InternalAuthorizationService;
+import org.elasticsearch.xpack.security.authz.InternalAuthorizationService;
 
 /**
  * Opts out of the query cache if field level security is active for the current request.
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/RequestContext.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/accesscontrol/RequestContext.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/RequestContext.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/accesscontrol/RequestContext.java
index cb7accb36b7..e9e7deed4a4 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/RequestContext.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/accesscontrol/RequestContext.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.accesscontrol;
+package org.elasticsearch.xpack.security.authz.accesscontrol;
 
 import org.elasticsearch.common.util.concurrent.ThreadContext;
 import org.elasticsearch.transport.TransportRequest;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/ShieldIndexSearcherWrapper.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/accesscontrol/SecurityIndexSearcherWrapper.java
similarity index 92%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/ShieldIndexSearcherWrapper.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/accesscontrol/SecurityIndexSearcherWrapper.java
index fe55e5993c0..6245e44c688 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/ShieldIndexSearcherWrapper.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/accesscontrol/SecurityIndexSearcherWrapper.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.accesscontrol;
+package org.elasticsearch.xpack.security.authz.accesscontrol;
 
 import org.apache.lucene.index.DirectoryReader;
 import org.apache.lucene.index.LeafReaderContext;
@@ -43,10 +43,10 @@ import org.elasticsearch.index.query.QueryShardContext;
 import org.elasticsearch.index.shard.IndexSearcherWrapper;
 import org.elasticsearch.index.shard.ShardId;
 import org.elasticsearch.index.shard.ShardUtils;
-import org.elasticsearch.shield.authz.InternalAuthorizationService;
-import org.elasticsearch.shield.authz.accesscontrol.DocumentSubsetReader.DocumentSubsetDirectoryReader;
-import org.elasticsearch.shield.SecurityLicenseState;
-import org.elasticsearch.shield.support.Exceptions;
+import org.elasticsearch.xpack.security.authz.InternalAuthorizationService;
+import org.elasticsearch.xpack.security.authz.accesscontrol.DocumentSubsetReader.DocumentSubsetDirectoryReader;
+import org.elasticsearch.xpack.security.SecurityLicenseState;
+import org.elasticsearch.xpack.security.support.Exceptions;
 
 import java.io.IOException;
 import java.util.Arrays;
@@ -69,25 +69,25 @@ import static org.apache.lucene.search.BooleanClause.Occur.SHOULD;
  * Document level security is enabled by wrapping the original {@link DirectoryReader} in a {@link DocumentSubsetReader}
  * instance.
  */
-public class ShieldIndexSearcherWrapper extends IndexSearcherWrapper {
+public class SecurityIndexSearcherWrapper extends IndexSearcherWrapper {
 
     private final MapperService mapperService;
     private final Set<String> allowedMetaFields;
     private final QueryShardContext queryShardContext;
     private final BitsetFilterCache bitsetFilterCache;
-    private final SecurityLicenseState shieldLicenseState;
+    private final SecurityLicenseState securityLicenseState;
     private final ThreadContext threadContext;
     private final ESLogger logger;
 
-    public ShieldIndexSearcherWrapper(IndexSettings indexSettings, QueryShardContext queryShardContext,
-                                      MapperService mapperService, BitsetFilterCache bitsetFilterCache,
-                                      ThreadContext threadContext, SecurityLicenseState shieldLicenseState) {
+    public SecurityIndexSearcherWrapper(IndexSettings indexSettings, QueryShardContext queryShardContext,
+                                        MapperService mapperService, BitsetFilterCache bitsetFilterCache,
+                                        ThreadContext threadContext, SecurityLicenseState securityLicenseState) {
         this.logger = Loggers.getLogger(getClass(), indexSettings.getSettings());
         this.mapperService = mapperService;
         this.queryShardContext = queryShardContext;
         this.bitsetFilterCache = bitsetFilterCache;
         this.threadContext = threadContext;
-        this.shieldLicenseState = shieldLicenseState;
+        this.securityLicenseState = securityLicenseState;
 
         Set<String> allowedMetaFields = new HashSet<>();
         allowedMetaFields.addAll(Arrays.asList(MapperService.getAllMetaFields()));
@@ -101,7 +101,7 @@ public class ShieldIndexSearcherWrapper extends IndexSearcherWrapper {
 
     @Override
     protected DirectoryReader wrap(DirectoryReader reader) {
-        if (shieldLicenseState.documentAndFieldLevelSecurityEnabled() == false) {
+        if (securityLicenseState.documentAndFieldLevelSecurityEnabled() == false) {
             return reader;
         }
 
@@ -156,7 +156,7 @@ public class ShieldIndexSearcherWrapper extends IndexSearcherWrapper {
 
     @Override
     protected IndexSearcher wrap(IndexSearcher searcher) throws EngineException {
-        if (shieldLicenseState.documentAndFieldLevelSecurityEnabled() == false) {
+        if (securityLicenseState.documentAndFieldLevelSecurityEnabled() == false) {
             return searcher;
         }
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/indicesresolver/DefaultIndicesAndAliasesResolver.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/indicesresolver/DefaultIndicesAndAliasesResolver.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/indicesresolver/DefaultIndicesAndAliasesResolver.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/indicesresolver/DefaultIndicesAndAliasesResolver.java
index 9f575cafd9f..5ee3d53cf94 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/indicesresolver/DefaultIndicesAndAliasesResolver.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/indicesresolver/DefaultIndicesAndAliasesResolver.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.indicesresolver;
+package org.elasticsearch.xpack.security.authz.indicesresolver;
 
 import org.elasticsearch.action.AliasesRequest;
 import org.elasticsearch.action.CompositeIndicesRequest;
@@ -19,8 +19,8 @@ import org.elasticsearch.cluster.metadata.MetaData;
 import org.elasticsearch.common.regex.Regex;
 import org.elasticsearch.common.util.set.Sets;
 import org.elasticsearch.index.IndexNotFoundException;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.authz.AuthorizationService;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.authz.AuthorizationService;
 import org.elasticsearch.transport.TransportRequest;
 
 import java.util.ArrayList;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/indicesresolver/IndicesAndAliasesResolver.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/indicesresolver/IndicesAndAliasesResolver.java
similarity index 83%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/indicesresolver/IndicesAndAliasesResolver.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/indicesresolver/IndicesAndAliasesResolver.java
index 53e71f0598d..f58282fbfbb 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/indicesresolver/IndicesAndAliasesResolver.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/indicesresolver/IndicesAndAliasesResolver.java
@@ -3,10 +3,10 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.indicesresolver;
+package org.elasticsearch.xpack.security.authz.indicesresolver;
 
 import org.elasticsearch.cluster.metadata.MetaData;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.user.User;
 import org.elasticsearch.transport.TransportRequest;
 
 import java.util.Set;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/ClusterPermission.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/ClusterPermission.java
similarity index 93%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/ClusterPermission.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/ClusterPermission.java
index e9f8b715642..9cfb0d75387 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/ClusterPermission.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/ClusterPermission.java
@@ -3,10 +3,10 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.permission;
+package org.elasticsearch.xpack.security.authz.permission;
 
-import org.elasticsearch.shield.authc.Authentication;
-import org.elasticsearch.shield.authz.privilege.ClusterPrivilege;
+import org.elasticsearch.xpack.security.authc.Authentication;
+import org.elasticsearch.xpack.security.authz.privilege.ClusterPrivilege;
 import org.elasticsearch.transport.TransportRequest;
 
 import java.util.List;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/DefaultRole.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/DefaultRole.java
similarity index 80%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/DefaultRole.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/DefaultRole.java
index b8e495b1cf2..db391287847 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/DefaultRole.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/DefaultRole.java
@@ -3,22 +3,22 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.permission;
+package org.elasticsearch.xpack.security.authz.permission;
 
-import org.elasticsearch.shield.authc.Authentication;
-import org.elasticsearch.shield.authc.esnative.NativeRealm;
-import org.elasticsearch.shield.authc.esnative.ReservedRealm;
-import org.elasticsearch.shield.action.user.AuthenticateAction;
-import org.elasticsearch.shield.action.user.ChangePasswordAction;
-import org.elasticsearch.shield.action.user.UserRequest;
-import org.elasticsearch.shield.authz.permission.RunAsPermission.Core;
-import org.elasticsearch.shield.authz.privilege.ClusterPrivilege;
-import org.elasticsearch.shield.authz.privilege.Privilege.Name;
+import org.elasticsearch.xpack.security.authc.Authentication;
+import org.elasticsearch.xpack.security.authc.esnative.NativeRealm;
+import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm;
+import org.elasticsearch.xpack.security.action.user.AuthenticateAction;
+import org.elasticsearch.xpack.security.action.user.ChangePasswordAction;
+import org.elasticsearch.xpack.security.action.user.UserRequest;
+import org.elasticsearch.xpack.security.authz.permission.RunAsPermission.Core;
+import org.elasticsearch.xpack.security.authz.privilege.ClusterPrivilege;
+import org.elasticsearch.xpack.security.authz.privilege.Privilege.Name;
 import org.elasticsearch.transport.TransportRequest;
 
 /**
- * A default role that will be applied to all users other than the internal {@link org.elasticsearch.shield.user.SystemUser}. This role
- * grants access to actions that every user should be able to execute such as the ability to change their password and execute the
+ * A default role that will be applied to all users other than the internal {@link org.elasticsearch.xpack.security.user.SystemUser}. This
+ * role grants access to actions that every user should be able to execute such as the ability to change their password and execute the
  * authenticate endpoint to get information about themselves
  */
 public class DefaultRole extends Role {
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/GlobalPermission.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/GlobalPermission.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/GlobalPermission.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/GlobalPermission.java
index 3861d4d4b31..450d9ffc46e 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/GlobalPermission.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/GlobalPermission.java
@@ -3,10 +3,10 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.permission;
+package org.elasticsearch.xpack.security.authz.permission;
 
 import org.elasticsearch.cluster.metadata.MetaData;
-import org.elasticsearch.shield.authz.accesscontrol.IndicesAccessControl;
+import org.elasticsearch.xpack.security.authz.accesscontrol.IndicesAccessControl;
 
 import java.util.ArrayList;
 import java.util.Collections;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/IndicesPermission.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/IndicesPermission.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/IndicesPermission.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/IndicesPermission.java
index 81d76b02592..d6ff71c4462 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/IndicesPermission.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/IndicesPermission.java
@@ -3,17 +3,17 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.permission;
+package org.elasticsearch.xpack.security.authz.permission;
 
 import org.elasticsearch.cluster.metadata.AliasOrIndex;
 import org.elasticsearch.cluster.metadata.IndexMetaData;
 import org.elasticsearch.cluster.metadata.MetaData;
 import org.elasticsearch.common.Nullable;
 import org.elasticsearch.common.bytes.BytesReference;
-import org.elasticsearch.shield.authz.accesscontrol.IndicesAccessControl;
-import org.elasticsearch.shield.authz.privilege.IndexPrivilege;
-import org.elasticsearch.shield.support.AutomatonPredicate;
-import org.elasticsearch.shield.support.Automatons;
+import org.elasticsearch.xpack.security.authz.accesscontrol.IndicesAccessControl;
+import org.elasticsearch.xpack.security.authz.privilege.IndexPrivilege;
+import org.elasticsearch.xpack.security.support.AutomatonPredicate;
+import org.elasticsearch.xpack.security.support.Automatons;
 
 import java.util.ArrayList;
 import java.util.Arrays;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/KibanaRole.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/KibanaRole.java
similarity index 82%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/KibanaRole.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/KibanaRole.java
index c2511efbc3a..74db969b0ab 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/KibanaRole.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/KibanaRole.java
@@ -3,12 +3,12 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.permission;
+package org.elasticsearch.xpack.security.authz.permission;
 
 import org.elasticsearch.marvel.action.MonitoringBulkAction;
-import org.elasticsearch.shield.authz.RoleDescriptor;
-import org.elasticsearch.shield.authz.privilege.ClusterPrivilege;
-import org.elasticsearch.shield.authz.privilege.Privilege.Name;
+import org.elasticsearch.xpack.security.authz.RoleDescriptor;
+import org.elasticsearch.xpack.security.authz.privilege.ClusterPrivilege;
+import org.elasticsearch.xpack.security.authz.privilege.Privilege.Name;
 
 /**
  *
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/KibanaUserRole.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/KibanaUserRole.java
similarity index 82%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/KibanaUserRole.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/KibanaUserRole.java
index 00bbb39f295..92aea957958 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/KibanaUserRole.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/KibanaUserRole.java
@@ -3,11 +3,11 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.permission;
+package org.elasticsearch.xpack.security.authz.permission;
 
-import org.elasticsearch.shield.authz.RoleDescriptor;
-import org.elasticsearch.shield.authz.privilege.ClusterPrivilege;
-import org.elasticsearch.shield.authz.privilege.Privilege.Name;
+import org.elasticsearch.xpack.security.authz.RoleDescriptor;
+import org.elasticsearch.xpack.security.authz.privilege.ClusterPrivilege;
+import org.elasticsearch.xpack.security.authz.privilege.Privilege.Name;
 
 public class KibanaUserRole extends Role {
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/Permission.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/Permission.java
similarity index 85%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/Permission.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/Permission.java
index 7eed0068f59..37c267da950 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/Permission.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/Permission.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.permission;
+package org.elasticsearch.xpack.security.authz.permission;
 
 /**
  * Represents a permission in the system.
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/Role.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/Role.java
similarity index 89%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/Role.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/Role.java
index e9b711e3b08..b97c9472686 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/Role.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/Role.java
@@ -3,15 +3,15 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.permission;
+package org.elasticsearch.xpack.security.authz.permission;
 
 import org.elasticsearch.common.bytes.BytesReference;
-import org.elasticsearch.shield.authz.RoleDescriptor;
-import org.elasticsearch.shield.authz.privilege.ClusterPrivilege;
-import org.elasticsearch.shield.authz.privilege.GeneralPrivilege;
-import org.elasticsearch.shield.authz.privilege.IndexPrivilege;
-import org.elasticsearch.shield.authz.privilege.Privilege;
-import org.elasticsearch.shield.authz.privilege.Privilege.Name;
+import org.elasticsearch.xpack.security.authz.RoleDescriptor;
+import org.elasticsearch.xpack.security.authz.privilege.ClusterPrivilege;
+import org.elasticsearch.xpack.security.authz.privilege.GeneralPrivilege;
+import org.elasticsearch.xpack.security.authz.privilege.IndexPrivilege;
+import org.elasticsearch.xpack.security.authz.privilege.Privilege;
+import org.elasticsearch.xpack.security.authz.privilege.Privilege.Name;
 
 import java.util.ArrayList;
 import java.util.Arrays;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/RunAsPermission.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/RunAsPermission.java
similarity index 94%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/RunAsPermission.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/RunAsPermission.java
index 7b14614c017..b517e46d666 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/RunAsPermission.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/RunAsPermission.java
@@ -3,9 +3,9 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.permission;
+package org.elasticsearch.xpack.security.authz.permission;
 
-import org.elasticsearch.shield.authz.privilege.GeneralPrivilege;
+import org.elasticsearch.xpack.security.authz.privilege.GeneralPrivilege;
 
 import java.util.List;
 import java.util.function.Predicate;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/SuperuserRole.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/SuperuserRole.java
similarity index 76%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/SuperuserRole.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/SuperuserRole.java
index 2aa54100f0f..2f8fab2b850 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/SuperuserRole.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/SuperuserRole.java
@@ -3,12 +3,12 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.permission;
+package org.elasticsearch.xpack.security.authz.permission;
 
-import org.elasticsearch.shield.authz.RoleDescriptor;
-import org.elasticsearch.shield.authz.privilege.ClusterPrivilege;
-import org.elasticsearch.shield.authz.privilege.GeneralPrivilege;
-import org.elasticsearch.shield.authz.privilege.Privilege.Name;
+import org.elasticsearch.xpack.security.authz.RoleDescriptor;
+import org.elasticsearch.xpack.security.authz.privilege.ClusterPrivilege;
+import org.elasticsearch.xpack.security.authz.privilege.GeneralPrivilege;
+import org.elasticsearch.xpack.security.authz.privilege.Privilege.Name;
 
 /**
  *
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/TransportClientRole.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/TransportClientRole.java
similarity index 78%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/TransportClientRole.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/TransportClientRole.java
index f748a3bd0c7..9b276267b79 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/TransportClientRole.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/TransportClientRole.java
@@ -3,11 +3,11 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.permission;
+package org.elasticsearch.xpack.security.authz.permission;
 
-import org.elasticsearch.shield.authz.RoleDescriptor;
-import org.elasticsearch.shield.authz.privilege.ClusterPrivilege;
-import org.elasticsearch.shield.authz.privilege.Privilege.Name;
+import org.elasticsearch.xpack.security.authz.RoleDescriptor;
+import org.elasticsearch.xpack.security.authz.privilege.ClusterPrivilege;
+import org.elasticsearch.xpack.security.authz.privilege.Privilege.Name;
 
 /**
  * Reserved role for the transport client
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/AbstractAutomatonPrivilege.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/privilege/AbstractAutomatonPrivilege.java
similarity index 88%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/AbstractAutomatonPrivilege.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/privilege/AbstractAutomatonPrivilege.java
index 3674184b459..0eab8bc14f0 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/AbstractAutomatonPrivilege.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/privilege/AbstractAutomatonPrivilege.java
@@ -3,16 +3,16 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.privilege;
+package org.elasticsearch.xpack.security.authz.privilege;
 
 import dk.brics.automaton.Automaton;
 import dk.brics.automaton.BasicOperations;
-import org.elasticsearch.shield.support.AutomatonPredicate;
-import org.elasticsearch.shield.support.Automatons;
+import org.elasticsearch.xpack.security.support.AutomatonPredicate;
+import org.elasticsearch.xpack.security.support.Automatons;
 
 import java.util.function.Predicate;
 
-import static org.elasticsearch.shield.support.Automatons.patterns;
+import static org.elasticsearch.xpack.security.support.Automatons.patterns;
 
 /**
  *
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/ClusterPrivilege.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/privilege/ClusterPrivilege.java
similarity index 94%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/ClusterPrivilege.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/privilege/ClusterPrivilege.java
index 1df9151bb43..bcddec80786 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/ClusterPrivilege.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/privilege/ClusterPrivilege.java
@@ -3,11 +3,11 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.privilege;
+package org.elasticsearch.xpack.security.authz.privilege;
 
 import dk.brics.automaton.Automaton;
 import org.elasticsearch.common.Strings;
-import org.elasticsearch.shield.support.Automatons;
+import org.elasticsearch.xpack.security.support.Automatons;
 
 import java.util.Locale;
 import java.util.Set;
@@ -15,8 +15,8 @@ import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.CopyOnWriteArraySet;
 import java.util.function.Predicate;
 
-import static org.elasticsearch.shield.support.Automatons.minusAndDeterminize;
-import static org.elasticsearch.shield.support.Automatons.patterns;
+import static org.elasticsearch.xpack.security.support.Automatons.minusAndDeterminize;
+import static org.elasticsearch.xpack.security.support.Automatons.patterns;
 
 /**
  *
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/GeneralPrivilege.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/privilege/GeneralPrivilege.java
similarity index 95%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/GeneralPrivilege.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/privilege/GeneralPrivilege.java
index 5968bfcdaea..4454292097d 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/GeneralPrivilege.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/privilege/GeneralPrivilege.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.privilege;
+package org.elasticsearch.xpack.security.authz.privilege;
 
 import dk.brics.automaton.Automaton;
 import dk.brics.automaton.BasicAutomata;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/HealthAndStatsPrivilege.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/privilege/HealthAndStatsPrivilege.java
similarity index 92%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/HealthAndStatsPrivilege.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/privilege/HealthAndStatsPrivilege.java
index 0c975a4a1e5..ec5e26461a4 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/HealthAndStatsPrivilege.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/privilege/HealthAndStatsPrivilege.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.privilege;
+package org.elasticsearch.xpack.security.authz.privilege;
 
 /**
  *
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/IndexPrivilege.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/privilege/IndexPrivilege.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/IndexPrivilege.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/privilege/IndexPrivilege.java
index 164f4c25de7..c40e635efa9 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/IndexPrivilege.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/privilege/IndexPrivilege.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.privilege;
+package org.elasticsearch.xpack.security.authz.privilege;
 
 import dk.brics.automaton.Automaton;
 import org.elasticsearch.action.admin.cluster.shards.ClusterSearchShardsAction;
@@ -20,7 +20,7 @@ import org.elasticsearch.action.admin.indices.mapping.put.PutMappingAction;
 import org.elasticsearch.action.admin.indices.settings.get.GetSettingsAction;
 import org.elasticsearch.action.admin.indices.validate.query.ValidateQueryAction;
 import org.elasticsearch.common.Strings;
-import org.elasticsearch.shield.support.Automatons;
+import org.elasticsearch.xpack.security.support.Automatons;
 
 import java.util.Locale;
 import java.util.Set;
@@ -28,8 +28,8 @@ import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.CopyOnWriteArraySet;
 import java.util.function.Predicate;
 
-import static org.elasticsearch.shield.support.Automatons.patterns;
-import static org.elasticsearch.shield.support.Automatons.unionAndDeterminize;
+import static org.elasticsearch.xpack.security.support.Automatons.patterns;
+import static org.elasticsearch.xpack.security.support.Automatons.unionAndDeterminize;
 
 /**
  *
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/Privilege.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/privilege/Privilege.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/Privilege.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/privilege/Privilege.java
index f87c9426985..c0fb92ceb4b 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/Privilege.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/privilege/Privilege.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.privilege;
+package org.elasticsearch.xpack.security.authz.privilege;
 
 import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.util.set.Sets;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/SystemPrivilege.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/privilege/SystemPrivilege.java
similarity index 83%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/SystemPrivilege.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/privilege/SystemPrivilege.java
index 84f3c9e0777..0d9f3b9fc43 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/SystemPrivilege.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/privilege/SystemPrivilege.java
@@ -3,13 +3,13 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.privilege;
+package org.elasticsearch.xpack.security.authz.privilege;
 
-import org.elasticsearch.shield.support.AutomatonPredicate;
+import org.elasticsearch.xpack.security.support.AutomatonPredicate;
 
 import java.util.function.Predicate;
 
-import static org.elasticsearch.shield.support.Automatons.patterns;
+import static org.elasticsearch.xpack.security.support.Automatons.patterns;
 
 /**
  *
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/CompositeRolesStore.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/CompositeRolesStore.java
similarity index 92%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/CompositeRolesStore.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/CompositeRolesStore.java
index b17bd4d39f7..b6ca53edd6c 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/CompositeRolesStore.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/CompositeRolesStore.java
@@ -3,10 +3,10 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.store;
+package org.elasticsearch.xpack.security.authz.store;
 
 import org.elasticsearch.common.inject.Inject;
-import org.elasticsearch.shield.authz.permission.Role;
+import org.elasticsearch.xpack.security.authz.permission.Role;
 
 /**
  * A composite roles store that combines built in roles, file-based roles, and index-based roles. Checks the built in roles first, then the
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/FileRolesStore.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/FileRolesStore.java
similarity index 95%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/FileRolesStore.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/FileRolesStore.java
index 19edfa313cb..cec1f8ad830 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/FileRolesStore.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/FileRolesStore.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.store;
+package org.elasticsearch.xpack.security.authz.store;
 
 import com.fasterxml.jackson.dataformat.yaml.snakeyaml.error.YAMLException;
 import org.elasticsearch.ElasticsearchException;
@@ -18,12 +18,12 @@ import org.elasticsearch.common.settings.SettingsModule;
 import org.elasticsearch.common.xcontent.XContentParser;
 import org.elasticsearch.common.xcontent.yaml.YamlXContent;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.authc.support.RefreshListener;
-import org.elasticsearch.shield.authz.RoleDescriptor;
-import org.elasticsearch.shield.authz.permission.Role;
-import org.elasticsearch.shield.support.NoOpLogger;
-import org.elasticsearch.shield.support.Validation;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.authc.support.RefreshListener;
+import org.elasticsearch.xpack.security.authz.RoleDescriptor;
+import org.elasticsearch.xpack.security.authz.permission.Role;
+import org.elasticsearch.xpack.security.support.NoOpLogger;
+import org.elasticsearch.xpack.security.support.Validation;
 import org.elasticsearch.watcher.FileChangesListener;
 import org.elasticsearch.watcher.FileWatcher;
 import org.elasticsearch.watcher.ResourceWatcherService;
@@ -43,7 +43,7 @@ import java.util.regex.Pattern;
 import static java.util.Collections.emptyMap;
 import static java.util.Collections.emptySet;
 import static java.util.Collections.unmodifiableMap;
-import static org.elasticsearch.shield.Security.setting;
+import static org.elasticsearch.xpack.security.Security.setting;
 
 /**
  *
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/NativeRolesStore.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStore.java
similarity index 91%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/NativeRolesStore.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStore.java
index e977dc77b45..63786df2aeb 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/NativeRolesStore.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStore.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.store;
+package org.elasticsearch.xpack.security.authz.store;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.action.ActionListener;
@@ -40,16 +40,16 @@ import org.elasticsearch.index.get.GetResult;
 import org.elasticsearch.index.query.QueryBuilder;
 import org.elasticsearch.index.query.QueryBuilders;
 import org.elasticsearch.search.SearchHit;
-import org.elasticsearch.shield.InternalClient;
-import org.elasticsearch.shield.ShieldTemplateService;
-import org.elasticsearch.shield.action.role.ClearRolesCacheRequest;
-import org.elasticsearch.shield.action.role.ClearRolesCacheResponse;
-import org.elasticsearch.shield.action.role.DeleteRoleRequest;
-import org.elasticsearch.shield.action.role.PutRoleRequest;
-import org.elasticsearch.shield.authz.RoleDescriptor;
-import org.elasticsearch.shield.authz.permission.Role;
-import org.elasticsearch.shield.client.SecurityClient;
-import org.elasticsearch.shield.support.SelfReschedulingRunnable;
+import org.elasticsearch.xpack.security.InternalClient;
+import org.elasticsearch.xpack.security.SecurityTemplateService;
+import org.elasticsearch.xpack.security.action.role.ClearRolesCacheRequest;
+import org.elasticsearch.xpack.security.action.role.ClearRolesCacheResponse;
+import org.elasticsearch.xpack.security.action.role.DeleteRoleRequest;
+import org.elasticsearch.xpack.security.action.role.PutRoleRequest;
+import org.elasticsearch.xpack.security.authz.RoleDescriptor;
+import org.elasticsearch.xpack.security.authz.permission.Role;
+import org.elasticsearch.xpack.security.client.SecurityClient;
+import org.elasticsearch.xpack.security.support.SelfReschedulingRunnable;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.threadpool.ThreadPool.Names;
 
@@ -67,7 +67,7 @@ import java.util.function.BiFunction;
 import java.util.function.Function;
 
 import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
-import static org.elasticsearch.shield.Security.setting;
+import static org.elasticsearch.xpack.security.Security.setting;
 
 /**
  * ESNativeRolesStore is a {@code RolesStore} that, instead of reading from a
@@ -110,7 +110,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
     private TimeValue scrollKeepAlive;
     private SelfReschedulingRunnable rolesPoller;
 
-    private volatile boolean shieldIndexExists = false;
+    private volatile boolean securityIndexExists = false;
 
     @Inject
     public NativeRolesStore(Settings settings, Provider<InternalClient> clientProvider, ThreadPool threadPool) {
@@ -126,15 +126,15 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
 
         if (clusterState.blocks().hasGlobalBlock(GatewayService.STATE_NOT_RECOVERED_BLOCK)) {
             // wait until the gateway has recovered from disk, otherwise we
-            // think may not have the .shield index but they it may not have
+            // think may not have the security index but it may not have
             // been restored from the cluster state on disk yet
             logger.debug("native roles store waiting until gateway has recovered from disk");
             return false;
         }
 
-        if (clusterState.metaData().templates().get(ShieldTemplateService.SECURITY_TEMPLATE_NAME) == null) {
+        if (clusterState.metaData().templates().get(SecurityTemplateService.SECURITY_TEMPLATE_NAME) == null) {
             logger.debug("native roles template [{}] does not exist, so service cannot start",
-                    ShieldTemplateService.SECURITY_TEMPLATE_NAME);
+                    SecurityTemplateService.SECURITY_TEMPLATE_NAME);
             return false;
         }
         // Okay to start...
@@ -154,7 +154,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
                     poller.doRun();
                 } catch (Exception e) {
                     logger.warn("failed to perform initial poll of roles index [{}]. scheduling again in [{}]", e,
-                            ShieldTemplateService.SECURITY_INDEX_NAME, pollInterval);
+                            SecurityTemplateService.SECURITY_INDEX_NAME, pollInterval);
                 }
                 rolesPoller = new SelfReschedulingRunnable(poller, threadPool, pollInterval, Names.GENERIC, logger);
                 rolesPoller.start();
@@ -193,7 +193,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
             } else {
                 query = QueryBuilders.boolQuery().filter(QueryBuilders.idsQuery(ROLE_DOC_TYPE).addIds(names));
             }
-            SearchRequest request = client.prepareSearch(ShieldTemplateService.SECURITY_INDEX_NAME)
+            SearchRequest request = client.prepareSearch(SecurityTemplateService.SECURITY_INDEX_NAME)
                     .setTypes(ROLE_DOC_TYPE)
                     .setScroll(scrollKeepAlive)
                     .setQuery(query)
@@ -267,7 +267,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
             listener.onResponse(false);
         }
         try {
-            DeleteRequest request = client.prepareDelete(ShieldTemplateService.SECURITY_INDEX_NAME,
+            DeleteRequest request = client.prepareDelete(SecurityTemplateService.SECURITY_INDEX_NAME,
                     ROLE_DOC_TYPE, deleteRoleRequest.name()).request();
             request.setRefreshPolicy(deleteRoleRequest.refresh() ? RefreshPolicy.IMMEDIATE : RefreshPolicy.WAIT_UNTIL);
             client.delete(request, new ActionListener<DeleteResponse>() {
@@ -297,7 +297,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
             listener.onResponse(false);
         }
         try {
-            client.prepareIndex(ShieldTemplateService.SECURITY_INDEX_NAME, ROLE_DOC_TYPE, role.getName())
+            client.prepareIndex(SecurityTemplateService.SECURITY_INDEX_NAME, ROLE_DOC_TYPE, role.getName())
                     .setSource(role.toXContent(jsonBuilder(), ToXContent.EMPTY_PARAMS))
                     .setRefreshPolicy(request.getRefreshPolicy())
                     .execute(new ActionListener<IndexResponse>() {
@@ -382,12 +382,12 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
 
     private void executeGetRoleRequest(String role, ActionListener<GetResponse> listener) {
         try {
-            GetRequest request = client.prepareGet(ShieldTemplateService.SECURITY_INDEX_NAME, ROLE_DOC_TYPE, role).request();
+            GetRequest request = client.prepareGet(SecurityTemplateService.SECURITY_INDEX_NAME, ROLE_DOC_TYPE, role).request();
             client.get(request, listener);
         } catch (IndexNotFoundException e) {
             logger.trace("unable to retrieve role [{}] since security index does not exist", e, role);
             listener.onResponse(new GetResponse(
-                    new GetResult(ShieldTemplateService.SECURITY_INDEX_NAME, ROLE_DOC_TYPE, role, -1, false, null, null)));
+                    new GetResult(SecurityTemplateService.SECURITY_INDEX_NAME, ROLE_DOC_TYPE, role, -1, false, null, null)));
         } catch (Exception e) {
             logger.error("unable to retrieve role", e);
             listener.onFailure(e);
@@ -418,7 +418,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
         }
         this.roleCache.clear();
         this.client = null;
-        this.shieldIndexExists = false;
+        this.securityIndexExists = false;
         this.state.set(State.INITIALIZED);
     }
 
@@ -453,15 +453,15 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
     // TODO abstract this code rather than duplicating...
     @Override
     public void clusterChanged(ClusterChangedEvent event) {
-        final boolean exists = event.state().metaData().indices().get(ShieldTemplateService.SECURITY_INDEX_NAME) != null;
+        final boolean exists = event.state().metaData().indices().get(SecurityTemplateService.SECURITY_INDEX_NAME) != null;
         // make sure all the primaries are active
-        if (exists && event.state().routingTable().index(ShieldTemplateService.SECURITY_INDEX_NAME).allPrimaryShardsActive()) {
+        if (exists && event.state().routingTable().index(SecurityTemplateService.SECURITY_INDEX_NAME).allPrimaryShardsActive()) {
             logger.debug("security index [{}] all primary shards started, so polling can start",
-                    ShieldTemplateService.SECURITY_INDEX_NAME);
-            shieldIndexExists = true;
+                    SecurityTemplateService.SECURITY_INDEX_NAME);
+            securityIndexExists = true;
         } else {
             // always set the value - it may have changed...
-            shieldIndexExists = false;
+            securityIndexExists = false;
         }
     }
 
@@ -494,9 +494,9 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
             if (isStopped()) {
                 return;
             }
-            if (shieldIndexExists == false) {
+            if (securityIndexExists == false) {
                 logger.trace("cannot poll for role changes since security index [{}] does not exist",
-                        ShieldTemplateService.SECURITY_INDEX_NAME);
+                        SecurityTemplateService.SECURITY_INDEX_NAME);
                 return;
             }
 
@@ -509,8 +509,8 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
             // create a copy of the keys in the cache since we will be modifying this list
             final Set<String> existingRoles = new HashSet<>(roleCache.keySet());
             try {
-                client.admin().indices().prepareRefresh(ShieldTemplateService.SECURITY_INDEX_NAME);
-                SearchRequest request = client.prepareSearch(ShieldTemplateService.SECURITY_INDEX_NAME)
+                client.admin().indices().prepareRefresh(SecurityTemplateService.SECURITY_INDEX_NAME);
+                SearchRequest request = client.prepareSearch(SecurityTemplateService.SECURITY_INDEX_NAME)
                         .setScroll(scrollKeepAlive)
                         .setQuery(QueryBuilders.typeQuery(ROLE_DOC_TYPE))
                         .setSize(scrollSize)
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/ReservedRolesStore.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/ReservedRolesStore.java
similarity index 84%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/ReservedRolesStore.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/ReservedRolesStore.java
index 65eec749cb0..485c35d03af 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/ReservedRolesStore.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/ReservedRolesStore.java
@@ -3,19 +3,19 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.store;
+package org.elasticsearch.xpack.security.authz.store;
 
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.util.set.Sets;
-import org.elasticsearch.shield.SecurityContext;
-import org.elasticsearch.shield.authz.RoleDescriptor;
-import org.elasticsearch.shield.authz.permission.KibanaRole;
-import org.elasticsearch.shield.authz.permission.KibanaUserRole;
-import org.elasticsearch.shield.authz.permission.Role;
-import org.elasticsearch.shield.authz.permission.SuperuserRole;
-import org.elasticsearch.shield.authz.permission.TransportClientRole;
-import org.elasticsearch.shield.user.KibanaUser;
-import org.elasticsearch.shield.user.SystemUser;
+import org.elasticsearch.xpack.security.SecurityContext;
+import org.elasticsearch.xpack.security.authz.RoleDescriptor;
+import org.elasticsearch.xpack.security.authz.permission.KibanaRole;
+import org.elasticsearch.xpack.security.authz.permission.KibanaUserRole;
+import org.elasticsearch.xpack.security.authz.permission.Role;
+import org.elasticsearch.xpack.security.authz.permission.SuperuserRole;
+import org.elasticsearch.xpack.security.authz.permission.TransportClientRole;
+import org.elasticsearch.xpack.security.user.KibanaUser;
+import org.elasticsearch.xpack.security.user.SystemUser;
 
 import java.util.Arrays;
 import java.util.Collection;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/RolesStore.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/RolesStore.java
similarity index 76%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/RolesStore.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/RolesStore.java
index 42a48a23145..ece0e559683 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/RolesStore.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/RolesStore.java
@@ -3,9 +3,9 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.store;
+package org.elasticsearch.xpack.security.authz.store;
 
-import org.elasticsearch.shield.authz.permission.Role;
+import org.elasticsearch.xpack.security.authz.permission.Role;
 
 /**
  * An interface for looking up a role given a string role name
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/client/SecurityClient.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/client/SecurityClient.java
similarity index 70%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/client/SecurityClient.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/client/SecurityClient.java
index 8fc7ec3b971..9463e89f417 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/client/SecurityClient.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/client/SecurityClient.java
@@ -3,53 +3,53 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.client;
+package org.elasticsearch.xpack.security.client;
 
 import org.elasticsearch.action.ActionFuture;
 import org.elasticsearch.action.ActionListener;
 import org.elasticsearch.client.ElasticsearchClient;
 import org.elasticsearch.common.bytes.BytesReference;
-import org.elasticsearch.shield.action.realm.ClearRealmCacheAction;
-import org.elasticsearch.shield.action.realm.ClearRealmCacheRequest;
-import org.elasticsearch.shield.action.realm.ClearRealmCacheRequestBuilder;
-import org.elasticsearch.shield.action.realm.ClearRealmCacheResponse;
-import org.elasticsearch.shield.action.role.ClearRolesCacheAction;
-import org.elasticsearch.shield.action.role.ClearRolesCacheRequest;
-import org.elasticsearch.shield.action.role.ClearRolesCacheRequestBuilder;
-import org.elasticsearch.shield.action.role.ClearRolesCacheResponse;
-import org.elasticsearch.shield.action.role.DeleteRoleAction;
-import org.elasticsearch.shield.action.role.DeleteRoleRequest;
-import org.elasticsearch.shield.action.role.DeleteRoleRequestBuilder;
-import org.elasticsearch.shield.action.role.DeleteRoleResponse;
-import org.elasticsearch.shield.action.role.GetRolesAction;
-import org.elasticsearch.shield.action.role.GetRolesRequest;
-import org.elasticsearch.shield.action.role.GetRolesRequestBuilder;
-import org.elasticsearch.shield.action.role.GetRolesResponse;
-import org.elasticsearch.shield.action.role.PutRoleAction;
-import org.elasticsearch.shield.action.role.PutRoleRequest;
-import org.elasticsearch.shield.action.role.PutRoleRequestBuilder;
-import org.elasticsearch.shield.action.role.PutRoleResponse;
-import org.elasticsearch.shield.action.user.ChangePasswordAction;
-import org.elasticsearch.shield.action.user.ChangePasswordRequest;
-import org.elasticsearch.shield.action.user.ChangePasswordRequestBuilder;
-import org.elasticsearch.shield.action.user.ChangePasswordResponse;
-import org.elasticsearch.shield.action.user.DeleteUserAction;
-import org.elasticsearch.shield.action.user.DeleteUserRequest;
-import org.elasticsearch.shield.action.user.DeleteUserRequestBuilder;
-import org.elasticsearch.shield.action.user.DeleteUserResponse;
-import org.elasticsearch.shield.action.user.GetUsersAction;
-import org.elasticsearch.shield.action.user.GetUsersRequest;
-import org.elasticsearch.shield.action.user.GetUsersRequestBuilder;
-import org.elasticsearch.shield.action.user.GetUsersResponse;
-import org.elasticsearch.shield.action.user.PutUserAction;
-import org.elasticsearch.shield.action.user.PutUserRequest;
-import org.elasticsearch.shield.action.user.PutUserRequestBuilder;
-import org.elasticsearch.shield.action.user.PutUserResponse;
+import org.elasticsearch.xpack.security.action.realm.ClearRealmCacheAction;
+import org.elasticsearch.xpack.security.action.realm.ClearRealmCacheRequest;
+import org.elasticsearch.xpack.security.action.realm.ClearRealmCacheRequestBuilder;
+import org.elasticsearch.xpack.security.action.realm.ClearRealmCacheResponse;
+import org.elasticsearch.xpack.security.action.role.ClearRolesCacheAction;
+import org.elasticsearch.xpack.security.action.role.ClearRolesCacheRequest;
+import org.elasticsearch.xpack.security.action.role.ClearRolesCacheRequestBuilder;
+import org.elasticsearch.xpack.security.action.role.ClearRolesCacheResponse;
+import org.elasticsearch.xpack.security.action.role.DeleteRoleAction;
+import org.elasticsearch.xpack.security.action.role.DeleteRoleRequest;
+import org.elasticsearch.xpack.security.action.role.DeleteRoleRequestBuilder;
+import org.elasticsearch.xpack.security.action.role.DeleteRoleResponse;
+import org.elasticsearch.xpack.security.action.role.GetRolesAction;
+import org.elasticsearch.xpack.security.action.role.GetRolesRequest;
+import org.elasticsearch.xpack.security.action.role.GetRolesRequestBuilder;
+import org.elasticsearch.xpack.security.action.role.GetRolesResponse;
+import org.elasticsearch.xpack.security.action.role.PutRoleAction;
+import org.elasticsearch.xpack.security.action.role.PutRoleRequest;
+import org.elasticsearch.xpack.security.action.role.PutRoleRequestBuilder;
+import org.elasticsearch.xpack.security.action.role.PutRoleResponse;
+import org.elasticsearch.xpack.security.action.user.ChangePasswordAction;
+import org.elasticsearch.xpack.security.action.user.ChangePasswordRequest;
+import org.elasticsearch.xpack.security.action.user.ChangePasswordRequestBuilder;
+import org.elasticsearch.xpack.security.action.user.ChangePasswordResponse;
+import org.elasticsearch.xpack.security.action.user.DeleteUserAction;
+import org.elasticsearch.xpack.security.action.user.DeleteUserRequest;
+import org.elasticsearch.xpack.security.action.user.DeleteUserRequestBuilder;
+import org.elasticsearch.xpack.security.action.user.DeleteUserResponse;
+import org.elasticsearch.xpack.security.action.user.GetUsersAction;
+import org.elasticsearch.xpack.security.action.user.GetUsersRequest;
+import org.elasticsearch.xpack.security.action.user.GetUsersRequestBuilder;
+import org.elasticsearch.xpack.security.action.user.GetUsersResponse;
+import org.elasticsearch.xpack.security.action.user.PutUserAction;
+import org.elasticsearch.xpack.security.action.user.PutUserRequest;
+import org.elasticsearch.xpack.security.action.user.PutUserRequestBuilder;
+import org.elasticsearch.xpack.security.action.user.PutUserResponse;
 
 import java.io.IOException;
 
 /**
- * A wrapper to elasticsearch clients that exposes all Shield related APIs
+ * A wrapper to elasticsearch clients that exposes all Security related APIs
  */
 public class SecurityClient {
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/crypto/CryptoModule.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/crypto/CryptoModule.java
similarity index 76%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/crypto/CryptoModule.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/crypto/CryptoModule.java
index b90d1b16c2e..64909c25272 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/crypto/CryptoModule.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/crypto/CryptoModule.java
@@ -3,15 +3,15 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.crypto;
+package org.elasticsearch.xpack.security.crypto;
 
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.support.AbstractShieldModule;
+import org.elasticsearch.xpack.security.support.AbstractSecurityModule;
 
 /**
  *
  */
-public class CryptoModule extends AbstractShieldModule.Node {
+public class CryptoModule extends AbstractSecurityModule.Node {
 
     public CryptoModule(Settings settings) {
         super(settings);
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/crypto/CryptoService.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/crypto/CryptoService.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/crypto/CryptoService.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/crypto/CryptoService.java
index 40b8859f12a..cbc4796eb9d 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/crypto/CryptoService.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/crypto/CryptoService.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.crypto;
+package org.elasticsearch.xpack.security.crypto;
 
 import javax.crypto.SecretKey;
 import java.io.IOException;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/crypto/InternalCryptoService.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/crypto/InternalCryptoService.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/crypto/InternalCryptoService.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/crypto/InternalCryptoService.java
index ef96be6b210..80ca629d847 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/crypto/InternalCryptoService.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/crypto/InternalCryptoService.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.crypto;
+package org.elasticsearch.xpack.security.crypto;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.common.Nullable;
@@ -14,7 +14,7 @@ import org.elasticsearch.common.settings.Setting.Property;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.settings.SettingsModule;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.shield.authc.support.CharArrays;
+import org.elasticsearch.xpack.security.authc.support.CharArrays;
 import org.elasticsearch.watcher.FileChangesListener;
 import org.elasticsearch.watcher.FileWatcher;
 import org.elasticsearch.watcher.ResourceWatcherService;
@@ -45,8 +45,8 @@ import java.util.Objects;
 import java.util.concurrent.CopyOnWriteArrayList;
 import java.util.regex.Pattern;
 
-import static org.elasticsearch.shield.authc.support.SecuredString.constantTimeEquals;
-import static org.elasticsearch.shield.Security.setting;
+import static org.elasticsearch.xpack.security.authc.support.SecuredString.constantTimeEquals;
+import static org.elasticsearch.xpack.security.Security.setting;
 
 /**
  *
@@ -66,7 +66,7 @@ public class InternalCryptoService extends AbstractLifecycleComponent<InternalCr
     static final int RANDOM_KEY_SIZE = 128;
 
     private static final Pattern SIG_PATTERN = Pattern.compile("^\\$\\$[0-9]+\\$\\$[^\\$]*\\$\\$.+");
-    private static final byte[] HKDF_APP_INFO = "es-shield-crypto-service".getBytes(StandardCharsets.UTF_8);
+    private static final byte[] HKDF_APP_INFO = "es-security-crypto-service".getBytes(StandardCharsets.UTF_8);
 
     public static final Setting<String> FILE_SETTING = Setting.simpleString(setting("system_key.file"), Property.NodeScope);
     public static final Setting<String> ENCRYPTION_ALGO_SETTING =
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/crypto/tool/SystemKeyTool.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/crypto/tool/SystemKeyTool.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/crypto/tool/SystemKeyTool.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/crypto/tool/SystemKeyTool.java
index 15eb07390ab..847f5c5800f 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/crypto/tool/SystemKeyTool.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/crypto/tool/SystemKeyTool.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.crypto.tool;
+package org.elasticsearch.xpack.security.crypto.tool;
 
 import joptsimple.OptionSet;
 import joptsimple.OptionSpec;
@@ -19,7 +19,7 @@ import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.set.Sets;
 import org.elasticsearch.env.Environment;
 import org.elasticsearch.node.internal.InternalSettingsPreparer;
-import org.elasticsearch.shield.crypto.InternalCryptoService;
+import org.elasticsearch.xpack.security.crypto.InternalCryptoService;
 
 import java.nio.file.Files;
 import java.nio.file.Path;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/RemoteHostHeader.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/RemoteHostHeader.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/RemoteHostHeader.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/RemoteHostHeader.java
index 26f3190e0ed..868846360dc 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/RemoteHostHeader.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/RemoteHostHeader.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.rest;
+package org.elasticsearch.xpack.security.rest;
 
 import org.elasticsearch.common.util.concurrent.ThreadContext;
 import org.elasticsearch.rest.RestRequest;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/ShieldRestFilter.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java
similarity index 81%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/ShieldRestFilter.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java
index 21c3c7d418f..a99731eb922 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/ShieldRestFilter.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.rest;
+package org.elasticsearch.xpack.security.rest;
 
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.logging.ESLogger;
@@ -16,10 +16,10 @@ import org.elasticsearch.rest.RestController;
 import org.elasticsearch.rest.RestFilter;
 import org.elasticsearch.rest.RestFilterChain;
 import org.elasticsearch.rest.RestRequest;
-import org.elasticsearch.shield.authc.AuthenticationService;
-import org.elasticsearch.shield.authc.pki.PkiRealm;
-import org.elasticsearch.shield.SecurityLicenseState;
-import org.elasticsearch.shield.transport.netty.ShieldNettyHttpServerTransport;
+import org.elasticsearch.xpack.security.authc.AuthenticationService;
+import org.elasticsearch.xpack.security.authc.pki.PkiRealm;
+import org.elasticsearch.xpack.security.SecurityLicenseState;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.jboss.netty.handler.ssl.SslHandler;
 
@@ -30,7 +30,7 @@ import java.security.cert.X509Certificate;
 /**
  *
  */
-public class ShieldRestFilter extends RestFilter {
+public class SecurityRestFilter extends RestFilter {
 
     private final AuthenticationService service;
     private final ESLogger logger;
@@ -39,14 +39,14 @@ public class ShieldRestFilter extends RestFilter {
     private final boolean extractClientCertificate;
 
     @Inject
-    public ShieldRestFilter(AuthenticationService service, RestController controller, Settings settings,
-                            ThreadPool threadPool, SecurityLicenseState licenseState) {
+    public SecurityRestFilter(AuthenticationService service, RestController controller, Settings settings,
+                              ThreadPool threadPool, SecurityLicenseState licenseState) {
         this.service = service;
         this.licenseState = licenseState;
         this.threadContext = threadPool.getThreadContext();
         controller.registerFilter(this);
-        boolean ssl = ShieldNettyHttpServerTransport.SSL_SETTING.get(settings);
-        extractClientCertificate = ssl && ShieldNettyHttpServerTransport.CLIENT_AUTH_SETTING.get(settings).enabled();
+        boolean ssl = SecurityNettyHttpServerTransport.SSL_SETTING.get(settings);
+        extractClientCertificate = ssl && SecurityNettyHttpServerTransport.CLIENT_AUTH_SETTING.get(settings).enabled();
         logger = Loggers.getLogger(getClass(), settings);
     }
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/ShieldRestModule.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestModule.java
similarity index 57%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/ShieldRestModule.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestModule.java
index f04692d426a..d11c9a87b7b 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/ShieldRestModule.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestModule.java
@@ -3,22 +3,22 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.rest;
+package org.elasticsearch.xpack.security.rest;
 
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.support.AbstractShieldModule;
+import org.elasticsearch.xpack.security.support.AbstractSecurityModule;
 
 /**
  *
  */
-public class ShieldRestModule extends AbstractShieldModule.Node {
+public class SecurityRestModule extends AbstractSecurityModule.Node {
 
-    public ShieldRestModule(Settings settings) {
+    public SecurityRestModule(Settings settings) {
         super(settings);
     }
 
     @Override
     protected void configureNode() {
-        bind(ShieldRestFilter.class).asEagerSingleton();
+        bind(SecurityRestFilter.class).asEagerSingleton();
     }
 }
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/RestAuthenticateAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/RestAuthenticateAction.java
similarity index 85%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/RestAuthenticateAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/RestAuthenticateAction.java
index 6f03f4778d4..818b64a6949 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/RestAuthenticateAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/RestAuthenticateAction.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.rest.action;
+package org.elasticsearch.xpack.security.rest.action;
 
 import org.elasticsearch.client.Client;
 import org.elasticsearch.common.inject.Inject;
@@ -18,11 +18,11 @@ import org.elasticsearch.rest.RestRequest;
 import org.elasticsearch.rest.RestResponse;
 import org.elasticsearch.rest.RestStatus;
 import org.elasticsearch.rest.action.support.RestBuilderListener;
-import org.elasticsearch.shield.SecurityContext;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.action.user.AuthenticateAction;
-import org.elasticsearch.shield.action.user.AuthenticateRequest;
-import org.elasticsearch.shield.action.user.AuthenticateResponse;
+import org.elasticsearch.xpack.security.SecurityContext;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.action.user.AuthenticateAction;
+import org.elasticsearch.xpack.security.action.user.AuthenticateRequest;
+import org.elasticsearch.xpack.security.action.user.AuthenticateResponse;
 
 import static org.elasticsearch.rest.RestRequest.Method.GET;
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/realm/RestClearRealmCacheAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/realm/RestClearRealmCacheAction.java
similarity index 89%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/realm/RestClearRealmCacheAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/realm/RestClearRealmCacheAction.java
index a33ded253fb..16b421f4161 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/realm/RestClearRealmCacheAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/realm/RestClearRealmCacheAction.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.rest.action.realm;
+package org.elasticsearch.xpack.security.rest.action.realm;
 
 import org.elasticsearch.client.Client;
 import org.elasticsearch.common.inject.Inject;
@@ -13,8 +13,8 @@ import org.elasticsearch.rest.RestChannel;
 import org.elasticsearch.rest.RestController;
 import org.elasticsearch.rest.RestRequest;
 import org.elasticsearch.rest.action.support.RestActions.NodesResponseRestListener;
-import org.elasticsearch.shield.action.realm.ClearRealmCacheRequest;
-import org.elasticsearch.shield.client.SecurityClient;
+import org.elasticsearch.xpack.security.action.realm.ClearRealmCacheRequest;
+import org.elasticsearch.xpack.security.client.SecurityClient;
 
 import static org.elasticsearch.rest.RestRequest.Method.POST;
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/role/RestClearRolesCacheAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestClearRolesCacheAction.java
similarity index 87%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/role/RestClearRolesCacheAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestClearRolesCacheAction.java
index 1c142f6f90a..f24b87a2b9e 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/role/RestClearRolesCacheAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestClearRolesCacheAction.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.rest.action.role;
+package org.elasticsearch.xpack.security.rest.action.role;
 
 import org.elasticsearch.client.Client;
 import org.elasticsearch.common.inject.Inject;
@@ -13,8 +13,8 @@ import org.elasticsearch.rest.RestChannel;
 import org.elasticsearch.rest.RestController;
 import org.elasticsearch.rest.RestRequest;
 import org.elasticsearch.rest.action.support.RestActions.NodesResponseRestListener;
-import org.elasticsearch.shield.action.role.ClearRolesCacheRequest;
-import org.elasticsearch.shield.client.SecurityClient;
+import org.elasticsearch.xpack.security.action.role.ClearRolesCacheRequest;
+import org.elasticsearch.xpack.security.client.SecurityClient;
 
 import static org.elasticsearch.rest.RestRequest.Method.POST;
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/role/RestDeleteRoleAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestDeleteRoleAction.java
similarity index 85%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/role/RestDeleteRoleAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestDeleteRoleAction.java
index fca173893ca..e608c5d83bd 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/role/RestDeleteRoleAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestDeleteRoleAction.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.rest.action.role;
+package org.elasticsearch.xpack.security.rest.action.role;
 
 import org.elasticsearch.client.Client;
 import org.elasticsearch.common.inject.Inject;
@@ -17,12 +17,12 @@ import org.elasticsearch.rest.RestRequest;
 import org.elasticsearch.rest.RestResponse;
 import org.elasticsearch.rest.RestStatus;
 import org.elasticsearch.rest.action.support.RestBuilderListener;
-import org.elasticsearch.shield.action.role.DeleteRoleRequestBuilder;
-import org.elasticsearch.shield.action.role.DeleteRoleResponse;
-import org.elasticsearch.shield.client.SecurityClient;
+import org.elasticsearch.xpack.security.action.role.DeleteRoleRequestBuilder;
+import org.elasticsearch.xpack.security.action.role.DeleteRoleResponse;
+import org.elasticsearch.xpack.security.client.SecurityClient;
 
 /**
- * Rest endpoint to delete a Role from the shield index
+ * Rest endpoint to delete a Role from the security index
  */
 public class RestDeleteRoleAction extends BaseRestHandler {
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/role/RestGetRolesAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestGetRolesAction.java
similarity index 88%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/role/RestGetRolesAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestGetRolesAction.java
index eafd4a4fda0..1bc5dc43cf2 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/role/RestGetRolesAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestGetRolesAction.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.rest.action.role;
+package org.elasticsearch.xpack.security.rest.action.role;
 
 import org.elasticsearch.client.Client;
 import org.elasticsearch.common.Strings;
@@ -18,12 +18,12 @@ import org.elasticsearch.rest.RestRequest;
 import org.elasticsearch.rest.RestResponse;
 import org.elasticsearch.rest.RestStatus;
 import org.elasticsearch.rest.action.support.RestBuilderListener;
-import org.elasticsearch.shield.action.role.GetRolesResponse;
-import org.elasticsearch.shield.client.SecurityClient;
-import org.elasticsearch.shield.authz.RoleDescriptor;
+import org.elasticsearch.xpack.security.action.role.GetRolesResponse;
+import org.elasticsearch.xpack.security.client.SecurityClient;
+import org.elasticsearch.xpack.security.authz.RoleDescriptor;
 
 /**
- * Rest endpoint to retrieve a Role from the shield index
+ * Rest endpoint to retrieve a Role from the security index
  */
 public class RestGetRolesAction extends BaseRestHandler {
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/role/RestPutRoleAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestPutRoleAction.java
similarity index 86%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/role/RestPutRoleAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestPutRoleAction.java
index d1a1a6c227d..da8f590bd72 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/role/RestPutRoleAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestPutRoleAction.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.rest.action.role;
+package org.elasticsearch.xpack.security.rest.action.role;
 
 import org.elasticsearch.client.Client;
 import org.elasticsearch.common.inject.Inject;
@@ -17,12 +17,12 @@ import org.elasticsearch.rest.RestRequest;
 import org.elasticsearch.rest.RestResponse;
 import org.elasticsearch.rest.RestStatus;
 import org.elasticsearch.rest.action.support.RestBuilderListener;
-import org.elasticsearch.shield.action.role.PutRoleRequestBuilder;
-import org.elasticsearch.shield.action.role.PutRoleResponse;
-import org.elasticsearch.shield.client.SecurityClient;
+import org.elasticsearch.xpack.security.action.role.PutRoleRequestBuilder;
+import org.elasticsearch.xpack.security.action.role.PutRoleResponse;
+import org.elasticsearch.xpack.security.client.SecurityClient;
 
 /**
- * Rest endpoint to add a Role to the shield index
+ * Rest endpoint to add a Role to the security index
  */
 public class RestPutRoleAction extends BaseRestHandler {
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/user/RestChangePasswordAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestChangePasswordAction.java
similarity index 89%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/user/RestChangePasswordAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestChangePasswordAction.java
index ce31c587e24..e575acc3c22 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/user/RestChangePasswordAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestChangePasswordAction.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.rest.action.user;
+package org.elasticsearch.xpack.security.rest.action.user;
 
 import org.elasticsearch.client.Client;
 import org.elasticsearch.common.inject.Inject;
@@ -17,10 +17,10 @@ import org.elasticsearch.rest.RestRequest;
 import org.elasticsearch.rest.RestResponse;
 import org.elasticsearch.rest.RestStatus;
 import org.elasticsearch.rest.action.support.RestBuilderListener;
-import org.elasticsearch.shield.SecurityContext;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.action.user.ChangePasswordResponse;
-import org.elasticsearch.shield.client.SecurityClient;
+import org.elasticsearch.xpack.security.SecurityContext;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.action.user.ChangePasswordResponse;
+import org.elasticsearch.xpack.security.client.SecurityClient;
 
 /**
  */
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/user/RestDeleteUserAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestDeleteUserAction.java
similarity index 83%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/user/RestDeleteUserAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestDeleteUserAction.java
index 853c5d0a974..acbd86b1d52 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/user/RestDeleteUserAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestDeleteUserAction.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.rest.action.user;
+package org.elasticsearch.xpack.security.rest.action.user;
 
 import org.elasticsearch.client.Client;
 import org.elasticsearch.common.inject.Inject;
@@ -17,13 +17,13 @@ import org.elasticsearch.rest.RestRequest;
 import org.elasticsearch.rest.RestResponse;
 import org.elasticsearch.rest.RestStatus;
 import org.elasticsearch.rest.action.support.RestBuilderListener;
-import org.elasticsearch.shield.action.user.DeleteUserRequest;
-import org.elasticsearch.shield.action.user.DeleteUserRequestBuilder;
-import org.elasticsearch.shield.action.user.DeleteUserResponse;
-import org.elasticsearch.shield.client.SecurityClient;
+import org.elasticsearch.xpack.security.action.user.DeleteUserRequest;
+import org.elasticsearch.xpack.security.action.user.DeleteUserRequestBuilder;
+import org.elasticsearch.xpack.security.action.user.DeleteUserResponse;
+import org.elasticsearch.xpack.security.client.SecurityClient;
 
 /**
- * Rest action to delete a user from the shield index
+ * Rest action to delete a user from the security index
  */
 public class RestDeleteUserAction extends BaseRestHandler {
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/user/RestGetUsersAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestGetUsersAction.java
similarity index 89%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/user/RestGetUsersAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestGetUsersAction.java
index 1cfddb7bb88..40c631a5e1e 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/user/RestGetUsersAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestGetUsersAction.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.rest.action.user;
+package org.elasticsearch.xpack.security.rest.action.user;
 
 import org.elasticsearch.client.Client;
 import org.elasticsearch.common.Strings;
@@ -19,12 +19,12 @@ import org.elasticsearch.rest.RestRequest;
 import org.elasticsearch.rest.RestResponse;
 import org.elasticsearch.rest.RestStatus;
 import org.elasticsearch.rest.action.support.RestBuilderListener;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.action.user.GetUsersResponse;
-import org.elasticsearch.shield.client.SecurityClient;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.action.user.GetUsersResponse;
+import org.elasticsearch.xpack.security.client.SecurityClient;
 
 /**
- * Rest action to retrieve a user from the shield index
+ * Rest action to retrieve a user from the security index
  */
 public class RestGetUsersAction extends BaseRestHandler {
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/user/RestPutUserAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestPutUserAction.java
similarity index 86%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/user/RestPutUserAction.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestPutUserAction.java
index 261495f4ac1..eff43ac2243 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/user/RestPutUserAction.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestPutUserAction.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.rest.action.user;
+package org.elasticsearch.xpack.security.rest.action.user;
 
 import org.elasticsearch.client.Client;
 import org.elasticsearch.common.inject.Inject;
@@ -17,12 +17,12 @@ import org.elasticsearch.rest.RestRequest;
 import org.elasticsearch.rest.RestResponse;
 import org.elasticsearch.rest.RestStatus;
 import org.elasticsearch.rest.action.support.RestBuilderListener;
-import org.elasticsearch.shield.action.user.PutUserRequestBuilder;
-import org.elasticsearch.shield.action.user.PutUserResponse;
-import org.elasticsearch.shield.client.SecurityClient;
+import org.elasticsearch.xpack.security.action.user.PutUserRequestBuilder;
+import org.elasticsearch.xpack.security.action.user.PutUserResponse;
+import org.elasticsearch.xpack.security.client.SecurityClient;
 
 /**
- * Rest endpoint to add a User to the shield index
+ * Rest endpoint to add a User to the security index
  */
 public class RestPutUserAction extends BaseRestHandler {
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/AbstractSSLService.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/AbstractSSLService.java
similarity index 95%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/AbstractSSLService.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/AbstractSSLService.java
index 87007ad1f1e..63e69307107 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/AbstractSSLService.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/AbstractSSLService.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.ssl;
+package org.elasticsearch.xpack.security.ssl;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.common.Strings;
@@ -11,9 +11,9 @@ import org.elasticsearch.common.component.AbstractComponent;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.unit.TimeValue;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.shield.ssl.SSLConfiguration.Custom;
-import org.elasticsearch.shield.ssl.SSLConfiguration.Global;
-import org.elasticsearch.shield.ssl.TrustConfig.Reloadable.Listener;
+import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Custom;
+import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global;
+import org.elasticsearch.xpack.security.ssl.TrustConfig.Reloadable.Listener;
 import org.elasticsearch.watcher.ResourceWatcherService;
 
 import javax.net.ssl.KeyManager;
@@ -68,7 +68,7 @@ public abstract class AbstractSSLService extends AbstractComponent {
 
     protected SSLSocketFactory sslSocketFactory(SSLContext sslContext) {
         SSLSocketFactory socketFactory = sslContext.getSocketFactory();
-        return new ShieldSSLSocketFactory(socketFactory, supportedProtocols(),
+        return new SecuritySSLSocketFactory(socketFactory, supportedProtocols(),
                 supportedCiphers(socketFactory.getSupportedCipherSuites(), ciphers(), false));
     }
 
@@ -236,13 +236,13 @@ public abstract class AbstractSSLService extends AbstractComponent {
     /**
      * This socket factory set the protocols and ciphers on each SSLSocket after it is created
      */
-    static class ShieldSSLSocketFactory extends SSLSocketFactory {
+    static class SecuritySSLSocketFactory extends SSLSocketFactory {
 
         private final SSLSocketFactory delegate;
         private final String[] supportedProtocols;
         private final String[] ciphers;
 
-        ShieldSSLSocketFactory(SSLSocketFactory delegate, String[] supportedProtocols, String[] ciphers) {
+        SecuritySSLSocketFactory(SSLSocketFactory delegate, String[] supportedProtocols, String[] ciphers) {
             this.delegate = delegate;
             this.supportedProtocols = supportedProtocols;
             this.ciphers = ciphers;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/CertUtils.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/CertUtils.java
similarity index 99%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/CertUtils.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/CertUtils.java
index dcad971d418..87ab1c528d3 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/CertUtils.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/CertUtils.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.ssl;
+package org.elasticsearch.xpack.security.ssl;
 
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.asn1.x500.X500Name;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/ClientSSLService.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/ClientSSLService.java
similarity index 91%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/ClientSSLService.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/ClientSSLService.java
index a1e78d0f85d..634ad12e074 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/ClientSSLService.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/ClientSSLService.java
@@ -3,12 +3,12 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.ssl;
+package org.elasticsearch.xpack.security.ssl;
 
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.shield.ssl.SSLConfiguration.Global;
+import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global;
 import org.elasticsearch.watcher.ResourceWatcherService;
 
 public class ClientSSLService extends AbstractSSLService {
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/KeyConfig.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/KeyConfig.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/KeyConfig.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/KeyConfig.java
index 2809cb900eb..d62b8aa772b 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/KeyConfig.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/KeyConfig.java
@@ -3,12 +3,12 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.ssl;
+package org.elasticsearch.xpack.security.ssl;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.common.Nullable;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.shield.ssl.TrustConfig.Reloadable.Listener;
+import org.elasticsearch.xpack.security.ssl.TrustConfig.Reloadable.Listener;
 import org.elasticsearch.watcher.FileWatcher;
 import org.elasticsearch.watcher.ResourceWatcherService;
 import org.elasticsearch.watcher.ResourceWatcherService.Frequency;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/PEMKeyConfig.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/PEMKeyConfig.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/PEMKeyConfig.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/PEMKeyConfig.java
index 67ff588d869..7603574e024 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/PEMKeyConfig.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/PEMKeyConfig.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.ssl;
+package org.elasticsearch.xpack.security.ssl;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.common.Nullable;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/PEMTrustConfig.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/PEMTrustConfig.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/PEMTrustConfig.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/PEMTrustConfig.java
index c0677d4c8a5..b9b1473a70e 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/PEMTrustConfig.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/PEMTrustConfig.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.ssl;
+package org.elasticsearch.xpack.security.ssl;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.common.Nullable;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/SSLConfiguration.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLConfiguration.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/SSLConfiguration.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLConfiguration.java
index cabac13e0f7..dea26e304ae 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/SSLConfiguration.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLConfiguration.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.ssl;
+package org.elasticsearch.xpack.security.ssl;
 
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.settings.Setting;
@@ -21,10 +21,10 @@ import java.util.Objects;
 import java.util.Optional;
 import java.util.function.Function;
 
-import static org.elasticsearch.shield.Security.setting;
-import static org.elasticsearch.shield.support.OptionalSettings.createInt;
-import static org.elasticsearch.shield.support.OptionalSettings.createString;
-import static org.elasticsearch.shield.support.OptionalSettings.createTimeValue;
+import static org.elasticsearch.xpack.security.Security.setting;
+import static org.elasticsearch.xpack.security.support.OptionalSettings.createInt;
+import static org.elasticsearch.xpack.security.support.OptionalSettings.createString;
+import static org.elasticsearch.xpack.security.support.OptionalSettings.createTimeValue;
 
 /**
  * Class that contains all configuration related to SSL use within x-pack
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/SSLModule.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLModule.java
similarity index 77%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/SSLModule.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLModule.java
index 6416a027ed7..57cb5c4cf39 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/SSLModule.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLModule.java
@@ -3,17 +3,17 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.ssl;
+package org.elasticsearch.xpack.security.ssl;
 
 import org.elasticsearch.common.inject.util.Providers;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.ssl.SSLConfiguration.Global;
-import org.elasticsearch.shield.support.AbstractShieldModule;
+import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global;
+import org.elasticsearch.xpack.security.support.AbstractSecurityModule;
 
 /**
  *
  */
-public class SSLModule extends AbstractShieldModule {
+public class SSLModule extends AbstractSecurityModule {
 
     public SSLModule(Settings settings) {
         super(settings);
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/ServerSSLService.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/ServerSSLService.java
similarity index 90%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/ServerSSLService.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/ServerSSLService.java
index 7f5828a2db0..84196117a2d 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/ServerSSLService.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/ServerSSLService.java
@@ -3,12 +3,12 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.ssl;
+package org.elasticsearch.xpack.security.ssl;
 
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.shield.ssl.SSLConfiguration.Global;
+import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global;
 import org.elasticsearch.watcher.ResourceWatcherService;
 
 public class ServerSSLService extends AbstractSSLService {
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/StoreKeyConfig.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/StoreKeyConfig.java
similarity index 99%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/StoreKeyConfig.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/StoreKeyConfig.java
index 91fbdc24ef6..1e762dc6fed 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/StoreKeyConfig.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/StoreKeyConfig.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.ssl;
+package org.elasticsearch.xpack.security.ssl;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.common.Nullable;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/StoreTrustConfig.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/StoreTrustConfig.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/StoreTrustConfig.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/StoreTrustConfig.java
index 8b96ed7fb45..e9ac5bffc2b 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/StoreTrustConfig.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/StoreTrustConfig.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.ssl;
+package org.elasticsearch.xpack.security.ssl;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.common.Nullable;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/TrustConfig.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/TrustConfig.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/TrustConfig.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/TrustConfig.java
index 6d2af4b7cda..ec580993a32 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/TrustConfig.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/TrustConfig.java
@@ -3,12 +3,12 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.ssl;
+package org.elasticsearch.xpack.security.ssl;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.common.Nullable;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.shield.ssl.TrustConfig.Reloadable.Listener;
+import org.elasticsearch.xpack.security.ssl.TrustConfig.Reloadable.Listener;
 import org.elasticsearch.watcher.FileChangesListener;
 import org.elasticsearch.watcher.FileWatcher;
 import org.elasticsearch.watcher.ResourceWatcherService;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/AbstractShieldModule.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/AbstractSecurityModule.java
similarity index 75%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/AbstractShieldModule.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/AbstractSecurityModule.java
index dcad2314452..feef8fe746b 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/AbstractShieldModule.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/AbstractSecurityModule.java
@@ -3,27 +3,27 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.support;
+package org.elasticsearch.xpack.security.support;
 
 import org.elasticsearch.client.Client;
 import org.elasticsearch.client.transport.TransportClient;
 import org.elasticsearch.common.inject.AbstractModule;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.Security;
+import org.elasticsearch.xpack.security.Security;
 
 /**
  *
  */
-public abstract class AbstractShieldModule extends AbstractModule {
+public abstract class AbstractSecurityModule extends AbstractModule {
 
     protected final Settings settings;
     protected final boolean clientMode;
-    protected final boolean shieldEnabled;
+    protected final boolean securityEnabled;
 
-    public AbstractShieldModule(Settings settings) {
+    public AbstractSecurityModule(Settings settings) {
         this.settings = settings;
         this.clientMode = TransportClient.CLIENT_TYPE.equals(settings.get(Client.CLIENT_TYPE_SETTING_S.getKey()));
-        this.shieldEnabled = Security.enabled(settings);
+        this.securityEnabled = Security.enabled(settings);
     }
 
     @Override
@@ -33,7 +33,7 @@ public abstract class AbstractShieldModule extends AbstractModule {
 
     protected abstract void configure(boolean clientMode);
 
-    public static abstract class Node extends AbstractShieldModule {
+    public static abstract class Node extends AbstractSecurityModule {
 
         protected Node(Settings settings) {
             super(settings);
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/AutomatonPredicate.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/AutomatonPredicate.java
similarity index 93%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/AutomatonPredicate.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/AutomatonPredicate.java
index a8a8b0fa655..6f5da52f981 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/AutomatonPredicate.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/AutomatonPredicate.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.support;
+package org.elasticsearch.xpack.security.support;
 
 import dk.brics.automaton.Automaton;
 import dk.brics.automaton.RunAutomaton;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/Automatons.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/Automatons.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/Automatons.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/Automatons.java
index 48280b2c599..3b8f6e86c2a 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/Automatons.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/Automatons.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.support;
+package org.elasticsearch.xpack.security.support;
 
 import dk.brics.automaton.Automaton;
 import dk.brics.automaton.BasicAutomata;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/Exceptions.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/Exceptions.java
similarity index 92%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/Exceptions.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/Exceptions.java
index 349a6b70285..0f144ef59f7 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/Exceptions.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/Exceptions.java
@@ -3,11 +3,11 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.support;
+package org.elasticsearch.xpack.security.support;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.rest.RestStatus;
-import org.elasticsearch.shield.Security;
+import org.elasticsearch.xpack.security.Security;
 
 /**
  *
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/FileAttributesChecker.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/FileAttributesChecker.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/FileAttributesChecker.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/FileAttributesChecker.java
index 3a4b1b88195..6ef8461db82 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/FileAttributesChecker.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/FileAttributesChecker.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.support;
+package org.elasticsearch.xpack.security.support;
 
 import java.io.IOException;
 import java.nio.file.Files;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/NoOpLogger.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/NoOpLogger.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/NoOpLogger.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/NoOpLogger.java
index f5d5cc3376d..073b430cb76 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/NoOpLogger.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/NoOpLogger.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.support;
+package org.elasticsearch.xpack.security.support;
 
 import org.elasticsearch.common.logging.ESLogger;
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/OptionalSettings.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/OptionalSettings.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/OptionalSettings.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/OptionalSettings.java
index f916705d97a..58c0fcf50aa 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/OptionalSettings.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/OptionalSettings.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.support;
+package org.elasticsearch.xpack.security.support;
 
 import org.elasticsearch.common.settings.Setting;
 import org.elasticsearch.common.settings.Setting.Property;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/ShieldFiles.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/SecurityFiles.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/ShieldFiles.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/SecurityFiles.java
index 2f97577cb69..6348055edaf 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/ShieldFiles.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/SecurityFiles.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.support;
+package org.elasticsearch.xpack.security.support;
 
 import org.elasticsearch.env.Environment;
 
@@ -18,9 +18,9 @@ import java.nio.file.StandardOpenOption;
 import java.nio.file.attribute.PosixFileAttributeView;
 import java.nio.file.attribute.PosixFileAttributes;
 
-public class ShieldFiles {
+public class SecurityFiles {
 
-    private ShieldFiles() {
+    private SecurityFiles() {
     }
 
     /**
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/SelfReschedulingRunnable.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/SelfReschedulingRunnable.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/SelfReschedulingRunnable.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/SelfReschedulingRunnable.java
index ce2d945673e..c74e875cfa9 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/SelfReschedulingRunnable.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/SelfReschedulingRunnable.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.support;
+package org.elasticsearch.xpack.security.support;
 
 import org.elasticsearch.common.logging.ESLogger;
 import org.elasticsearch.common.unit.TimeValue;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/Validation.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/Validation.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/Validation.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/Validation.java
index 6c541bf9413..acb0057b6de 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/Validation.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/Validation.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.support;
+package org.elasticsearch.xpack.security.support;
 
 import java.util.regex.Pattern;
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/ClientTransportFilter.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/ClientTransportFilter.java
similarity index 91%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/ClientTransportFilter.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/ClientTransportFilter.java
index a3d6a0006b1..1c72af62d3e 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/ClientTransportFilter.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/ClientTransportFilter.java
@@ -3,11 +3,11 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport;
+package org.elasticsearch.xpack.security.transport;
 
 import org.elasticsearch.common.inject.Inject;
-import org.elasticsearch.shield.authc.AuthenticationService;
-import org.elasticsearch.shield.user.SystemUser;
+import org.elasticsearch.xpack.security.authc.AuthenticationService;
+import org.elasticsearch.xpack.security.user.SystemUser;
 import org.elasticsearch.transport.TransportRequest;
 
 import java.io.IOException;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/SSLClientAuth.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/SSLClientAuth.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/SSLClientAuth.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/SSLClientAuth.java
index f6343d151f9..9b47f0265c7 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/SSLClientAuth.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/SSLClientAuth.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport;
+package org.elasticsearch.xpack.security.transport;
 
 import javax.net.ssl.SSLEngine;
 import java.util.Locale;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/SSLExceptionHelper.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/SSLExceptionHelper.java
similarity index 93%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/SSLExceptionHelper.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/SSLExceptionHelper.java
index 41ebc1eeb01..11376649736 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/SSLExceptionHelper.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/SSLExceptionHelper.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport;
+package org.elasticsearch.xpack.security.transport;
 
 import org.jboss.netty.handler.ssl.NotSslRecordException;
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/ShieldClientTransportService.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityClientTransportService.java
similarity index 83%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/ShieldClientTransportService.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityClientTransportService.java
index 73dede2f854..b6de8448652 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/ShieldClientTransportService.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityClientTransportService.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport;
+package org.elasticsearch.xpack.security.transport;
 
 import org.elasticsearch.cluster.node.DiscoveryNode;
 import org.elasticsearch.common.inject.Inject;
@@ -17,13 +17,13 @@ import org.elasticsearch.transport.TransportResponse;
 import org.elasticsearch.transport.TransportResponseHandler;
 import org.elasticsearch.transport.TransportService;
 
-public class ShieldClientTransportService extends TransportService {
+public class SecurityClientTransportService extends TransportService {
 
     private final ClientTransportFilter clientFilter;
 
     @Inject
-    public ShieldClientTransportService(Settings settings, Transport transport, ThreadPool threadPool,
-            ClientTransportFilter clientFilter) {
+    public SecurityClientTransportService(Settings settings, Transport transport, ThreadPool threadPool,
+                                          ClientTransportFilter clientFilter) {
         super(settings, transport, threadPool);
         this.clientFilter = clientFilter;
     }
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/ShieldServerTransportService.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityServerTransportService.java
similarity index 86%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/ShieldServerTransportService.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityServerTransportService.java
index 918bc6e7a8e..851f7dc91a9 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/ShieldServerTransportService.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityServerTransportService.java
@@ -3,19 +3,19 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport;
+package org.elasticsearch.xpack.security.transport;
 
 import org.elasticsearch.cluster.node.DiscoveryNode;
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.action.ShieldActionMapper;
-import org.elasticsearch.shield.authc.AuthenticationService;
-import org.elasticsearch.shield.authz.AuthorizationService;
-import org.elasticsearch.shield.authz.AuthorizationUtils;
-import org.elasticsearch.shield.authz.accesscontrol.RequestContext;
-import org.elasticsearch.shield.SecurityLicenseState;
-import org.elasticsearch.shield.transport.netty.ShieldNettyTransport;
+import org.elasticsearch.xpack.security.action.SecurityActionMapper;
+import org.elasticsearch.xpack.security.authc.AuthenticationService;
+import org.elasticsearch.xpack.security.authz.AuthorizationService;
+import org.elasticsearch.xpack.security.authz.AuthorizationUtils;
+import org.elasticsearch.xpack.security.authz.accesscontrol.RequestContext;
+import org.elasticsearch.xpack.security.SecurityLicenseState;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
 import org.elasticsearch.tasks.Task;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.Transport;
@@ -34,32 +34,32 @@ import java.util.HashMap;
 import java.util.Map;
 import java.util.function.Supplier;
 
-import static org.elasticsearch.shield.transport.netty.ShieldNettyTransport.CLIENT_AUTH_SETTING;
-import static org.elasticsearch.shield.transport.netty.ShieldNettyTransport.PROFILE_CLIENT_AUTH_SETTING;
-import static org.elasticsearch.shield.transport.netty.ShieldNettyTransport.SSL_SETTING;
+import static org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport.CLIENT_AUTH_SETTING;
+import static org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport.PROFILE_CLIENT_AUTH_SETTING;
+import static org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport.SSL_SETTING;
 
 /**
  *
  */
-public class ShieldServerTransportService extends TransportService {
+public class SecurityServerTransportService extends TransportService {
 
-    public static final String SETTING_NAME = "shield.type";
+    public static final String SETTING_NAME = "xpack.security.type";
 
     protected final AuthenticationService authcService;
     protected final AuthorizationService authzService;
-    protected final ShieldActionMapper actionMapper;
+    protected final SecurityActionMapper actionMapper;
     protected final ClientTransportFilter clientFilter;
     protected final SecurityLicenseState licenseState;
 
     protected final Map<String, ServerTransportFilter> profileFilters;
 
     @Inject
-    public ShieldServerTransportService(Settings settings, Transport transport, ThreadPool threadPool,
-                                        AuthenticationService authcService,
-                                        AuthorizationService authzService,
-                                        ShieldActionMapper actionMapper,
-                                        ClientTransportFilter clientTransportFilter,
-                                        SecurityLicenseState licenseState) {
+    public SecurityServerTransportService(Settings settings, Transport transport, ThreadPool threadPool,
+                                          AuthenticationService authcService,
+                                          AuthorizationService authzService,
+                                          SecurityActionMapper actionMapper,
+                                          ClientTransportFilter clientTransportFilter,
+                                          SecurityLicenseState licenseState) {
         super(settings, transport, threadPool);
         this.authcService = authcService;
         this.authzService = authzService;
@@ -113,7 +113,7 @@ public class ShieldServerTransportService extends TransportService {
     }
 
     protected Map<String, ServerTransportFilter> initializeProfileFilters() {
-        if (!(transport instanceof ShieldNettyTransport)) {
+        if (!(transport instanceof SecurityNettyTransport)) {
             return Collections.<String, ServerTransportFilter>singletonMap(TransportSettings.DEFAULT_PROFILE,
                     new ServerTransportFilter.NodeProfile(authcService, authzService, actionMapper, threadPool.getThreadContext(), false));
         }
@@ -123,7 +123,7 @@ public class ShieldServerTransportService extends TransportService {
 
         for (Map.Entry<String, Settings> entry : profileSettingsMap.entrySet()) {
             Settings profileSettings = entry.getValue();
-            final boolean profileSsl = ShieldNettyTransport.profileSsl(profileSettings, settings);
+            final boolean profileSsl = SecurityNettyTransport.profileSsl(profileSettings, settings);
             final boolean clientAuth = PROFILE_CLIENT_AUTH_SETTING.get(profileSettings, settings).enabled();
             final boolean extractClientCert = profileSsl && clientAuth;
             String type = entry.getValue().get(SETTING_NAME, "node");
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/ShieldTransportModule.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityTransportModule.java
similarity index 75%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/ShieldTransportModule.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityTransportModule.java
index c29fc564a28..5e51f442f60 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/ShieldTransportModule.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityTransportModule.java
@@ -3,19 +3,19 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport;
+package org.elasticsearch.xpack.security.transport;
 
 import org.elasticsearch.common.inject.util.Providers;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.support.AbstractShieldModule;
-import org.elasticsearch.shield.transport.filter.IPFilter;
+import org.elasticsearch.xpack.security.support.AbstractSecurityModule;
+import org.elasticsearch.xpack.security.transport.filter.IPFilter;
 
 /**
  *
  */
-public class ShieldTransportModule extends AbstractShieldModule {
+public class SecurityTransportModule extends AbstractSecurityModule {
 
-    public ShieldTransportModule(Settings settings) {
+    public SecurityTransportModule(Settings settings) {
         super(settings);
     }
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/ServerTransportFilter.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/ServerTransportFilter.java
similarity index 85%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/ServerTransportFilter.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/ServerTransportFilter.java
index 4fa06c75a59..c4e3b461c07 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/ServerTransportFilter.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/ServerTransportFilter.java
@@ -3,16 +3,16 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport;
+package org.elasticsearch.xpack.security.transport;
 
 import org.elasticsearch.common.logging.ESLogger;
 import org.elasticsearch.common.logging.Loggers;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.authc.Authentication;
-import org.elasticsearch.shield.action.ShieldActionMapper;
-import org.elasticsearch.shield.authc.AuthenticationService;
-import org.elasticsearch.shield.authc.pki.PkiRealm;
-import org.elasticsearch.shield.authz.AuthorizationService;
+import org.elasticsearch.xpack.security.authc.Authentication;
+import org.elasticsearch.xpack.security.action.SecurityActionMapper;
+import org.elasticsearch.xpack.security.authc.AuthenticationService;
+import org.elasticsearch.xpack.security.authc.pki.PkiRealm;
+import org.elasticsearch.xpack.security.authz.AuthorizationService;
 import org.elasticsearch.transport.DelegatingTransportChannel;
 import org.elasticsearch.transport.TransportChannel;
 import org.elasticsearch.transport.TransportRequest;
@@ -25,11 +25,11 @@ import java.io.IOException;
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
 
-import static org.elasticsearch.shield.support.Exceptions.authenticationError;
+import static org.elasticsearch.xpack.security.support.Exceptions.authenticationError;
 
 /**
  * This interface allows to intercept messages as they come in and execute logic
- * This is used in SHIELD to execute the authentication/authorization on incoming
+ * This is used in x-pack security to execute the authentication/authorization on incoming
  * messages.
  * Note that this filter only applies for nodes, but not for clients.
  */
@@ -51,12 +51,12 @@ public interface ServerTransportFilter {
 
         private final AuthenticationService authcService;
         private final AuthorizationService authzService;
-        private final ShieldActionMapper actionMapper;
+        private final SecurityActionMapper actionMapper;
         private final ThreadContext threadContext;
         private final boolean extractClientCert;
 
         public NodeProfile(AuthenticationService authcService, AuthorizationService authzService,
-                           ShieldActionMapper actionMapper, ThreadContext threadContext, boolean extractClientCert) {
+                           SecurityActionMapper actionMapper, ThreadContext threadContext, boolean extractClientCert) {
             this.authcService = authcService;
             this.authzService = authzService;
             this.actionMapper = actionMapper;
@@ -74,7 +74,7 @@ public interface ServerTransportFilter {
              from all the nodes are attached with a user (either a serialize user
              an authentication token
              */
-            String shieldAction = actionMapper.action(action, request);
+            String securityAction = actionMapper.action(action, request);
 
             TransportChannel unwrappedChannel = transportChannel;
             while (unwrappedChannel instanceof DelegatingTransportChannel) {
@@ -101,8 +101,8 @@ public interface ServerTransportFilter {
                 }
             }
 
-            Authentication authentication = authcService.authenticate(shieldAction, request, null);
-            authzService.authorize(authentication, shieldAction, request);
+            Authentication authentication = authcService.authenticate(securityAction, request, null);
+            authzService.authorize(authentication, securityAction, request);
         }
     }
 
@@ -115,7 +115,7 @@ public interface ServerTransportFilter {
     class ClientProfile extends NodeProfile {
 
         public ClientProfile(AuthenticationService authcService, AuthorizationService authzService,
-                             ShieldActionMapper actionMapper, ThreadContext threadContext, boolean extractClientCert) {
+                             SecurityActionMapper actionMapper, ThreadContext threadContext, boolean extractClientCert) {
             super(authcService, authzService, actionMapper, threadContext, extractClientCert);
         }
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/filter/IPFilter.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/filter/IPFilter.java
similarity index 91%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/filter/IPFilter.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/filter/IPFilter.java
index ee1724b0f63..1c6de4c1433 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/filter/IPFilter.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/filter/IPFilter.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport.filter;
+package org.elasticsearch.xpack.security.transport.filter;
 
 
 import org.apache.lucene.util.SetOnce;
@@ -14,11 +14,10 @@ import org.elasticsearch.common.settings.ClusterSettings;
 import org.elasticsearch.common.settings.Setting;
 import org.elasticsearch.common.settings.Setting.Property;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.common.settings.SettingsModule;
 import org.elasticsearch.common.transport.BoundTransportAddress;
 import org.elasticsearch.common.transport.TransportAddress;
-import org.elasticsearch.shield.audit.AuditTrail;
-import org.elasticsearch.shield.SecurityLicenseState;
+import org.elasticsearch.xpack.security.audit.AuditTrail;
+import org.elasticsearch.xpack.security.SecurityLicenseState;
 import org.elasticsearch.transport.TransportSettings;
 
 import java.net.InetAddress;
@@ -31,7 +30,7 @@ import java.util.Map;
 import java.util.function.Function;
 
 import static java.util.Collections.unmodifiableMap;
-import static org.elasticsearch.shield.Security.setting;
+import static org.elasticsearch.xpack.security.Security.setting;
 
 public class IPFilter {
 
@@ -71,7 +70,7 @@ public class IPFilter {
             HTTP_FILTER_DENY_FALLBACK, Function.identity(), Property.Dynamic, Property.NodeScope);
 
 
-    public static final ShieldIpFilterRule DEFAULT_PROFILE_ACCEPT_ALL = new ShieldIpFilterRule(true, "default:accept_all") {
+    public static final SecurityIpFilterRule DEFAULT_PROFILE_ACCEPT_ALL = new SecurityIpFilterRule(true, "default:accept_all") {
         @Override
         public boolean contains(InetAddress inetAddress) {
             return true;
@@ -93,7 +92,7 @@ public class IPFilter {
     private final boolean alwaysAllowBoundAddresses;
 
     private final ESLogger logger;
-    private volatile Map<String, ShieldIpFilterRule[]> rules = Collections.emptyMap();
+    private volatile Map<String, SecurityIpFilterRule[]> rules = Collections.emptyMap();
     private volatile boolean isIpFilterEnabled;
     private volatile boolean isHttpFilterEnabled;
     private volatile Map<String, Settings> transportGroups;
@@ -176,7 +175,7 @@ public class IPFilter {
             return true;
         }
 
-        for (ShieldIpFilterRule rule : rules.get(profile)) {
+        for (SecurityIpFilterRule rule : rules.get(profile)) {
             if (rule.contains(peerAddress)) {
                 boolean isAllowed = rule.isAllowRule();
                 if (isAllowed) {
@@ -196,9 +195,9 @@ public class IPFilter {
         this.rules = parseSettings();
     }
 
-    private Map<String, ShieldIpFilterRule[]> parseSettings() {
+    private Map<String, SecurityIpFilterRule[]> parseSettings() {
         if (isIpFilterEnabled || isHttpFilterEnabled) {
-            Map<String, ShieldIpFilterRule[]> profileRules = new HashMap<>();
+            Map<String, SecurityIpFilterRule[]> profileRules = new HashMap<>();
             if (isHttpFilterEnabled && boundHttpTransportAddress.get() != null) {
                 TransportAddress[] localAddresses = boundHttpTransportAddress.get().boundAddresses();
                 profileRules.put(HTTP_PROFILE_NAME, createRules(httpAllowFilter, httpDenyFilter, localAddresses));
@@ -229,23 +228,23 @@ public class IPFilter {
 
     }
 
-    private ShieldIpFilterRule[] createRules(List<String> allow, List<String> deny, TransportAddress[] boundAddresses) {
-        List<ShieldIpFilterRule> rules = new ArrayList<>();
+    private SecurityIpFilterRule[] createRules(List<String> allow, List<String> deny, TransportAddress[] boundAddresses) {
+        List<SecurityIpFilterRule> rules = new ArrayList<>();
         // if we are always going to allow the bound addresses, then the rule for them should be the first rule in the list
         if (alwaysAllowBoundAddresses) {
             assert boundAddresses != null && boundAddresses.length > 0;
-            rules.add(new ShieldIpFilterRule(true, boundAddresses));
+            rules.add(new SecurityIpFilterRule(true, boundAddresses));
         }
 
         // add all rules to the same list. Allow takes precedence so they must come first!
         for (String value : allow) {
-            rules.add(new ShieldIpFilterRule(true, value));
+            rules.add(new SecurityIpFilterRule(true, value));
         }
         for (String value : deny) {
-            rules.add(new ShieldIpFilterRule(false, value));
+            rules.add(new SecurityIpFilterRule(false, value));
         }
 
-        return rules.toArray(new ShieldIpFilterRule[rules.size()]);
+        return rules.toArray(new SecurityIpFilterRule[rules.size()]);
     }
 
     public void setBoundTransportAddress(BoundTransportAddress boundTransportAddress,
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/filter/ShieldIpFilterRule.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/filter/SecurityIpFilterRule.java
similarity index 89%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/filter/ShieldIpFilterRule.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/filter/SecurityIpFilterRule.java
index 642cc661812..d6d26be45be 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/filter/ShieldIpFilterRule.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/filter/SecurityIpFilterRule.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport.filter;
+package org.elasticsearch.xpack.security.transport.filter;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.common.network.InetAddresses;
@@ -22,9 +22,9 @@ import java.util.Arrays;
  * decorator class to have a useful toString() method for an IpFilterRule
  * as this is needed for audit logging
  */
-public class ShieldIpFilterRule implements IpFilterRule {
+public class SecurityIpFilterRule implements IpFilterRule {
 
-    public static final ShieldIpFilterRule ACCEPT_ALL = new ShieldIpFilterRule(true, "accept_all") {
+    public static final SecurityIpFilterRule ACCEPT_ALL = new SecurityIpFilterRule(true, "accept_all") {
         @Override
         public boolean contains(InetAddress inetAddress) {
             return true;
@@ -41,7 +41,7 @@ public class ShieldIpFilterRule implements IpFilterRule {
         }
     };
 
-    public static final ShieldIpFilterRule DENY_ALL = new ShieldIpFilterRule(true, "deny_all") {
+    public static final SecurityIpFilterRule DENY_ALL = new SecurityIpFilterRule(true, "deny_all") {
 
         @Override
         public boolean contains(InetAddress inetAddress) {
@@ -62,12 +62,12 @@ public class ShieldIpFilterRule implements IpFilterRule {
     private final IpFilterRule ipFilterRule;
     private final String ruleSpec;
 
-    public ShieldIpFilterRule(boolean isAllowRule, String ruleSpec) {
+    public SecurityIpFilterRule(boolean isAllowRule, String ruleSpec) {
         this.ipFilterRule = getRule(isAllowRule, ruleSpec);
         this.ruleSpec = ruleSpec;
     }
 
-    ShieldIpFilterRule(boolean isAllowRule, TransportAddress... addresses) {
+    SecurityIpFilterRule(boolean isAllowRule, TransportAddress... addresses) {
         this.ruleSpec = getRuleSpec(addresses);
         this.ipFilterRule = getRule(isAllowRule, ruleSpec);
     }
@@ -119,7 +119,7 @@ public class ShieldIpFilterRule implements IpFilterRule {
                 return new IpSubnetFilterRule(isAllowRule, value);
             } catch (UnknownHostException e) {
                 String ruleType = (isAllowRule ? "allow " : "deny ");
-                throw new ElasticsearchException("unable to create shield filter for rule [" + ruleType + " " + value + "]", e);
+                throw new ElasticsearchException("unable to create ip filter for rule [" + ruleType + " " + value + "]", e);
             }
         }
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/HandshakeWaitingHandler.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty/HandshakeWaitingHandler.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/HandshakeWaitingHandler.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty/HandshakeWaitingHandler.java
index f0f8f792f64..c1ffc1fe1a1 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/HandshakeWaitingHandler.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty/HandshakeWaitingHandler.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport.netty;
+package org.elasticsearch.xpack.security.transport.netty;
 
 import org.elasticsearch.common.logging.ESLogger;
 import org.jboss.netty.channel.ChannelFuture;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/IPFilterNettyUpstreamHandler.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty/IPFilterNettyUpstreamHandler.java
similarity index 90%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/IPFilterNettyUpstreamHandler.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty/IPFilterNettyUpstreamHandler.java
index 1149c72cb35..86cadb1e189 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/IPFilterNettyUpstreamHandler.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty/IPFilterNettyUpstreamHandler.java
@@ -3,9 +3,9 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport.netty;
+package org.elasticsearch.xpack.security.transport.netty;
 
-import org.elasticsearch.shield.transport.filter.IPFilter;
+import org.elasticsearch.xpack.security.transport.filter.IPFilter;
 import org.jboss.netty.channel.ChannelEvent;
 import org.jboss.netty.channel.ChannelHandler;
 import org.jboss.netty.channel.ChannelHandlerContext;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransport.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty/SecurityNettyHttpServerTransport.java
similarity index 84%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransport.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty/SecurityNettyHttpServerTransport.java
index 51545e62a75..bf76ed25999 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransport.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty/SecurityNettyHttpServerTransport.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport.netty;
+package org.elasticsearch.xpack.security.transport.netty;
 
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.network.NetworkService;
@@ -13,10 +13,10 @@ import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.settings.SettingsModule;
 import org.elasticsearch.common.util.BigArrays;
 import org.elasticsearch.http.netty.NettyHttpServerTransport;
-import org.elasticsearch.shield.ssl.SSLConfiguration.Global;
-import org.elasticsearch.shield.ssl.ServerSSLService;
-import org.elasticsearch.shield.transport.SSLClientAuth;
-import org.elasticsearch.shield.transport.filter.IPFilter;
+import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global;
+import org.elasticsearch.xpack.security.ssl.ServerSSLService;
+import org.elasticsearch.xpack.security.transport.SSLClientAuth;
+import org.elasticsearch.xpack.security.transport.filter.IPFilter;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.jboss.netty.channel.ChannelHandlerContext;
 import org.jboss.netty.channel.ChannelPipeline;
@@ -30,14 +30,14 @@ import java.util.Collections;
 import java.util.List;
 
 import static org.elasticsearch.http.HttpTransportSettings.SETTING_HTTP_COMPRESSION;
-import static org.elasticsearch.shield.Security.setting;
-import static org.elasticsearch.shield.transport.SSLExceptionHelper.isCloseDuringHandshakeException;
-import static org.elasticsearch.shield.transport.SSLExceptionHelper.isNotSslRecordException;
+import static org.elasticsearch.xpack.security.Security.setting;
+import static org.elasticsearch.xpack.security.transport.SSLExceptionHelper.isCloseDuringHandshakeException;
+import static org.elasticsearch.xpack.security.transport.SSLExceptionHelper.isNotSslRecordException;
 
 /**
  *
  */
-public class ShieldNettyHttpServerTransport extends NettyHttpServerTransport {
+public class SecurityNettyHttpServerTransport extends NettyHttpServerTransport {
 
     public static final boolean SSL_DEFAULT = false;
     public static final String CLIENT_AUTH_DEFAULT = SSLClientAuth.NO.name();
@@ -55,8 +55,8 @@ public class ShieldNettyHttpServerTransport extends NettyHttpServerTransport {
     private final Settings sslSettings;
 
     @Inject
-    public ShieldNettyHttpServerTransport(Settings settings, NetworkService networkService, BigArrays bigArrays, IPFilter ipFilter,
-                                          ServerSSLService sslService, ThreadPool threadPool) {
+    public SecurityNettyHttpServerTransport(Settings settings, NetworkService networkService, BigArrays bigArrays, IPFilter ipFilter,
+                                            ServerSSLService sslService, ThreadPool threadPool) {
         super(settings, networkService, bigArrays, threadPool);
         this.ipFilter = ipFilter;
         this.ssl = SSL_SETTING.get(settings);
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransport.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty/SecurityNettyTransport.java
similarity index 92%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransport.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty/SecurityNettyTransport.java
index 604c67d1f14..76cfb443b43 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransport.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty/SecurityNettyTransport.java
@@ -3,9 +3,8 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport.netty;
+package org.elasticsearch.xpack.security.transport.netty;
 
-import org.elasticsearch.Version;
 import org.elasticsearch.common.SuppressForbidden;
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.inject.internal.Nullable;
@@ -14,13 +13,12 @@ import org.elasticsearch.common.network.NetworkService;
 import org.elasticsearch.common.settings.Setting;
 import org.elasticsearch.common.settings.Setting.Property;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.common.settings.SettingsModule;
 import org.elasticsearch.common.util.BigArrays;
 import org.elasticsearch.indices.breaker.CircuitBreakerService;
-import org.elasticsearch.shield.ssl.ClientSSLService;
-import org.elasticsearch.shield.ssl.ServerSSLService;
-import org.elasticsearch.shield.transport.SSLClientAuth;
-import org.elasticsearch.shield.transport.filter.IPFilter;
+import org.elasticsearch.xpack.security.ssl.ClientSSLService;
+import org.elasticsearch.xpack.security.ssl.ServerSSLService;
+import org.elasticsearch.xpack.security.transport.SSLClientAuth;
+import org.elasticsearch.xpack.security.transport.filter.IPFilter;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.netty.NettyTransport;
 import org.jboss.netty.channel.ChannelHandlerContext;
@@ -36,16 +34,16 @@ import javax.net.ssl.SSLParameters;
 import java.net.InetSocketAddress;
 import java.util.List;
 
-import static org.elasticsearch.shield.Security.featureEnabledSetting;
-import static org.elasticsearch.shield.Security.setting;
-import static org.elasticsearch.shield.Security.settingPrefix;
-import static org.elasticsearch.shield.transport.SSLExceptionHelper.isCloseDuringHandshakeException;
-import static org.elasticsearch.shield.transport.SSLExceptionHelper.isNotSslRecordException;
+import static org.elasticsearch.xpack.security.Security.featureEnabledSetting;
+import static org.elasticsearch.xpack.security.Security.setting;
+import static org.elasticsearch.xpack.security.Security.settingPrefix;
+import static org.elasticsearch.xpack.security.transport.SSLExceptionHelper.isCloseDuringHandshakeException;
+import static org.elasticsearch.xpack.security.transport.SSLExceptionHelper.isNotSslRecordException;
 
 /**
  *
  */
-public class ShieldNettyTransport extends NettyTransport {
+public class SecurityNettyTransport extends NettyTransport {
 
     public static final String CLIENT_AUTH_DEFAULT = SSLClientAuth.REQUIRED.name();
     public static final boolean SSL_DEFAULT = false;
@@ -83,7 +81,7 @@ public class ShieldNettyTransport extends NettyTransport {
     private final boolean ssl;
 
     @Inject
-    public ShieldNettyTransport(Settings settings, ThreadPool threadPool, NetworkService networkService, BigArrays bigArrays,
+    public SecurityNettyTransport(Settings settings, ThreadPool threadPool, NetworkService networkService, BigArrays bigArrays,
                                 @Nullable IPFilter authenticator, @Nullable ServerSSLService serverSSLService,
                                 ClientSSLService clientSSLService, NamedWriteableRegistry namedWriteableRegistry,
                                 CircuitBreakerService circuitBreakerService) {
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/AnonymousUser.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/user/AnonymousUser.java
similarity index 94%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/AnonymousUser.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/user/AnonymousUser.java
index 55742e31f2b..505f76161db 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/AnonymousUser.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/user/AnonymousUser.java
@@ -3,20 +3,20 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.user;
+package org.elasticsearch.xpack.security.user;
 
 import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.settings.Setting;
 import org.elasticsearch.common.settings.Setting.Property;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.settings.SettingsModule;
-import org.elasticsearch.shield.user.User.ReservedUser;
+import org.elasticsearch.xpack.security.user.User.ReservedUser;
 
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 
-import static org.elasticsearch.shield.Security.setting;
+import static org.elasticsearch.xpack.security.Security.setting;
 
 /**
  * The user object for the anonymous user. This class needs to be instantiated with the <code>initialize</code> method since the values
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/ElasticUser.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/user/ElasticUser.java
similarity index 85%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/ElasticUser.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/user/ElasticUser.java
index 9cd0840fb18..6f99a7cb493 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/ElasticUser.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/user/ElasticUser.java
@@ -3,10 +3,10 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.user;
+package org.elasticsearch.xpack.security.user;
 
-import org.elasticsearch.shield.authz.permission.SuperuserRole;
-import org.elasticsearch.shield.user.User.ReservedUser;
+import org.elasticsearch.xpack.security.authz.permission.SuperuserRole;
+import org.elasticsearch.xpack.security.user.User.ReservedUser;
 
 /**
  * The reserved {@code elastic} superuser. As full permission/access to the cluster/indices and can
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/KibanaUser.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/user/KibanaUser.java
similarity index 81%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/KibanaUser.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/user/KibanaUser.java
index 99a8f2cc88e..4a462e7acee 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/KibanaUser.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/user/KibanaUser.java
@@ -3,10 +3,10 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.user;
+package org.elasticsearch.xpack.security.user;
 
-import org.elasticsearch.shield.authz.permission.KibanaRole;
-import org.elasticsearch.shield.user.User.ReservedUser;
+import org.elasticsearch.xpack.security.authz.permission.KibanaRole;
+import org.elasticsearch.xpack.security.user.User.ReservedUser;
 
 /**
  *
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/SystemUser.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/user/SystemUser.java
similarity index 80%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/SystemUser.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/user/SystemUser.java
index 2f2ed7a6c80..c571b8dabd1 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/SystemUser.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/user/SystemUser.java
@@ -3,16 +3,14 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.user;
+package org.elasticsearch.xpack.security.user;
 
-import org.elasticsearch.shield.authz.privilege.SystemPrivilege;
+import org.elasticsearch.xpack.security.authz.privilege.SystemPrivilege;
 
 import java.util.function.Predicate;
 
 /**
- * Shield internal user that manages the {@code .shield}
- * index. Has permission to monitor the cluster as well as all actions that deal
- * with the shield admin index.
+ * Internal user that is applied to all requests made elasticsearch itself
  */
 public class SystemUser extends User {
 
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/User.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/user/User.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/User.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/user/User.java
index 9818e745421..57bdd982d15 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/User.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/user/User.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.user;
+package org.elasticsearch.xpack.security.user;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.common.ParseField;
@@ -13,7 +13,7 @@ import org.elasticsearch.common.io.stream.StreamInput;
 import org.elasticsearch.common.io.stream.StreamOutput;
 import org.elasticsearch.common.xcontent.ToXContent;
 import org.elasticsearch.common.xcontent.XContentBuilder;
-import org.elasticsearch.shield.authc.esnative.ReservedRealm;
+import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm;
 
 
 import java.io.IOException;
diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/XPackUser.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/user/XPackUser.java
similarity index 80%
rename from elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/XPackUser.java
rename to elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/user/XPackUser.java
index 059eb454f30..42006c30828 100644
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/XPackUser.java
+++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/user/XPackUser.java
@@ -3,14 +3,13 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.user;
+package org.elasticsearch.xpack.security.user;
 
-import org.elasticsearch.shield.authz.permission.SuperuserRole;
-import org.elasticsearch.shield.user.User.ReservedUser;
+import org.elasticsearch.xpack.security.authz.permission.SuperuserRole;
+import org.elasticsearch.xpack.security.user.User.ReservedUser;
 
 /**
- * XPack internal user that manages xpack. Has all cluster/indices permissions for watcher,
- * shield and monitoring to operate.
+ * XPack internal user that manages xpack. Has all cluster/indices permissions for x-pack to operate.
  */
 public class XPackUser extends User {
 
diff --git a/elasticsearch/x-pack/shield/src/main/resources/org/elasticsearch/shield/crypto/tool/syskey-generate.help b/elasticsearch/x-pack/security/src/main/resources/org/elasticsearch/xpack/security/crypto/tool/syskey-generate.help
similarity index 86%
rename from elasticsearch/x-pack/shield/src/main/resources/org/elasticsearch/shield/crypto/tool/syskey-generate.help
rename to elasticsearch/x-pack/security/src/main/resources/org/elasticsearch/xpack/security/crypto/tool/syskey-generate.help
index c4dc6c228e9..f754cf0ea30 100644
--- a/elasticsearch/x-pack/shield/src/main/resources/org/elasticsearch/shield/crypto/tool/syskey-generate.help
+++ b/elasticsearch/x-pack/security/src/main/resources/org/elasticsearch/xpack/security/crypto/tool/syskey-generate.help
@@ -10,7 +10,7 @@ DESCRIPTION
 
     Generates the system key and stores in the system_key file. By default
     it will be stored in 'config/x-pack/system_key' file. If the file location
-    is customized in the elasticsearch.yml (under the 'shield.system_key.file'
+    is customized in the elasticsearch.yml (under the 'xpack.security.system_key.file'
     setting), the generated key will be stored in that custom location.
 
     It is also possible to pass the file location (where the key will be stored)
diff --git a/elasticsearch/x-pack/shield/src/main/resources/security-index-template.json b/elasticsearch/x-pack/security/src/main/resources/security-index-template.json
similarity index 100%
rename from elasticsearch/x-pack/shield/src/main/resources/security-index-template.json
rename to elasticsearch/x-pack/security/src/main/resources/security-index-template.json
diff --git a/elasticsearch/x-pack/shield/src/main/resources/shield_audit_log.json b/elasticsearch/x-pack/security/src/main/resources/security_audit_log.json
similarity index 97%
rename from elasticsearch/x-pack/shield/src/main/resources/shield_audit_log.json
rename to elasticsearch/x-pack/security/src/main/resources/security_audit_log.json
index cb7f86602c8..940cc7d9c5c 100644
--- a/elasticsearch/x-pack/shield/src/main/resources/shield_audit_log.json
+++ b/elasticsearch/x-pack/security/src/main/resources/security_audit_log.json
@@ -1,5 +1,5 @@
 {
-  "template": ".shield_audit_log*",
+  "template": ".security_audit_log*",
   "order": 2147483647,
   "settings": {
     "index.mapper.dynamic" : false
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/bench/HasherBenchmark.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/bench/HasherBenchmark.java
similarity index 95%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/bench/HasherBenchmark.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/bench/HasherBenchmark.java
index 3400aba7d1f..eb04e7b0b4d 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/bench/HasherBenchmark.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/bench/HasherBenchmark.java
@@ -11,8 +11,8 @@ import com.carrotsearch.randomizedtesting.generators.RandomStrings;
 import org.elasticsearch.common.SuppressForbidden;
 import org.elasticsearch.common.metrics.MeanMetric;
 import org.elasticsearch.common.unit.TimeValue;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
 
 @SuppressForbidden(reason = "benchmark")
 public class HasherBenchmark {
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/http/netty/NettyHttpMockUtil.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/http/netty/NettyHttpMockUtil.java
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/http/netty/NettyHttpMockUtil.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/http/netty/NettyHttpMockUtil.java
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/AbstractPrivilegeTestCase.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/AbstractPrivilegeTestCase.java
similarity index 92%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/AbstractPrivilegeTestCase.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/AbstractPrivilegeTestCase.java
index efc3f2109cd..2b98af55f07 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/AbstractPrivilegeTestCase.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/AbstractPrivilegeTestCase.java
@@ -8,10 +8,10 @@ package org.elasticsearch.integration;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClients;
 import org.elasticsearch.http.HttpServerTransport;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
-import org.elasticsearch.test.ShieldIntegTestCase;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
+import org.elasticsearch.test.SecurityIntegTestCase;
 import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
 import org.elasticsearch.test.rest.client.http.HttpResponse;
 import org.junit.After;
@@ -28,7 +28,7 @@ import static org.hamcrest.Matchers.not;
 /**
  * a helper class that contains a couple of HTTP helper methods
  */
-public abstract class AbstractPrivilegeTestCase extends ShieldIntegTestCase {
+public abstract class AbstractPrivilegeTestCase extends SecurityIntegTestCase {
 
     protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("passwd".toCharArray())));
 
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/BulkUpdateTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/BulkUpdateTests.java
similarity index 91%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/BulkUpdateTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/BulkUpdateTests.java
index 4c0f825a143..4114e171200 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/BulkUpdateTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/BulkUpdateTests.java
@@ -10,11 +10,11 @@ import org.elasticsearch.action.get.GetResponse;
 import org.elasticsearch.action.update.UpdateResponse;
 import org.elasticsearch.common.network.NetworkModule;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
-import org.elasticsearch.test.ShieldIntegTestCase;
-import org.elasticsearch.test.ShieldSettingsSource;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
+import org.elasticsearch.test.SecurityIntegTestCase;
+import org.elasticsearch.test.SecuritySettingsSource;
 import org.elasticsearch.test.rest.client.http.HttpResponse;
 import org.elasticsearch.xpack.XPackPlugin;
 
@@ -24,7 +24,7 @@ import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.is;
 
-public class BulkUpdateTests extends ShieldIntegTestCase {
+public class BulkUpdateTests extends SecurityIntegTestCase {
 
     @Override
     public Settings nodeSettings(int nodeOrdinal) {
@@ -69,8 +69,8 @@ public class BulkUpdateTests extends ShieldIntegTestCase {
 
     public void testThatBulkUpdateDoesNotLoseFieldsHttp() throws IOException {
         final String path = "/index1/type/1";
-        final String basicAuthHeader = UsernamePasswordToken.basicAuthHeaderValue(ShieldSettingsSource.DEFAULT_USER_NAME,
-                new SecuredString(ShieldSettingsSource.DEFAULT_PASSWORD.toCharArray()));
+        final String basicAuthHeader = UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
+                new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()));
 
         httpClient().path(path).addHeader("Authorization", basicAuthHeader).method("PUT").body("{\"test\":\"test\"}").execute();
         HttpResponse response = httpClient().path(path).addHeader("Authorization", basicAuthHeader).method("GET").execute();
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java
similarity index 89%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java
index 303b3e90ca0..aacc4444afd 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java
@@ -12,18 +12,18 @@ import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.network.NetworkModule;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.http.HttpServerTransport;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.action.realm.ClearRealmCacheRequest;
-import org.elasticsearch.shield.action.realm.ClearRealmCacheResponse;
-import org.elasticsearch.shield.authc.Realm;
-import org.elasticsearch.shield.authc.Realms;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.SecuredStringTests;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
-import org.elasticsearch.shield.client.SecurityClient;
-import org.elasticsearch.test.ShieldIntegTestCase;
-import org.elasticsearch.test.ShieldSettingsSource;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.action.realm.ClearRealmCacheRequest;
+import org.elasticsearch.xpack.security.action.realm.ClearRealmCacheResponse;
+import org.elasticsearch.xpack.security.authc.Realm;
+import org.elasticsearch.xpack.security.authc.Realms;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredStringTests;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
+import org.elasticsearch.xpack.security.client.SecurityClient;
+import org.elasticsearch.test.SecurityIntegTestCase;
+import org.elasticsearch.test.SecuritySettingsSource;
 import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
 import org.elasticsearch.test.rest.client.http.HttpResponse;
 import org.junit.BeforeClass;
@@ -47,7 +47,7 @@ import static org.hamcrest.Matchers.sameInstance;
 /**
  *
  */
-public class ClearRealmsCacheTests extends ShieldIntegTestCase {
+public class ClearRealmsCacheTests extends SecurityIntegTestCase {
     private static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("passwd".toCharArray())));
 
     private static String[] usernames;
@@ -177,8 +177,8 @@ public class ClearRealmsCacheTests extends ShieldIntegTestCase {
                     requestBuilder.addParam(entry.getKey(), entry.getValue());
                 }
                 requestBuilder.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
-                        UsernamePasswordToken.basicAuthHeaderValue(ShieldSettingsSource.DEFAULT_USER_NAME,
-                                new SecuredString(ShieldSettingsSource.DEFAULT_PASSWORD.toCharArray())));
+                        UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
+                                new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())));
                 HttpResponse response = requestBuilder.execute();
                 assertThat(response.hasBody(), is(true));
                 String body = response.getBody();
@@ -201,14 +201,14 @@ public class ClearRealmsCacheTests extends ShieldIntegTestCase {
 
     @Override
     protected String configRoles() {
-        return ShieldSettingsSource.CONFIG_ROLE_ALLOW_ALL + "\n" +
+        return SecuritySettingsSource.CONFIG_ROLE_ALLOW_ALL + "\n" +
                 "r1:\n" +
                 "  cluster: all\n";
     }
 
     @Override
     protected String configUsers() {
-        StringBuilder builder = new StringBuilder(ShieldSettingsSource.CONFIG_STANDARD_USER);
+        StringBuilder builder = new StringBuilder(SecuritySettingsSource.CONFIG_STANDARD_USER);
         for (String username : usernames) {
             builder.append(username).append(":").append(USERS_PASSWD_HASHED).append("\n");
         }
@@ -217,7 +217,7 @@ public class ClearRealmsCacheTests extends ShieldIntegTestCase {
 
     @Override
     protected String configUsersRoles() {
-        return ShieldSettingsSource.CONFIG_STANDARD_USER_ROLES +
+        return SecuritySettingsSource.CONFIG_STANDARD_USER_ROLES +
                 "r1:" + Strings.arrayToCommaDelimitedString(usernames);
     }
 
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ClearRolesCacheTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ClearRolesCacheTests.java
similarity index 87%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ClearRolesCacheTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ClearRolesCacheTests.java
index c2790d94f18..bec5a581aa3 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ClearRolesCacheTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ClearRolesCacheTests.java
@@ -13,16 +13,16 @@ import org.elasticsearch.common.network.NetworkModule;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.unit.TimeValue;
 import org.elasticsearch.rest.RestStatus;
-import org.elasticsearch.shield.ShieldTemplateService;
-import org.elasticsearch.shield.action.role.GetRolesResponse;
-import org.elasticsearch.shield.action.role.PutRoleResponse;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
-import org.elasticsearch.shield.authz.RoleDescriptor;
-import org.elasticsearch.shield.authz.store.NativeRolesStore;
-import org.elasticsearch.shield.client.SecurityClient;
+import org.elasticsearch.xpack.security.SecurityTemplateService;
+import org.elasticsearch.xpack.security.action.role.GetRolesResponse;
+import org.elasticsearch.xpack.security.action.role.PutRoleResponse;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
+import org.elasticsearch.xpack.security.authz.RoleDescriptor;
+import org.elasticsearch.xpack.security.authz.store.NativeRolesStore;
+import org.elasticsearch.xpack.security.client.SecurityClient;
 import org.elasticsearch.test.NativeRealmIntegTestCase;
-import org.elasticsearch.test.ShieldSettingsSource;
+import org.elasticsearch.test.SecuritySettingsSource;
 import org.elasticsearch.test.rest.client.http.HttpResponse;
 import org.junit.Before;
 import org.junit.BeforeClass;
@@ -38,7 +38,7 @@ import static org.hamcrest.Matchers.notNullValue;
 
 
 /**
- * Test for the Shield clear roles API that changes the polling aspect of shield to only run once an hour in order to
+ * Test for the clear roles API that changes the polling aspect of security to only run once an hour in order to
  * test the cache clearing APIs.
  */
 public class ClearRolesCacheTests extends NativeRealmIntegTestCase {
@@ -65,7 +65,7 @@ public class ClearRolesCacheTests extends NativeRealmIntegTestCase {
             logger.debug("--> created role [{}]", role);
         }
 
-        ensureGreen(ShieldTemplateService.SECURITY_INDEX_NAME);
+        ensureGreen(SecurityTemplateService.SECURITY_INDEX_NAME);
 
         // warm up the caches on every node
         for (NativeRolesStore rolesStore : internalCluster().getInstances(NativeRolesStore.class)) {
@@ -113,7 +113,7 @@ public class ClearRolesCacheTests extends NativeRealmIntegTestCase {
         logger.debug("--> modifying roles {} to have run_as", toModify);
         final boolean refresh = randomBoolean();
         for (String role : toModify) {
-            UpdateResponse response = internalClient().prepareUpdate().setId(role).setIndex(ShieldTemplateService.SECURITY_INDEX_NAME)
+            UpdateResponse response = internalClient().prepareUpdate().setId(role).setIndex(SecurityTemplateService.SECURITY_INDEX_NAME)
                     .setType(NativeRolesStore.ROLE_DOC_TYPE)
                     .setDoc("run_as", new String[] { role })
                     .setRefreshPolicy(refresh ? IMMEDIATE : NONE)
@@ -138,8 +138,8 @@ public class ClearRolesCacheTests extends NativeRealmIntegTestCase {
             }
             HttpResponse response = httpClient().path(path).method("POST")
                     .addHeader("Authorization",
-                            UsernamePasswordToken.basicAuthHeaderValue(ShieldSettingsSource.DEFAULT_USER_NAME,
-                                    new SecuredString(ShieldSettingsSource.DEFAULT_PASSWORD.toCharArray())))
+                            UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
+                                    new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())))
                     .execute();
             assertThat(response.getStatusCode(), is(RestStatus.OK.getStatus()));
         } else {
@@ -158,7 +158,7 @@ public class ClearRolesCacheTests extends NativeRealmIntegTestCase {
         logger.debug("--> deleting role [{}]", role);
         final boolean refresh = randomBoolean();
         DeleteResponse response = internalClient()
-                .prepareDelete(ShieldTemplateService.SECURITY_INDEX_NAME, NativeRolesStore.ROLE_DOC_TYPE, role)
+                .prepareDelete(SecurityTemplateService.SECURITY_INDEX_NAME, NativeRolesStore.ROLE_DOC_TYPE, role)
                 .setRefreshPolicy(refresh ? IMMEDIATE : NONE)
                 .get();
         assertThat(response.isFound(), is(true));
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ClusterPrivilegeTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ClusterPrivilegeTests.java
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ClusterPrivilegeTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ClusterPrivilegeTests.java
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DateMathExpressionIntegTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/DateMathExpressionIntegTests.java
similarity index 93%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DateMathExpressionIntegTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/DateMathExpressionIntegTests.java
index 36f8ff1083a..2f2003db155 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DateMathExpressionIntegTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/DateMathExpressionIntegTests.java
@@ -17,19 +17,19 @@ import org.elasticsearch.client.Client;
 import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.index.query.QueryBuilders;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.test.ShieldIntegTestCase;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.test.SecurityIntegTestCase;
 
 import java.util.Collections;
 
 import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
 import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.NONE;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.is;
 
-public class DateMathExpressionIntegTests extends ShieldIntegTestCase {
+public class DateMathExpressionIntegTests extends SecurityIntegTestCase {
 
     protected static final SecuredString USERS_PASSWD = new SecuredString("change_me".toCharArray());
     protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(USERS_PASSWD));
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentAndFieldLevelSecurityTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/DocumentAndFieldLevelSecurityTests.java
similarity index 94%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentAndFieldLevelSecurityTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/DocumentAndFieldLevelSecurityTests.java
index 8869367b79f..b5e963aeb65 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentAndFieldLevelSecurityTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/DocumentAndFieldLevelSecurityTests.java
@@ -9,17 +9,17 @@ import org.elasticsearch.action.search.SearchResponse;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.index.IndexModule;
 import org.elasticsearch.search.sort.SortOrder;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.test.ShieldIntegTestCase;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.test.SecurityIntegTestCase;
 import org.elasticsearch.xpack.XPackPlugin;
 
 import java.util.Collections;
 
 import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
 import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertHitCount;
 import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertSearchHits;
@@ -27,7 +27,7 @@ import static org.hamcrest.Matchers.equalTo;
 
 /**
  */
-public class DocumentAndFieldLevelSecurityTests extends ShieldIntegTestCase {
+public class DocumentAndFieldLevelSecurityTests extends SecurityIntegTestCase {
 
     protected static final SecuredString USERS_PASSWD = new SecuredString("change_me".toCharArray());
     protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(USERS_PASSWD));
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityRandomTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityRandomTests.java
similarity index 90%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityRandomTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityRandomTests.java
index 8e160da372d..c449475cc56 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityRandomTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityRandomTests.java
@@ -10,24 +10,24 @@ import org.elasticsearch.action.index.IndexRequestBuilder;
 import org.elasticsearch.action.search.SearchResponse;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.index.query.QueryBuilders;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.test.ShieldIntegTestCase;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.test.SecurityIntegTestCase;
 import org.elasticsearch.xpack.XPackPlugin;
 
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
 import static org.hamcrest.Matchers.equalTo;
 
 /**
  */
-public class DocumentLevelSecurityRandomTests extends ShieldIntegTestCase {
+public class DocumentLevelSecurityRandomTests extends SecurityIntegTestCase {
 
     protected static final SecuredString USERS_PASSWD = new SecuredString("change_me".toCharArray());
     protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("change_me".toCharArray())));
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityTests.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityTests.java
index f2fd3632f5a..0a9b368029b 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityTests.java
@@ -25,10 +25,10 @@ import org.elasticsearch.search.aggregations.bucket.children.Children;
 import org.elasticsearch.search.aggregations.bucket.global.Global;
 import org.elasticsearch.search.aggregations.bucket.terms.Terms;
 import org.elasticsearch.search.sort.SortOrder;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.test.ShieldIntegTestCase;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.test.SecurityIntegTestCase;
 import org.elasticsearch.xpack.XPackPlugin;
 
 import java.util.Collections;
@@ -38,8 +38,8 @@ import static org.elasticsearch.index.query.QueryBuilders.hasChildQuery;
 import static org.elasticsearch.index.query.QueryBuilders.hasParentQuery;
 import static org.elasticsearch.index.query.QueryBuilders.matchAllQuery;
 import static org.elasticsearch.index.query.QueryBuilders.termQuery;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
 import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertHitCount;
 import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFailures;
@@ -49,7 +49,7 @@ import static org.hamcrest.Matchers.is;
 
 /**
  */
-public class DocumentLevelSecurityTests extends ShieldIntegTestCase {
+public class DocumentLevelSecurityTests extends SecurityIntegTestCase {
 
     protected static final SecuredString USERS_PASSWD = new SecuredString("change_me".toCharArray());
     protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(USERS_PASSWD));
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityRandomTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/FieldLevelSecurityRandomTests.java
similarity index 95%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityRandomTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/FieldLevelSecurityRandomTests.java
index 541bb73623f..5d3e27d21f3 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityRandomTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/FieldLevelSecurityRandomTests.java
@@ -10,10 +10,10 @@ import org.elasticsearch.action.search.SearchResponse;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.index.query.QueryBuilders;
 import org.elasticsearch.search.sort.SortOrder;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.test.ShieldIntegTestCase;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.test.SecurityIntegTestCase;
 import org.elasticsearch.xpack.XPackPlugin;
 
 import java.util.ArrayList;
@@ -26,13 +26,13 @@ import java.util.Set;
 
 import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
 import static org.elasticsearch.index.query.QueryBuilders.matchQuery;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
 import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertHitCount;
 import static org.hamcrest.Matchers.equalTo;
 
-public class FieldLevelSecurityRandomTests extends ShieldIntegTestCase {
+public class FieldLevelSecurityRandomTests extends SecurityIntegTestCase {
 
     protected static final SecuredString USERS_PASSWD = new SecuredString("change_me".toCharArray());
     protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("change_me".toCharArray())));
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/FieldLevelSecurityTests.java
similarity index 99%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/FieldLevelSecurityTests.java
index 64c9a08bdbe..20569ae8b68 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/FieldLevelSecurityTests.java
@@ -23,11 +23,11 @@ import org.elasticsearch.rest.RestStatus;
 import org.elasticsearch.search.aggregations.AggregationBuilders;
 import org.elasticsearch.search.aggregations.bucket.terms.Terms;
 import org.elasticsearch.search.sort.SortOrder;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
 import org.elasticsearch.test.ESIntegTestCase;
-import org.elasticsearch.test.ShieldIntegTestCase;
+import org.elasticsearch.test.SecurityIntegTestCase;
 import org.elasticsearch.xpack.XPackPlugin;
 
 import java.util.Collections;
@@ -38,8 +38,8 @@ import static org.elasticsearch.index.query.QueryBuilders.existsQuery;
 import static org.elasticsearch.index.query.QueryBuilders.hasChildQuery;
 import static org.elasticsearch.index.query.QueryBuilders.matchQuery;
 import static org.elasticsearch.index.query.QueryBuilders.termQuery;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
 import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertHitCount;
 import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFailures;
@@ -49,7 +49,7 @@ import static org.hamcrest.Matchers.nullValue;
 
 // The random usage of meta fields such as _timestamp add noise to the test, so disable random index templates:
 @ESIntegTestCase.ClusterScope(randomDynamicTemplates = false)
-public class FieldLevelSecurityTests extends ShieldIntegTestCase {
+public class FieldLevelSecurityTests extends SecurityIntegTestCase {
 
     protected static final SecuredString USERS_PASSWD = new SecuredString("change_me".toCharArray());
     protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("change_me".toCharArray())));
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/IndexPrivilegeTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/IndexPrivilegeTests.java
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/IndexPrivilegeTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/IndexPrivilegeTests.java
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/IndicesPermissionsWithAliasesWildcardsAndRegexsTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/IndicesPermissionsWithAliasesWildcardsAndRegexsTests.java
similarity index 89%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/IndicesPermissionsWithAliasesWildcardsAndRegexsTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/IndicesPermissionsWithAliasesWildcardsAndRegexsTests.java
index 068b3f97ef4..e4308549ab2 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/IndicesPermissionsWithAliasesWildcardsAndRegexsTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/IndicesPermissionsWithAliasesWildcardsAndRegexsTests.java
@@ -8,23 +8,23 @@ package org.elasticsearch.integration;
 import org.elasticsearch.action.admin.indices.alias.Alias;
 import org.elasticsearch.action.get.GetResponse;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.test.ShieldIntegTestCase;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.test.SecurityIntegTestCase;
 import org.elasticsearch.xpack.XPackPlugin;
 
 import java.util.Collections;
 
 import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
 import static org.hamcrest.Matchers.equalTo;
 
 /**
  */
-public class IndicesPermissionsWithAliasesWildcardsAndRegexsTests extends ShieldIntegTestCase {
+public class IndicesPermissionsWithAliasesWildcardsAndRegexsTests extends SecurityIntegTestCase {
 
     protected static final SecuredString USERS_PASSWD = new SecuredString("change_me".toCharArray());
     protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("change_me".toCharArray())));
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/KibanaUserRoleIntegTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/KibanaUserRoleIntegTests.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/KibanaUserRoleIntegTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/KibanaUserRoleIntegTests.java
index 372426e4751..0fd125570a1 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/KibanaUserRoleIntegTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/KibanaUserRoleIntegTests.java
@@ -17,10 +17,10 @@ import org.elasticsearch.action.index.IndexResponse;
 import org.elasticsearch.action.search.MultiSearchResponse;
 import org.elasticsearch.action.search.SearchResponse;
 import org.elasticsearch.index.query.QueryBuilders;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
-import org.elasticsearch.test.ShieldIntegTestCase;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
+import org.elasticsearch.test.SecurityIntegTestCase;
 
 import java.util.Locale;
 
@@ -35,7 +35,7 @@ import static org.hamcrest.Matchers.notNullValue;
 /**
  *
  */
-public class KibanaUserRoleIntegTests extends ShieldIntegTestCase {
+public class KibanaUserRoleIntegTests extends SecurityIntegTestCase {
 
     protected static final SecuredString USERS_PASSWD = new SecuredString("change_me".toCharArray());
     protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("change_me".toCharArray())));
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/LicensingTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/LicensingTests.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/LicensingTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/LicensingTests.java
index 550d280eaf6..ab82c4f4ed5 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/LicensingTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/LicensingTests.java
@@ -30,10 +30,10 @@ import org.elasticsearch.license.plugin.core.LicenseState;
 import org.elasticsearch.license.plugin.core.Licensee;
 import org.elasticsearch.license.plugin.core.LicenseeRegistry;
 import org.elasticsearch.rest.RestStatus;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
-import org.elasticsearch.test.ShieldIntegTestCase;
-import org.elasticsearch.test.ShieldSettingsSource;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
+import org.elasticsearch.test.SecurityIntegTestCase;
+import org.elasticsearch.test.SecuritySettingsSource;
 import org.elasticsearch.transport.Transport;
 import org.elasticsearch.xpack.XPackPlugin;
 import org.junit.After;
@@ -53,9 +53,9 @@ import static org.hamcrest.Matchers.notNullValue;
 /**
  *
  */
-public class LicensingTests extends ShieldIntegTestCase {
+public class LicensingTests extends SecurityIntegTestCase {
     public static final String ROLES =
-            ShieldSettingsSource.DEFAULT_ROLE + ":\n" +
+            SecuritySettingsSource.DEFAULT_ROLE + ":\n" +
                     "  cluster: [ all ]\n" +
                     "  indices:\n" +
                     "    - names: '*'\n" +
@@ -78,12 +78,12 @@ public class LicensingTests extends ShieldIntegTestCase {
                     "      privileges: [all]\n";
 
     public static final String USERS =
-            ShieldSettingsSource.CONFIG_STANDARD_USER +
+            SecuritySettingsSource.CONFIG_STANDARD_USER +
                     "user_a:{plain}passwd\n" +
                     "user_b:{plain}passwd\n";
 
     public static final String USERS_ROLES =
-            ShieldSettingsSource.CONFIG_STANDARD_USER_ROLES +
+            SecuritySettingsSource.CONFIG_STANDARD_USER_ROLES +
                     "role_a:user_a,user_b\n" +
                     "role_b:user_b\n";
 
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/MultipleIndicesPermissionsTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/MultipleIndicesPermissionsTests.java
similarity index 92%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/MultipleIndicesPermissionsTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/MultipleIndicesPermissionsTests.java
index d017c47befd..a5425d3355f 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/MultipleIndicesPermissionsTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/MultipleIndicesPermissionsTests.java
@@ -11,29 +11,29 @@ import org.elasticsearch.action.search.MultiSearchResponse;
 import org.elasticsearch.action.search.SearchResponse;
 import org.elasticsearch.client.Client;
 import org.elasticsearch.rest.RestStatus;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.test.ShieldIntegTestCase;
-import org.elasticsearch.test.ShieldSettingsSource;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.test.SecurityIntegTestCase;
+import org.elasticsearch.test.SecuritySettingsSource;
 
 import java.util.Collections;
 
 import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
 import static org.elasticsearch.index.query.QueryBuilders.indicesQuery;
 import static org.elasticsearch.index.query.QueryBuilders.matchAllQuery;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertHitCount;
 import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFailures;
 import static org.hamcrest.Matchers.is;
 
-public class MultipleIndicesPermissionsTests extends ShieldIntegTestCase {
+public class MultipleIndicesPermissionsTests extends SecurityIntegTestCase {
     protected static final SecuredString PASSWD = new SecuredString("passwd".toCharArray());
     protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(PASSWD));
 
     @Override
     protected String configRoles() {
-        return ShieldSettingsSource.DEFAULT_ROLE + ":\n" +
+        return SecuritySettingsSource.DEFAULT_ROLE + ":\n" +
                 "  cluster: [ all ]\n" +
                 "  indices:\n" +
                 "    - names: '*'\n" +
@@ -58,14 +58,14 @@ public class MultipleIndicesPermissionsTests extends ShieldIntegTestCase {
 
     @Override
     protected String configUsers() {
-        return ShieldSettingsSource.CONFIG_STANDARD_USER +
+        return SecuritySettingsSource.CONFIG_STANDARD_USER +
                 "user_a:" + USERS_PASSWD_HASHED + "\n" +
                 "user_ab:" + USERS_PASSWD_HASHED + "\n";
     }
 
     @Override
     protected String configUsersRoles() {
-        return ShieldSettingsSource.CONFIG_STANDARD_USER_ROLES +
+        return SecuritySettingsSource.CONFIG_STANDARD_USER_ROLES +
                 "role_a:user_a,user_ab\n" +
                 "role_b:user_ab\n";
     }
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/PermissionPrecedenceTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/PermissionPrecedenceTests.java
similarity index 87%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/PermissionPrecedenceTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/PermissionPrecedenceTests.java
index f6be64f2316..be3299b34d8 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/PermissionPrecedenceTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/PermissionPrecedenceTests.java
@@ -10,29 +10,29 @@ import org.elasticsearch.action.admin.indices.template.get.GetIndexTemplatesResp
 import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateResponse;
 import org.elasticsearch.client.Client;
 import org.elasticsearch.cluster.metadata.IndexTemplateMetaData;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.SecuredStringTests;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
-import org.elasticsearch.test.ShieldIntegTestCase;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredStringTests;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
+import org.elasticsearch.test.SecurityIntegTestCase;
 
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
-import static org.elasticsearch.test.ShieldTestsUtils.assertAuthorizationException;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.test.SecurityTestsUtils.assertAuthorizationException;
 import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
 import static org.hamcrest.Matchers.hasSize;
 
 /**
  * This test makes sure that if an action is a cluster action (according to our
- * internal categorization in shield), then we apply the cluster priv checks and don't
+ * internal categorization in security), then we apply the cluster priv checks and don't
  * fallback on the indices privs at all. In particular, this is useful when we want to treat
  * actions that are normally categorized as index actions as cluster actions - for example,
  * index template actions.
  */
-public class PermissionPrecedenceTests extends ShieldIntegTestCase {
+public class PermissionPrecedenceTests extends SecurityIntegTestCase {
     protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("test123".toCharArray())));
 
     @Override
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ScrollIdSigningTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ScrollIdSigningTests.java
similarity index 93%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ScrollIdSigningTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ScrollIdSigningTests.java
index 9ed9106a197..bf76bfe7ac0 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ScrollIdSigningTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ScrollIdSigningTests.java
@@ -10,20 +10,20 @@ import org.elasticsearch.ExceptionsHelper;
 import org.elasticsearch.action.index.IndexRequestBuilder;
 import org.elasticsearch.action.search.SearchResponse;
 import org.elasticsearch.common.unit.TimeValue;
-import org.elasticsearch.shield.crypto.CryptoService;
-import org.elasticsearch.shield.crypto.InternalCryptoService;
-import org.elasticsearch.test.ShieldIntegTestCase;
+import org.elasticsearch.xpack.security.crypto.CryptoService;
+import org.elasticsearch.xpack.security.crypto.InternalCryptoService;
+import org.elasticsearch.test.SecurityIntegTestCase;
 
 import java.util.Locale;
 
 import static org.elasticsearch.index.query.QueryBuilders.matchAllQuery;
-import static org.elasticsearch.test.ShieldTestsUtils.assertAuthorizationException;
+import static org.elasticsearch.test.SecurityTestsUtils.assertAuthorizationException;
 import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertHitCount;
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.notNullValue;
 
-public class ScrollIdSigningTests extends ShieldIntegTestCase {
+public class ScrollIdSigningTests extends SecurityIntegTestCase {
     public void testSearchAndClearScroll() throws Exception {
         IndexRequestBuilder[] docs = new IndexRequestBuilder[randomIntBetween(20, 100)];
         for (int i = 0; i < docs.length; i++) {
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ShieldClearScrollTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/SecurityClearScrollTests.java
similarity index 88%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ShieldClearScrollTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/SecurityClearScrollTests.java
index 4d050ad6704..7013f657405 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ShieldClearScrollTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/SecurityClearScrollTests.java
@@ -12,10 +12,10 @@ import org.elasticsearch.action.search.ClearScrollResponse;
 import org.elasticsearch.action.search.MultiSearchRequestBuilder;
 import org.elasticsearch.action.search.MultiSearchResponse;
 import org.elasticsearch.action.search.SearchPhaseExecutionException;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.test.ShieldIntegTestCase;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.test.SecurityIntegTestCase;
 import org.junit.After;
 import org.junit.Before;
 
@@ -25,13 +25,13 @@ import java.util.List;
 import java.util.Map;
 
 import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertThrows;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.is;
 
-public class ShieldClearScrollTests extends ShieldIntegTestCase {
+public class SecurityClearScrollTests extends SecurityIntegTestCase {
     protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("change_me".toCharArray())));
 
     private List<String> scrollIds;
@@ -87,10 +87,10 @@ public class ShieldClearScrollTests extends ShieldIntegTestCase {
     }
 
     public void testThatClearingAllScrollIdsWorks() throws Exception {
-        String shieldUser = "allowed_user:change_me";
+        String user = "allowed_user:change_me";
         String basicAuth = basicAuthHeaderValue("allowed_user", new SecuredString("change_me".toCharArray()));
         Map<String, String> headers = new HashMap<>();
-        headers.put(Security.USER_SETTING.getKey(), shieldUser);
+        headers.put(Security.USER_SETTING.getKey(), user);
         headers.put(BASIC_AUTH_HEADER, basicAuth);
         ClearScrollResponse clearScrollResponse = internalCluster().transportClient().filterWithHeader(headers)
             .prepareClearScroll()
@@ -101,10 +101,10 @@ public class ShieldClearScrollTests extends ShieldIntegTestCase {
     }
 
     public void testThatClearingAllScrollIdsRequirePermissions() throws Exception {
-        String shieldUser = "denied_user:change_me";
+        String user = "denied_user:change_me";
         String basicAuth = basicAuthHeaderValue("denied_user", new SecuredString("change_me".toCharArray()));
         Map<String, String> headers = new HashMap<>();
-        headers.put(Security.USER_SETTING.getKey(), shieldUser);
+        headers.put(Security.USER_SETTING.getKey(), user);
         headers.put(BASIC_AUTH_HEADER, basicAuth);
         assertThrows(internalCluster().transportClient().filterWithHeader(headers)
                 .prepareClearScroll()
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ldap/AbstractAdLdapRealmTestCase.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ldap/AbstractAdLdapRealmTestCase.java
similarity index 65%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ldap/AbstractAdLdapRealmTestCase.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ldap/AbstractAdLdapRealmTestCase.java
index 9e33a80f555..f271a375067 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ldap/AbstractAdLdapRealmTestCase.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ldap/AbstractAdLdapRealmTestCase.java
@@ -11,12 +11,12 @@ import org.elasticsearch.action.index.IndexResponse;
 import org.elasticsearch.client.Client;
 import org.elasticsearch.common.logging.ESLoggerFactory;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authc.activedirectory.ActiveDirectoryRealm;
-import org.elasticsearch.shield.authc.ldap.LdapRealm;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
-import org.elasticsearch.shield.transport.netty.ShieldNettyTransport;
-import org.elasticsearch.test.ShieldIntegTestCase;
+import org.elasticsearch.xpack.security.authc.activedirectory.ActiveDirectoryRealm;
+import org.elasticsearch.xpack.security.authc.ldap.LdapRealm;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
+import org.elasticsearch.test.SecurityIntegTestCase;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 
@@ -25,10 +25,10 @@ import java.nio.file.Path;
 import java.util.Collections;
 
 import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
-import static org.elasticsearch.shield.authc.ldap.support.LdapSearchScope.ONE_LEVEL;
-import static org.elasticsearch.shield.authc.ldap.support.LdapSearchScope.SUB_TREE;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
-import static org.elasticsearch.shield.test.ShieldTestUtils.writeFile;
+import static org.elasticsearch.xpack.security.authc.ldap.support.LdapSearchScope.ONE_LEVEL;
+import static org.elasticsearch.xpack.security.authc.ldap.support.LdapSearchScope.SUB_TREE;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
+import static org.elasticsearch.xpack.security.test.SecurityTestUtils.writeFile;
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.is;
 
@@ -37,13 +37,13 @@ import static org.hamcrest.Matchers.is;
  * This test assumes all subclass tests will be of type SUITE.  It picks a random realm configuration for the tests, and
  * writes a group to role mapping file for each node.
  */
-abstract public class AbstractAdLdapRealmTestCase extends ShieldIntegTestCase {
+abstract public class AbstractAdLdapRealmTestCase extends SecurityIntegTestCase {
 
-    public static final String SHIELD_AUTHC_REALMS_EXTERNAL = "xpack.security.authc.realms.external";
+    public static final String XPACK_SECURITY_AUTHC_REALMS_EXTERNAL = "xpack.security.authc.realms.external";
     public static final String PASSWORD = "NickFuryHeartsES";
     public static final String ASGARDIAN_INDEX = "gods";
     public static final String PHILANTHROPISTS_INDEX = "philanthropists";
-    public static final String SHIELD_INDEX = "shield";
+    public static final String SECURITY_INDEX = "security";
     private static final String AD_ROLE_MAPPING =
             "SHIELD:  [ \"CN=SHIELD,CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com\" ] \n" +
                     "Avengers:  [ \"CN=Avengers,CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com\" ] \n" +
@@ -76,11 +76,12 @@ abstract public class AbstractAdLdapRealmTestCase extends ShieldIntegTestCase {
     @Override
     protected Settings nodeSettings(int nodeOrdinal) {
         Path nodeFiles = createTempDir();
-        Path store = getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks");
+        Path store = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks");
         Settings.Builder builder = Settings.builder()
                 .put(super.nodeSettings(nodeOrdinal))
                 .put(realmConfig.buildSettings(store, "testnode"))
-                .put(SHIELD_AUTHC_REALMS_EXTERNAL + ".files.role_mapping", writeFile(nodeFiles, "role_mapping.yml", configRoleMappings()));
+                .put(XPACK_SECURITY_AUTHC_REALMS_EXTERNAL + ".files.role_mapping", writeFile(nodeFiles, "role_mapping.yml",
+                        configRoleMappings()));
         if (sslEnabled == false && useGlobalSSL) {
             builder.put(sslSettingsForStore(store, "testnode"));
         }
@@ -108,7 +109,7 @@ abstract public class AbstractAdLdapRealmTestCase extends ShieldIntegTestCase {
                 "SHIELD:\n" +
                 "  cluster: [ NONE ]\n" +
                 "  indices:\n" +
-                "    - names: '" + SHIELD_INDEX + "'\n" +
+                "    - names: '" + SECURITY_INDEX + "'\n" +
                 "      privileges: [ all ]\n" +
                 "Gods:\n" +
                 "  cluster: [ NONE ]\n" +
@@ -165,7 +166,7 @@ abstract public class AbstractAdLdapRealmTestCase extends ShieldIntegTestCase {
         return Settings.builder()
                 .put("xpack.security.ssl.keystore.path", store)
                 .put("xpack.security.ssl.keystore.password", password)
-                .put(ShieldNettyTransport.HOSTNAME_VERIFICATION_SETTING.getKey(), false)
+                .put(SecurityNettyTransport.HOSTNAME_VERIFICATION_SETTING.getKey(), false)
                 .put("xpack.security.ssl.truststore.path", store)
                 .put("xpack.security.ssl.truststore.password", password).build();
     }
@@ -177,47 +178,50 @@ abstract public class AbstractAdLdapRealmTestCase extends ShieldIntegTestCase {
 
         AD(false, AD_ROLE_MAPPING,
                 Settings.builder()
-                        .put(SHIELD_AUTHC_REALMS_EXTERNAL + ".type", ActiveDirectoryRealm.TYPE)
-                        .put(SHIELD_AUTHC_REALMS_EXTERNAL + ".domain_name", "ad.test.elasticsearch.com")
-                        .put(SHIELD_AUTHC_REALMS_EXTERNAL + ".group_search.base_dn", "CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com")
-                        .put(SHIELD_AUTHC_REALMS_EXTERNAL + ".group_search.scope", randomBoolean() ? SUB_TREE : ONE_LEVEL)
+                        .put(XPACK_SECURITY_AUTHC_REALMS_EXTERNAL + ".type", ActiveDirectoryRealm.TYPE)
+                        .put(XPACK_SECURITY_AUTHC_REALMS_EXTERNAL + ".domain_name", "ad.test.elasticsearch.com")
+                        .put(XPACK_SECURITY_AUTHC_REALMS_EXTERNAL
+                                + ".group_search.base_dn", "CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com")
+                        .put(XPACK_SECURITY_AUTHC_REALMS_EXTERNAL + ".group_search.scope", randomBoolean() ? SUB_TREE : ONE_LEVEL)
                         .build()),
 
         AD_SSL(false, AD_ROLE_MAPPING,
                 Settings.builder()
-                        .put(SHIELD_AUTHC_REALMS_EXTERNAL + ".type", ActiveDirectoryRealm.TYPE)
-                        .put(SHIELD_AUTHC_REALMS_EXTERNAL + ".domain_name", "ad.test.elasticsearch.com")
-                        .put(SHIELD_AUTHC_REALMS_EXTERNAL + ".group_search.base_dn", "CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com")
-                        .put(SHIELD_AUTHC_REALMS_EXTERNAL + ".group_search.scope", randomBoolean() ? SUB_TREE : ONE_LEVEL)
-                        .put(SHIELD_AUTHC_REALMS_EXTERNAL + ".url", "ldap://ad.test.elasticsearch.com:389")
+                        .put(XPACK_SECURITY_AUTHC_REALMS_EXTERNAL + ".type", ActiveDirectoryRealm.TYPE)
+                        .put(XPACK_SECURITY_AUTHC_REALMS_EXTERNAL + ".domain_name", "ad.test.elasticsearch.com")
+                        .put(XPACK_SECURITY_AUTHC_REALMS_EXTERNAL
+                                + ".group_search.base_dn", "CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com")
+                        .put(XPACK_SECURITY_AUTHC_REALMS_EXTERNAL + ".group_search.scope", randomBoolean() ? SUB_TREE : ONE_LEVEL)
+                        .put(XPACK_SECURITY_AUTHC_REALMS_EXTERNAL + ".url", "ldap://ad.test.elasticsearch.com:389")
                         .build()),
 
         AD_LDAP_GROUPS_FROM_SEARCH(true, AD_ROLE_MAPPING,
                 Settings.builder()
-                        .put(SHIELD_AUTHC_REALMS_EXTERNAL + ".type", LdapRealm.TYPE)
-                        .put(SHIELD_AUTHC_REALMS_EXTERNAL + ".url", "ldaps://ad.test.elasticsearch.com:636")
-                        .put(SHIELD_AUTHC_REALMS_EXTERNAL + ".group_search.base_dn", "CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com")
-                        .put(SHIELD_AUTHC_REALMS_EXTERNAL + ".group_search.scope", randomBoolean() ? SUB_TREE : ONE_LEVEL)
-                        .putArray(SHIELD_AUTHC_REALMS_EXTERNAL + ".user_dn_templates",
+                        .put(XPACK_SECURITY_AUTHC_REALMS_EXTERNAL + ".type", LdapRealm.TYPE)
+                        .put(XPACK_SECURITY_AUTHC_REALMS_EXTERNAL + ".url", "ldaps://ad.test.elasticsearch.com:636")
+                        .put(XPACK_SECURITY_AUTHC_REALMS_EXTERNAL
+                                + ".group_search.base_dn", "CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com")
+                        .put(XPACK_SECURITY_AUTHC_REALMS_EXTERNAL + ".group_search.scope", randomBoolean() ? SUB_TREE : ONE_LEVEL)
+                        .putArray(XPACK_SECURITY_AUTHC_REALMS_EXTERNAL + ".user_dn_templates",
                                 "cn={0},CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com")
                         .build()),
 
         AD_LDAP_GROUPS_FROM_ATTRIBUTE(true, AD_ROLE_MAPPING,
                 Settings.builder()
-                        .put(SHIELD_AUTHC_REALMS_EXTERNAL + ".type", LdapRealm.TYPE)
-                        .put(SHIELD_AUTHC_REALMS_EXTERNAL + ".url", "ldaps://ad.test.elasticsearch.com:636")
-                        .putArray(SHIELD_AUTHC_REALMS_EXTERNAL + ".user_dn_templates",
+                        .put(XPACK_SECURITY_AUTHC_REALMS_EXTERNAL + ".type", LdapRealm.TYPE)
+                        .put(XPACK_SECURITY_AUTHC_REALMS_EXTERNAL + ".url", "ldaps://ad.test.elasticsearch.com:636")
+                        .putArray(XPACK_SECURITY_AUTHC_REALMS_EXTERNAL + ".user_dn_templates",
                                 "cn={0},CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com")
                         .build()),
 
         OLDAP(false, OLDAP_ROLE_MAPPING,
                 Settings.builder()
-                        .put(SHIELD_AUTHC_REALMS_EXTERNAL + ".type", LdapRealm.TYPE)
-                        .put(SHIELD_AUTHC_REALMS_EXTERNAL + ".url", "ldaps://54.200.235.244:636")
-                        .put(SHIELD_AUTHC_REALMS_EXTERNAL + ".group_search.base_dn",
+                        .put(XPACK_SECURITY_AUTHC_REALMS_EXTERNAL + ".type", LdapRealm.TYPE)
+                        .put(XPACK_SECURITY_AUTHC_REALMS_EXTERNAL + ".url", "ldaps://54.200.235.244:636")
+                        .put(XPACK_SECURITY_AUTHC_REALMS_EXTERNAL + ".group_search.base_dn",
                                 "ou=people, dc=oldap, dc=test, dc=elasticsearch, dc=com")
-                        .put(SHIELD_AUTHC_REALMS_EXTERNAL + ".group_search.scope", randomBoolean() ? SUB_TREE : ONE_LEVEL)
-                        .putArray(SHIELD_AUTHC_REALMS_EXTERNAL + ".user_dn_templates",
+                        .put(XPACK_SECURITY_AUTHC_REALMS_EXTERNAL + ".group_search.scope", randomBoolean() ? SUB_TREE : ONE_LEVEL)
+                        .putArray(XPACK_SECURITY_AUTHC_REALMS_EXTERNAL + ".user_dn_templates",
                                 "uid={0},ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com")
                         .build());
 
@@ -235,13 +239,13 @@ abstract public class AbstractAdLdapRealmTestCase extends ShieldIntegTestCase {
 
         public Settings buildSettings(Path store, String password) {
             Settings.Builder builder = Settings.builder()
-                    .put(SHIELD_AUTHC_REALMS_EXTERNAL + ".order", 1)
-                    .put(SHIELD_AUTHC_REALMS_EXTERNAL + ".hostname_verification", false)
-                    .put(SHIELD_AUTHC_REALMS_EXTERNAL + ".unmapped_groups_as_roles", mapGroupsAsRoles)
+                    .put(XPACK_SECURITY_AUTHC_REALMS_EXTERNAL + ".order", 1)
+                    .put(XPACK_SECURITY_AUTHC_REALMS_EXTERNAL + ".hostname_verification", false)
+                    .put(XPACK_SECURITY_AUTHC_REALMS_EXTERNAL + ".unmapped_groups_as_roles", mapGroupsAsRoles)
                     .put(this.settings);
             if (useGlobalSSL == false) {
-                builder.put(SHIELD_AUTHC_REALMS_EXTERNAL + ".ssl.truststore.path", store)
-                        .put(SHIELD_AUTHC_REALMS_EXTERNAL + ".ssl.truststore.password", password);
+                builder.put(XPACK_SECURITY_AUTHC_REALMS_EXTERNAL + ".ssl.truststore.path", store)
+                        .put(XPACK_SECURITY_AUTHC_REALMS_EXTERNAL + ".ssl.truststore.password", password);
             }
 
             return builder.build();
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ldap/GroupMappingTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ldap/GroupMappingTests.java
similarity index 55%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ldap/GroupMappingTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ldap/GroupMappingTests.java
index fc879b46db8..9badf115f64 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ldap/GroupMappingTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ldap/GroupMappingTests.java
@@ -22,27 +22,27 @@ public class GroupMappingTests extends AbstractAdLdapRealmTestCase {
 
     public void testGroupMapping() throws IOException {
         String asgardian = "odin";
-        String shieldPhilanthropist = realmConfig.loginWithCommonName ? "Bruce Banner" : "hulk";
-        String shield = realmConfig.loginWithCommonName ? "Phil Coulson" : "phil";
-        String shieldAsgardianPhilanthropist = "thor";
+        String securityPhilanthropist = realmConfig.loginWithCommonName ? "Bruce Banner" : "hulk";
+        String securityMappedUser = realmConfig.loginWithCommonName ? "Phil Coulson" : "phil";
+        String securityAsgardianPhilanthropist = "thor";
         String noGroupUser = "jarvis";
 
         assertAccessAllowed(asgardian, ASGARDIAN_INDEX);
-        assertAccessAllowed(shieldAsgardianPhilanthropist, ASGARDIAN_INDEX);
-        assertAccessDenied(shieldPhilanthropist, ASGARDIAN_INDEX);
-        assertAccessDenied(shield, ASGARDIAN_INDEX);
+        assertAccessAllowed(securityAsgardianPhilanthropist, ASGARDIAN_INDEX);
+        assertAccessDenied(securityPhilanthropist, ASGARDIAN_INDEX);
+        assertAccessDenied(securityMappedUser, ASGARDIAN_INDEX);
         assertAccessDenied(noGroupUser, ASGARDIAN_INDEX);
 
-        assertAccessAllowed(shieldPhilanthropist, PHILANTHROPISTS_INDEX);
-        assertAccessAllowed(shieldAsgardianPhilanthropist, PHILANTHROPISTS_INDEX);
+        assertAccessAllowed(securityPhilanthropist, PHILANTHROPISTS_INDEX);
+        assertAccessAllowed(securityAsgardianPhilanthropist, PHILANTHROPISTS_INDEX);
         assertAccessDenied(asgardian, PHILANTHROPISTS_INDEX);
-        assertAccessDenied(shield, PHILANTHROPISTS_INDEX);
+        assertAccessDenied(securityMappedUser, PHILANTHROPISTS_INDEX);
         assertAccessDenied(noGroupUser, PHILANTHROPISTS_INDEX);
 
-        assertAccessAllowed(shield, SHIELD_INDEX);
-        assertAccessAllowed(shieldPhilanthropist, SHIELD_INDEX);
-        assertAccessAllowed(shieldAsgardianPhilanthropist, SHIELD_INDEX);
-        assertAccessDenied(asgardian, SHIELD_INDEX);
-        assertAccessDenied(noGroupUser, SHIELD_INDEX);
+        assertAccessAllowed(securityMappedUser, SECURITY_INDEX);
+        assertAccessAllowed(securityPhilanthropist, SECURITY_INDEX);
+        assertAccessAllowed(securityAsgardianPhilanthropist, SECURITY_INDEX);
+        assertAccessDenied(asgardian, SECURITY_INDEX);
+        assertAccessDenied(noGroupUser, SECURITY_INDEX);
     }
 }
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ldap/MultiGroupMappingTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ldap/MultiGroupMappingTests.java
similarity index 81%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ldap/MultiGroupMappingTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ldap/MultiGroupMappingTests.java
index 772d965e566..77d03f1a91e 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ldap/MultiGroupMappingTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ldap/MultiGroupMappingTests.java
@@ -40,15 +40,15 @@ public class MultiGroupMappingTests extends AbstractAdLdapRealmTestCase {
 
     public void testGroupMapping() throws IOException {
         String asgardian = "odin";
-        String shieldPhilanthropist = realmConfig.loginWithCommonName ? "Bruce Banner" : "hulk";
-        String shield = realmConfig.loginWithCommonName ? "Phil Coulson" : "phil";
-        String shieldAsgardianPhilanthropist = "thor";
+        String securityPhilanthropist = realmConfig.loginWithCommonName ? "Bruce Banner" : "hulk";
+        String security = realmConfig.loginWithCommonName ? "Phil Coulson" : "phil";
+        String securityAsgardianPhilanthropist = "thor";
         String noGroupUser = "jarvis";
 
         assertAccessAllowed(asgardian, "marvel_comics");
-        assertAccessAllowed(shieldAsgardianPhilanthropist, "marvel_comics");
-        assertAccessAllowed(shieldPhilanthropist, "marvel_comics");
-        assertAccessAllowed(shield, "marvel_comics");
+        assertAccessAllowed(securityAsgardianPhilanthropist, "marvel_comics");
+        assertAccessAllowed(securityPhilanthropist, "marvel_comics");
+        assertAccessAllowed(security, "marvel_comics");
         assertAccessDenied(noGroupUser, "marvel_comics");
     }
 }
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/NativeRealmIntegTestCase.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/test/NativeRealmIntegTestCase.java
similarity index 86%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/NativeRealmIntegTestCase.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/test/NativeRealmIntegTestCase.java
index be83d942c6d..e4dc31a765e 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/NativeRealmIntegTestCase.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/test/NativeRealmIntegTestCase.java
@@ -6,10 +6,10 @@
 package org.elasticsearch.test;
 
 import org.elasticsearch.index.IndexNotFoundException;
-import org.elasticsearch.shield.ShieldTemplateService;
-import org.elasticsearch.shield.authc.esnative.NativeUsersStore;
-import org.elasticsearch.shield.authz.store.NativeRolesStore;
-import org.elasticsearch.shield.client.SecurityClient;
+import org.elasticsearch.xpack.security.SecurityTemplateService;
+import org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore;
+import org.elasticsearch.xpack.security.authz.store.NativeRolesStore;
+import org.elasticsearch.xpack.security.client.SecurityClient;
 import org.junit.After;
 import org.junit.Before;
 
@@ -19,7 +19,7 @@ import static org.hamcrest.Matchers.isOneOf;
 /**
  * Test case with method to handle the starting and stopping the stores for native users and roles
  */
-public abstract class NativeRealmIntegTestCase extends ShieldIntegTestCase {
+public abstract class NativeRealmIntegTestCase extends SecurityIntegTestCase {
 
     @Before
     public void ensureNativeStoresStarted() throws Exception {
@@ -70,7 +70,7 @@ public abstract class NativeRealmIntegTestCase extends ShieldIntegTestCase {
 
         try {
             // this is a hack to clean up the .security index since only the XPack user can delete it
-            internalClient().admin().indices().prepareDelete(ShieldTemplateService.SECURITY_INDEX_NAME).get();
+            internalClient().admin().indices().prepareDelete(SecurityTemplateService.SECURITY_INDEX_NAME).get();
         } catch (IndexNotFoundException e) {
             // ignore it since not all tests create this index...
         }
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/ShieldIntegTestCase.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/test/SecurityIntegTestCase.java
similarity index 78%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/ShieldIntegTestCase.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/test/SecurityIntegTestCase.java
index 97dac80defc..b7f0583bc06 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/ShieldIntegTestCase.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/test/SecurityIntegTestCase.java
@@ -13,10 +13,10 @@ import org.elasticsearch.client.node.NodeClient;
 import org.elasticsearch.cluster.health.ClusterHealthStatus;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.plugins.Plugin;
-import org.elasticsearch.shield.InternalClient;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.client.SecurityClient;
+import org.elasticsearch.xpack.security.InternalClient;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.client.SecurityClient;
 import org.elasticsearch.test.ESIntegTestCase.SuppressLocalMode;
 import org.elasticsearch.test.transport.AssertingLocalTransport;
 import org.elasticsearch.test.transport.MockTransportService;
@@ -37,27 +37,27 @@ import java.util.Set;
 import java.util.function.Function;
 import java.util.stream.Collectors;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoTimeout;
 import static org.hamcrest.Matchers.is;
 import static org.hamcrest.core.IsCollectionContaining.hasItem;
 
 /**
- * Base class to run tests against a cluster with shield installed.
- * The default {@link org.elasticsearch.test.ESIntegTestCase.Scope} is {@link org.elasticsearch.test.ESIntegTestCase.Scope#SUITE},
- * meaning that all subclasses that don't specify a different scope will share the same cluster with shield installed.
- * @see org.elasticsearch.test.ShieldSettingsSource
+ * Base class to run tests against a cluster with X-Pack installed and security enabled.
+ * The default {@link org.elasticsearch.test.ESIntegTestCase.Scope} is {@link org.elasticsearch.test.ESIntegTestCase.Scope#SUITE}
+ *
+ * @see SecuritySettingsSource
  */
 @SuppressLocalMode
-public abstract class ShieldIntegTestCase extends ESIntegTestCase {
+public abstract class SecurityIntegTestCase extends ESIntegTestCase {
 
-    private static ShieldSettingsSource SHIELD_DEFAULT_SETTINGS;
+    private static SecuritySettingsSource SECURITY_DEFAULT_SETTINGS;
 
     //UnicastZen requires the number of nodes in a cluster to generate the unicast configuration.
     //The number of nodes is randomized though, but we can predict what the maximum number of nodes will be
     //and configure them all in unicast.hosts
     private static int maxNumberOfNodes() {
-        ClusterScope clusterScope = ShieldIntegTestCase.class.getAnnotation(ClusterScope.class);
+        ClusterScope clusterScope = SecurityIntegTestCase.class.getAnnotation(ClusterScope.class);
         if (clusterScope == null) {
             return InternalTestCluster.DEFAULT_HIGH_NUM_MASTER_NODES +
                     InternalTestCluster.DEFAULT_MAX_NUM_DATA_NODES +
@@ -77,7 +77,7 @@ public abstract class ShieldIntegTestCase extends ESIntegTestCase {
     }
 
     private static ClusterScope getAnnotation(Class<?> clazz) {
-        if (clazz == Object.class || clazz == ShieldIntegTestCase.class) {
+        if (clazz == Object.class || clazz == SecurityIntegTestCase.class) {
             return null;
         }
         ClusterScope annotation = clazz.getAnnotation(ClusterScope.class);
@@ -102,12 +102,12 @@ public abstract class ShieldIntegTestCase extends ESIntegTestCase {
      * so that some of the configuration parameters can be overridden through test instance methods, similarly
      * to how {@link #nodeSettings(int)} and {@link #transportClientSettings()} work.
      */
-    private CustomShieldSettingsSource customShieldSettingsSource = null;
+    private CustomSecuritySettingsSource customSecuritySettingsSource = null;
 
     @BeforeClass
     public static void initDefaultSettings() {
-        if (SHIELD_DEFAULT_SETTINGS == null) {
-            SHIELD_DEFAULT_SETTINGS = new ShieldSettingsSource(maxNumberOfNodes(), randomBoolean(), createTempDir(), Scope.SUITE);
+        if (SECURITY_DEFAULT_SETTINGS == null) {
+            SECURITY_DEFAULT_SETTINGS = new SecuritySettingsSource(maxNumberOfNodes(), randomBoolean(), createTempDir(), Scope.SUITE);
         }
     }
 
@@ -118,7 +118,7 @@ public abstract class ShieldIntegTestCase extends ESIntegTestCase {
      */
     @AfterClass
     public static void destroyDefaultSettings() {
-        SHIELD_DEFAULT_SETTINGS = null;
+        SECURITY_DEFAULT_SETTINGS = null;
     }
 
     @Rule
@@ -129,14 +129,14 @@ public abstract class ShieldIntegTestCase extends ESIntegTestCase {
             Scope currentClusterScope = getCurrentClusterScope();
             switch (currentClusterScope) {
                 case SUITE:
-                    if (customShieldSettingsSource == null) {
-                        customShieldSettingsSource =
-                                new CustomShieldSettingsSource(sslTransportEnabled(), createTempDir(), currentClusterScope);
+                    if (customSecuritySettingsSource == null) {
+                        customSecuritySettingsSource =
+                                new CustomSecuritySettingsSource(sslTransportEnabled(), createTempDir(), currentClusterScope);
                     }
                     break;
                 case TEST:
-                    customShieldSettingsSource =
-                            new CustomShieldSettingsSource(sslTransportEnabled(), createTempDir(), currentClusterScope);
+                    customSecuritySettingsSource =
+                            new CustomSecuritySettingsSource(sslTransportEnabled(), createTempDir(), currentClusterScope);
                     break;
             }
         }
@@ -144,7 +144,7 @@ public abstract class ShieldIntegTestCase extends ESIntegTestCase {
 
     @Before
     //before methods from the superclass are run before this, which means that the current cluster is ready to go
-    public void assertShieldIsInstalled() {
+    public void assertXPackIsInstalled() {
         NodesInfoResponse nodeInfos = client().admin().cluster().prepareNodesInfo().clear().setPlugins(true).get();
         for (NodeInfo nodeInfo : nodeInfos.getNodes()) {
             // TODO: disable this assertion for now, due to random runs with mock plugins. perhaps run without mock plugins?
@@ -159,39 +159,40 @@ public abstract class ShieldIntegTestCase extends ESIntegTestCase {
     @Override
     protected Settings nodeSettings(int nodeOrdinal) {
         return Settings.builder().put(super.nodeSettings(nodeOrdinal))
-                .put(customShieldSettingsSource.nodeSettings(nodeOrdinal))
+                .put(customSecuritySettingsSource.nodeSettings(nodeOrdinal))
                 .build();
     }
 
     @Override
     protected Settings transportClientSettings() {
         return Settings.builder().put(super.transportClientSettings())
-                .put(customShieldSettingsSource.transportClientSettings())
+                .put(customSecuritySettingsSource.transportClientSettings())
                 .build();
     }
 
     @Override
     protected Collection<Class<? extends Plugin>> getMockPlugins() {
         Set<Class<? extends Plugin>> plugins = new HashSet<>(super.getMockPlugins());
-        plugins.remove(MockTransportService.TestPlugin.class); // shield has its own transport service
-        plugins.remove(AssertingLocalTransport.TestPlugin.class); // shield has its own transport
+        plugins.remove(MockTransportService.TestPlugin.class); // security has its own transport service
+        plugins.remove(AssertingLocalTransport.TestPlugin.class); // security has its own transport
         return plugins;
     }
 
     @Override
     protected Collection<Class<? extends Plugin>> nodePlugins() {
-        return customShieldSettingsSource.nodePlugins();
+        return customSecuritySettingsSource.nodePlugins();
     }
 
     @Override
     protected Collection<Class<? extends Plugin>> transportClientPlugins() {
-        return customShieldSettingsSource.transportClientPlugins();
+        return customSecuritySettingsSource.transportClientPlugins();
     }
 
     @Override
     protected Settings externalClusterClientSettings() {
         return Settings.builder()
-                .put(Security.USER_SETTING.getKey(), ShieldSettingsSource.DEFAULT_USER_NAME + ":" + ShieldSettingsSource.DEFAULT_PASSWORD)
+                .put(Security.USER_SETTING.getKey(), SecuritySettingsSource.DEFAULT_USER_NAME + ":"
+                        + SecuritySettingsSource.DEFAULT_PASSWORD)
                 .build();
     }
 
@@ -201,7 +202,7 @@ public abstract class ShieldIntegTestCase extends ESIntegTestCase {
      * @return the system key bytes
      */
     protected byte[] systemKey() {
-        return customShieldSettingsSource.systemKey();
+        return customSecuritySettingsSource.systemKey();
     }
 
     /**
@@ -209,7 +210,7 @@ public abstract class ShieldIntegTestCase extends ESIntegTestCase {
      * {@link org.elasticsearch.test.ESIntegTestCase.Scope#SUITE} or {@link org.elasticsearch.test.ESIntegTestCase.Scope#TEST}
      */
     protected String configUsers() {
-        return SHIELD_DEFAULT_SETTINGS.configUsers();
+        return SECURITY_DEFAULT_SETTINGS.configUsers();
     }
 
     /**
@@ -217,7 +218,7 @@ public abstract class ShieldIntegTestCase extends ESIntegTestCase {
      * {@link org.elasticsearch.test.ESIntegTestCase.Scope#SUITE} or {@link org.elasticsearch.test.ESIntegTestCase.Scope#TEST}
      */
     protected String configUsersRoles() {
-        return SHIELD_DEFAULT_SETTINGS.configUsersRoles();
+        return SECURITY_DEFAULT_SETTINGS.configUsersRoles();
     }
 
     /**
@@ -225,7 +226,7 @@ public abstract class ShieldIntegTestCase extends ESIntegTestCase {
      * {@link org.elasticsearch.test.ESIntegTestCase.Scope#SUITE} or {@link org.elasticsearch.test.ESIntegTestCase.Scope#TEST}
      */
     protected String configRoles() {
-        return SHIELD_DEFAULT_SETTINGS.configRoles();
+        return SECURITY_DEFAULT_SETTINGS.configRoles();
     }
 
     /**
@@ -234,7 +235,7 @@ public abstract class ShieldIntegTestCase extends ESIntegTestCase {
      * {@link org.elasticsearch.test.ESIntegTestCase.Scope#SUITE} or {@link org.elasticsearch.test.ESIntegTestCase.Scope#TEST}
      */
     protected String nodeClientUsername() {
-        return SHIELD_DEFAULT_SETTINGS.nodeClientUsername();
+        return SECURITY_DEFAULT_SETTINGS.nodeClientUsername();
     }
 
     /**
@@ -243,7 +244,7 @@ public abstract class ShieldIntegTestCase extends ESIntegTestCase {
      * {@link org.elasticsearch.test.ESIntegTestCase.Scope#SUITE} or {@link org.elasticsearch.test.ESIntegTestCase.Scope#TEST}
      */
     protected SecuredString nodeClientPassword() {
-        return SHIELD_DEFAULT_SETTINGS.nodeClientPassword();
+        return SECURITY_DEFAULT_SETTINGS.nodeClientPassword();
     }
 
     /**
@@ -252,7 +253,7 @@ public abstract class ShieldIntegTestCase extends ESIntegTestCase {
      * {@link org.elasticsearch.test.ESIntegTestCase.Scope#SUITE} or {@link org.elasticsearch.test.ESIntegTestCase.Scope#TEST}
      */
     protected String transportClientUsername() {
-        return SHIELD_DEFAULT_SETTINGS.transportClientUsername();
+        return SECURITY_DEFAULT_SETTINGS.transportClientUsername();
     }
 
     /**
@@ -261,7 +262,7 @@ public abstract class ShieldIntegTestCase extends ESIntegTestCase {
      * {@link org.elasticsearch.test.ESIntegTestCase.Scope#SUITE} or {@link org.elasticsearch.test.ESIntegTestCase.Scope#TEST}
      */
     protected SecuredString transportClientPassword() {
-        return SHIELD_DEFAULT_SETTINGS.transportClientPassword();
+        return SECURITY_DEFAULT_SETTINGS.transportClientPassword();
     }
 
     /**
@@ -274,53 +275,53 @@ public abstract class ShieldIntegTestCase extends ESIntegTestCase {
     }
 
     protected Class<? extends XPackPlugin> xpackPluginClass() {
-        return SHIELD_DEFAULT_SETTINGS.xpackPluginClass();
+        return SECURITY_DEFAULT_SETTINGS.xpackPluginClass();
     }
 
-    private class CustomShieldSettingsSource extends ShieldSettingsSource {
+    private class CustomSecuritySettingsSource extends SecuritySettingsSource {
 
-        private CustomShieldSettingsSource(boolean sslTransportEnabled, Path configDir, Scope scope) {
+        private CustomSecuritySettingsSource(boolean sslTransportEnabled, Path configDir, Scope scope) {
             super(maxNumberOfNodes(), sslTransportEnabled, configDir, scope);
         }
 
         @Override
         protected String configUsers() {
-            return ShieldIntegTestCase.this.configUsers();
+            return SecurityIntegTestCase.this.configUsers();
         }
 
         @Override
         protected String configUsersRoles() {
-            return ShieldIntegTestCase.this.configUsersRoles();
+            return SecurityIntegTestCase.this.configUsersRoles();
         }
 
         @Override
         protected String configRoles() {
-            return ShieldIntegTestCase.this.configRoles();
+            return SecurityIntegTestCase.this.configRoles();
         }
 
         @Override
         protected String nodeClientUsername() {
-            return ShieldIntegTestCase.this.nodeClientUsername();
+            return SecurityIntegTestCase.this.nodeClientUsername();
         }
 
         @Override
         protected SecuredString nodeClientPassword() {
-            return ShieldIntegTestCase.this.nodeClientPassword();
+            return SecurityIntegTestCase.this.nodeClientPassword();
         }
 
         @Override
         protected String transportClientUsername() {
-            return ShieldIntegTestCase.this.transportClientUsername();
+            return SecurityIntegTestCase.this.transportClientUsername();
         }
 
         @Override
         protected SecuredString transportClientPassword() {
-            return ShieldIntegTestCase.this.transportClientPassword();
+            return SecurityIntegTestCase.this.transportClientPassword();
         }
 
         @Override
         protected Class<? extends XPackPlugin> xpackPluginClass() {
-            return ShieldIntegTestCase.this.xpackPluginClass();
+            return SecurityIntegTestCase.this.xpackPluginClass();
         }
     }
 
@@ -334,11 +335,11 @@ public abstract class ShieldIntegTestCase extends ESIntegTestCase {
     protected Function<Client,Client> getClientWrapper() {
         Map<String, String> headers = Collections.singletonMap("Authorization",
                 basicAuthHeaderValue(nodeClientUsername(), nodeClientPassword()));
-        // we need to wrap node clients because we do not specify a shield user for nodes and all requests will use the system
+        // we need to wrap node clients because we do not specify a user for nodes and all requests will use the system
         // user. This is ok for internal n2n stuff but the test framework does other things like wiping indices, repositories, etc
         // that the system user cannot do. so we wrap the node client with a user that can do these things since the client() calls
         // are randomized to return both node clients and transport clients
-        // transport clients do not need to be wrapped since we specify the shield.user setting that sets the default user to be
+        // transport clients do not need to be wrapped since we specify the xpack.security.user setting that sets the default user to be
         // used for the transport client. If we did not set a default user then the transport client would not even be allowed
         // to connect
         return client -> (client instanceof NodeClient) ? client.filterWithHeader(headers) : client;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/ShieldSettingsSource.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/test/SecuritySettingsSource.java
similarity index 74%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/ShieldSettingsSource.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/test/SecuritySettingsSource.java
index f438116cd7c..ab581e8af55 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/ShieldSettingsSource.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/test/SecuritySettingsSource.java
@@ -13,18 +13,18 @@ import org.elasticsearch.common.util.concurrent.ThreadContext;
 import org.elasticsearch.marvel.Monitoring;
 import org.elasticsearch.plugins.Plugin;
 import org.elasticsearch.test.ESIntegTestCase.Scope;
-import org.elasticsearch.shield.authc.file.FileRealm;
-import org.elasticsearch.shield.authc.esnative.NativeRealm;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.audit.AuditTrailModule;
-import org.elasticsearch.shield.audit.logfile.LoggingAuditTrail;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authz.store.FileRolesStore;
-import org.elasticsearch.shield.crypto.InternalCryptoService;
-import org.elasticsearch.shield.test.ShieldTestUtils;
-import org.elasticsearch.shield.transport.netty.ShieldNettyHttpServerTransport;
-import org.elasticsearch.shield.transport.netty.ShieldNettyTransport;
+import org.elasticsearch.xpack.security.authc.file.FileRealm;
+import org.elasticsearch.xpack.security.authc.esnative.NativeRealm;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.audit.AuditTrailModule;
+import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authz.store.FileRolesStore;
+import org.elasticsearch.xpack.security.crypto.InternalCryptoService;
+import org.elasticsearch.xpack.security.test.SecurityTestUtils;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
 import org.elasticsearch.test.discovery.ClusterDiscoveryConfiguration;
 import org.elasticsearch.xpack.watcher.Watcher;
 import org.elasticsearch.xpack.XPackPlugin;
@@ -40,16 +40,16 @@ import java.util.List;
 
 import static com.carrotsearch.randomizedtesting.RandomizedTest.randomBoolean;
 import static org.elasticsearch.test.ESTestCase.randomFrom;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
-import static org.elasticsearch.shield.test.ShieldTestUtils.writeFile;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.test.SecurityTestUtils.writeFile;
 
 /**
- * {@link org.elasticsearch.test.NodeConfigurationSource} subclass that allows to set all needed settings for shield.
+ * {@link org.elasticsearch.test.NodeConfigurationSource} subclass that allows to set all needed settings for x-pack security.
  * Unicast discovery is configured through {@link org.elasticsearch.test.discovery.ClusterDiscoveryConfiguration.UnicastZen},
- * also shield is installed with all the needed configuration and files.
+ * also x-pack is installed with all the needed configuration and files.
  * To avoid conflicts, every cluster should have its own instance of this class as some configuration files need to be created.
  */
-public class ShieldSettingsSource extends ClusterDiscoveryConfiguration.UnicastZen {
+public class SecuritySettingsSource extends ClusterDiscoveryConfiguration.UnicastZen {
 
     public static final Settings DEFAULT_SETTINGS = Settings.builder()
             .put("node.mode", "network")
@@ -89,27 +89,27 @@ public class ShieldSettingsSource extends ClusterDiscoveryConfiguration.UnicastZ
     private final boolean hostnameVerificationResolveNameEnabled;
 
     /**
-     * Creates a new {@link org.elasticsearch.test.NodeConfigurationSource} for the shield configuration.
+     * Creates a new {@link org.elasticsearch.test.NodeConfigurationSource} for the security configuration.
      *
      * @param numOfNodes the number of nodes for proper unicast configuration (can be more than actually available)
      * @param sslTransportEnabled whether ssl should be enabled on the transport layer or not
      * @param parentFolder the parent folder that will contain all of the configuration files that need to be created
-     * @param scope the scope of the test that is requiring an instance of ShieldSettingsSource
+     * @param scope the scope of the test that is requiring an instance of SecuritySettingsSource
      */
-    public ShieldSettingsSource(int numOfNodes, boolean sslTransportEnabled, Path parentFolder, Scope scope) {
+    public SecuritySettingsSource(int numOfNodes, boolean sslTransportEnabled, Path parentFolder, Scope scope) {
         this(numOfNodes, sslTransportEnabled, generateKey(), parentFolder, scope);
     }
 
     /**
-     * Creates a new {@link org.elasticsearch.test.NodeConfigurationSource} for the shield configuration.
+     * Creates a new {@link org.elasticsearch.test.NodeConfigurationSource} for the security configuration.
      *
      * @param numOfNodes the number of nodes for proper unicast configuration (can be more than actually available)
      * @param sslTransportEnabled whether ssl should be enabled on the transport layer or not
      * @param systemKey the system key that all of the nodes will use to sign messages
      * @param parentFolder the parent folder that will contain all of the configuration files that need to be created
-     * @param scope the scope of the test that is requiring an instance of ShieldSettingsSource
+     * @param scope the scope of the test that is requiring an instance of SecuritySettingsSource
      */
-    public ShieldSettingsSource(int numOfNodes, boolean sslTransportEnabled, byte[] systemKey, Path parentFolder, Scope scope) {
+    public SecuritySettingsSource(int numOfNodes, boolean sslTransportEnabled, byte[] systemKey, Path parentFolder, Scope scope) {
         super(numOfNodes, DEFAULT_SETTINGS);
         this.systemKey = systemKey;
         this.parentFolder = parentFolder;
@@ -121,10 +121,10 @@ public class ShieldSettingsSource extends ClusterDiscoveryConfiguration.UnicastZ
 
     @Override
     public Settings nodeSettings(int nodeOrdinal) {
-        Path folder = ShieldTestUtils.createFolder(parentFolder, subfolderPrefix + "-" + nodeOrdinal);
+        Path folder = SecurityTestUtils.createFolder(parentFolder, subfolderPrefix + "-" + nodeOrdinal);
         Settings.Builder builder = Settings.builder().put(super.nodeSettings(nodeOrdinal))
 
-                //TODO: for now isolate shield tests from watcher & monitoring (randomize this later)
+                //TODO: for now isolate security tests from watcher & monitoring (randomize this later)
                 .put(XPackPlugin.featureEnabledSetting(Watcher.NAME), false)
                 .put(XPackPlugin.featureEnabledSetting(Monitoring.NAME), false)
                 .put(AuditTrailModule.ENABLED_SETTING.getKey(), randomBoolean())
@@ -214,29 +214,29 @@ public class ShieldSettingsSource extends ClusterDiscoveryConfiguration.UnicastZ
 
     public Settings getNodeSSLSettings() {
         if (randomBoolean()) {
-            return getSSLSettingsForPEMFiles("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.pem", "testnode",
-                    Collections.singletonList("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.crt"),
-                    Arrays.asList("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-client-profile.crt",
-                            "/org/elasticsearch/shield/transport/ssl/certs/simple/active-directory-ca.crt",
-                            "/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.crt",
-                            "/org/elasticsearch/shield/transport/ssl/certs/simple/openldap.crt",
-                            "/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.crt"),
+            return getSSLSettingsForPEMFiles("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.pem", "testnode",
+                    Collections.singletonList("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"),
+                    Arrays.asList("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-client-profile.crt",
+                            "/org/elasticsearch/xpack/security/transport/ssl/certs/simple/active-directory-ca.crt",
+                            "/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.crt",
+                            "/org/elasticsearch/xpack/security/transport/ssl/certs/simple/openldap.crt",
+                            "/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"),
                     sslTransportEnabled, hostnameVerificationEnabled, hostnameVerificationResolveNameEnabled, false);
         }
-        return getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks", "testnode",
+        return getSSLSettingsForStore("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks", "testnode",
                 sslTransportEnabled, hostnameVerificationEnabled, hostnameVerificationResolveNameEnabled, false);
     }
 
     public Settings getClientSSLSettings() {
         if (randomBoolean()) {
-            return getSSLSettingsForPEMFiles("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.pem", "testclient",
-                    Collections.singletonList("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.crt"),
-                    Arrays.asList("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.crt",
-                            "/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.crt"),
+            return getSSLSettingsForPEMFiles("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.pem", "testclient",
+                    Collections.singletonList("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.crt"),
+                    Arrays.asList("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt",
+                            "/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.crt"),
                     sslTransportEnabled, hostnameVerificationEnabled, hostnameVerificationResolveNameEnabled, true);
         }
 
-        return getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.jks", "testclient",
+        return getSSLSettingsForStore("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.jks", "testclient",
                 sslTransportEnabled, hostnameVerificationEnabled, hostnameVerificationResolveNameEnabled, true);
     }
 
@@ -257,18 +257,19 @@ public class ShieldSettingsSource extends ClusterDiscoveryConfiguration.UnicastZ
         Path store = resolveResourcePath(resourcePathToStore);
 
         final String sslEnabledSetting =
-                randomFrom(ShieldNettyTransport.SSL_SETTING.getKey(), ShieldNettyTransport.DEPRECATED_SSL_SETTING.getKey());
+                randomFrom(SecurityNettyTransport.SSL_SETTING.getKey(), SecurityNettyTransport.DEPRECATED_SSL_SETTING.getKey());
         Settings.Builder builder = Settings.builder().put(sslEnabledSetting, sslTransportEnabled);
 
         if (transportClient == false) {
-            builder.put(ShieldNettyHttpServerTransport.SSL_SETTING.getKey(), false);
+            builder.put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), false);
         }
 
         if (sslTransportEnabled) {
             builder.put("xpack.security.ssl.keystore.path", store)
                     .put("xpack.security.ssl.keystore.password", password)
-                    .put(ShieldNettyTransport.HOSTNAME_VERIFICATION_SETTING.getKey(), hostnameVerificationEnabled)
-                    .put(ShieldNettyTransport.HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING.getKey(), hostnameVerificationResolveNameEnabled);
+                    .put(SecurityNettyTransport.HOSTNAME_VERIFICATION_SETTING.getKey(), hostnameVerificationEnabled)
+                    .put(SecurityNettyTransport.HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING.getKey(),
+                            hostnameVerificationResolveNameEnabled);
         }
 
         if (sslTransportEnabled && randomBoolean()) {
@@ -284,20 +285,21 @@ public class ShieldSettingsSource extends ClusterDiscoveryConfiguration.UnicastZ
                                             boolean transportClient) {
         Settings.Builder builder = Settings.builder();
         final String sslEnabledSetting =
-                randomFrom(ShieldNettyTransport.SSL_SETTING.getKey(), ShieldNettyTransport.DEPRECATED_SSL_SETTING.getKey());
+                randomFrom(SecurityNettyTransport.SSL_SETTING.getKey(), SecurityNettyTransport.DEPRECATED_SSL_SETTING.getKey());
         builder.put(sslEnabledSetting, sslTransportEnabled);
 
         if (transportClient == false) {
-            builder.put(ShieldNettyHttpServerTransport.SSL_SETTING.getKey(), false);
+            builder.put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), false);
         }
 
         if (sslTransportEnabled) {
             builder.put("xpack.security.ssl.key.path", resolveResourcePath(keyPath))
                     .put("xpack.security.ssl.key.password", password)
                     .put("xpack.security.ssl.cert", Strings.arrayToCommaDelimitedString(resolvePathsToString(certificateFiles)))
-                    .put(randomFrom(ShieldNettyTransport.HOSTNAME_VERIFICATION_SETTING.getKey(),
-                            ShieldNettyTransport.DEPRECATED_HOSTNAME_VERIFICATION_SETTING.getKey()), hostnameVerificationEnabled)
-                    .put(ShieldNettyTransport.HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING.getKey(), hostnameVerificationResolveNameEnabled);
+                    .put(randomFrom(SecurityNettyTransport.HOSTNAME_VERIFICATION_SETTING.getKey(),
+                            SecurityNettyTransport.DEPRECATED_HOSTNAME_VERIFICATION_SETTING.getKey()), hostnameVerificationEnabled)
+                    .put(SecurityNettyTransport.HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING.getKey(),
+                            hostnameVerificationResolveNameEnabled);
 
             if (trustedCertificates.isEmpty() == false) {
                 builder.put("xpack.security.ssl.ca", Strings.arrayToCommaDelimitedString(resolvePathsToString(trustedCertificates)));
@@ -316,7 +318,7 @@ public class ShieldSettingsSource extends ClusterDiscoveryConfiguration.UnicastZ
 
     static Path resolveResourcePath(String resourcePathToStore) {
         try {
-            Path path = PathUtils.get(ShieldSettingsSource.class.getResource(resourcePathToStore).toURI());
+            Path path = PathUtils.get(SecuritySettingsSource.class.getResource(resourcePathToStore).toURI());
             if (Files.notExists(path)) {
                 throw new ElasticsearchException("path does not exist: " + path);
             }
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/ShieldTestsUtils.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/test/SecurityTestsUtils.java
similarity index 89%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/ShieldTestsUtils.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/test/SecurityTestsUtils.java
index 685f322380a..d8e85ba8d33 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/ShieldTestsUtils.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/test/SecurityTestsUtils.java
@@ -9,7 +9,7 @@ import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.rest.RestStatus;
 import org.hamcrest.Matcher;
 
-import static org.elasticsearch.shield.test.ShieldAssertions.assertContainsWWWAuthenticateHeader;
+import static org.elasticsearch.xpack.security.test.SecurityAssertions.assertContainsWWWAuthenticateHeader;
 import static org.hamcrest.CoreMatchers.nullValue;
 import static org.hamcrest.Matchers.is;
 import static org.junit.Assert.assertThat;
@@ -17,9 +17,9 @@ import static org.junit.Assert.assertThat;
 /**
  *
  */
-public class ShieldTestsUtils {
+public class SecurityTestsUtils {
 
-    private ShieldTestsUtils() {
+    private SecurityTestsUtils() {
     }
 
     public static void assertAuthenticationException(ElasticsearchSecurityException e) {
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/SettingsFilterTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/test/SettingsFilterTests.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/SettingsFilterTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/test/SettingsFilterTests.java
index 767b656b666..9a1b790556e 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/SettingsFilterTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/test/SettingsFilterTests.java
@@ -11,7 +11,7 @@ import org.elasticsearch.common.settings.Setting;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.settings.SettingsFilter;
 import org.elasticsearch.common.settings.SettingsModule;
-import org.elasticsearch.shield.ssl.SSLConfiguration;
+import org.elasticsearch.xpack.security.ssl.SSLConfiguration;
 import org.elasticsearch.xpack.XPackPlugin;
 import org.hamcrest.Matcher;
 
@@ -49,7 +49,7 @@ public class SettingsFilterTests extends ESTestCase {
         configureUnfilteredSetting("xpack.security.authc.realms.pki1.type", "pki");
         configureUnfilteredSetting("xpack.security.authc.realms.pki1.order", "0");
         configureFilteredSetting("xpack.security.authc.realms.pki1.truststore.path",
-                getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/truststore-testnode-only.jks").toString());
+                getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/truststore-testnode-only.jks").toString());
         configureFilteredSetting("xpack.security.authc.realms.pki1.truststore.password", "truststore-testnode-only");
         configureFilteredSetting("xpack.security.authc.realms.pki1.truststore.algorithm", "SunX509");
 
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/transport/KnownActionsTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/transport/KnownActionsTests.java
similarity index 91%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/transport/KnownActionsTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/transport/KnownActionsTests.java
index 5153754b62b..583cbe9edcb 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/transport/KnownActionsTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/transport/KnownActionsTests.java
@@ -10,9 +10,9 @@ import org.elasticsearch.action.Action;
 import org.elasticsearch.common.io.PathUtils;
 import org.elasticsearch.common.io.Streams;
 import org.elasticsearch.license.plugin.Licensing;
-import org.elasticsearch.shield.action.ShieldActionModule;
+import org.elasticsearch.xpack.security.action.SecurityActionModule;
 import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
-import org.elasticsearch.test.ShieldIntegTestCase;
+import org.elasticsearch.test.SecurityIntegTestCase;
 import org.elasticsearch.xpack.XPackPlugin;
 import org.elasticsearch.xpack.graph.Graph;
 import org.junit.BeforeClass;
@@ -43,7 +43,7 @@ import static org.hamcrest.Matchers.hasItem;
 import static org.hamcrest.Matchers.is;
 
 @ClusterScope(numClientNodes = 0, supportsDedicatedMasters = false, numDataNodes = 1)
-public class KnownActionsTests extends ShieldIntegTestCase {
+public class KnownActionsTests extends SecurityIntegTestCase {
     private static Set<String> knownActions;
     private static Set<String> knownHandlers;
     private static Set<String> codeActions;
@@ -59,27 +59,29 @@ public class KnownActionsTests extends ShieldIntegTestCase {
         TransportService transportService = internalCluster().getDataNodeInstance(TransportService.class);
         for (String handler : transportService.requestHandlers.keySet()) {
             if (!knownActions.contains(handler)) {
-                assertThat("elasticsearch core transport handler [" + handler + "] is unknown to shield", knownHandlers, hasItem(handler));
+                assertThat("elasticsearch core transport handler [" + handler + "] is unknown to security", knownHandlers,
+                        hasItem(handler));
             }
         }
     }
 
     public void testAllCodeActionsAreKnown() throws Exception {
         for (String action : codeActions) {
-            assertThat("classpath action [" + action + "] is unknown to shield", knownActions, hasItem(action));
+            assertThat("classpath action [" + action + "] is unknown to security", knownActions, hasItem(action));
         }
     }
 
     public void testAllKnownActionsAreValid() {
         for (String knownAction : knownActions) {
-            assertThat("shield known action [" + knownAction + "] is not among the classpath actions", codeActions, hasItems(knownAction));
+            assertThat("security known action [" + knownAction + "] is not among the classpath actions", codeActions,
+                    hasItems(knownAction));
         }
     }
 
     public void testAllKnownTransportHandlersAreValid() {
         TransportService transportService = internalCluster().getDataNodeInstance(TransportService.class);
         for (String knownHandler : knownHandlers) {
-            assertThat("shield known handler [" + knownHandler + "] is unknown to core", transportService.requestHandlers.keySet(),
+            assertThat("security known handler [" + knownHandler + "] is unknown to core", transportService.requestHandlers.keySet(),
                     hasItems(knownHandler));
         }
     }
@@ -111,8 +113,8 @@ public class KnownActionsTests extends ShieldIntegTestCase {
         // loading all xpack top level actions
         loadActions(collectSubClasses(Action.class, XPackPlugin.class), actions);
 
-        // loading shield actions
-        loadActions(collectSubClasses(Action.class, ShieldActionModule.class), actions);
+        // loading security actions
+        loadActions(collectSubClasses(Action.class, SecurityActionModule.class), actions);
 
         // also loading all actions from the licensing plugin
         loadActions(collectSubClasses(Action.class, Licensing.class), actions);
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/transport/ShieldServerTransportServiceTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/transport/SecurityServerTransportServiceTests.java
similarity index 65%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/transport/ShieldServerTransportServiceTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/transport/SecurityServerTransportServiceTests.java
index 3936ac16b6b..60366988de0 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/transport/ShieldServerTransportServiceTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/transport/SecurityServerTransportServiceTests.java
@@ -6,9 +6,9 @@
 package org.elasticsearch.transport;
 
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.transport.ShieldServerTransportService;
-import org.elasticsearch.test.ShieldIntegTestCase;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.transport.SecurityServerTransportService;
+import org.elasticsearch.test.SecurityIntegTestCase;
 
 import java.util.Map;
 
@@ -16,7 +16,7 @@ import static org.hamcrest.Matchers.instanceOf;
 import static org.hamcrest.Matchers.startsWith;
 
 // this class sits in org.elasticsearch.transport so that TransportService.requestHandlers is visible
-public class ShieldServerTransportServiceTests extends ShieldIntegTestCase {
+public class SecurityServerTransportServiceTests extends SecurityIntegTestCase {
     @Override
     protected Settings transportClientSettings() {
         return Settings.builder()
@@ -25,15 +25,15 @@ public class ShieldServerTransportServiceTests extends ShieldIntegTestCase {
                 .build();
     }
 
-    public void testShieldServerTransportServiceWrapsAllHandlers() {
+    public void testSecurityServerTransportServiceWrapsAllHandlers() {
         for (TransportService transportService : internalCluster().getInstances(TransportService.class)) {
-            assertThat(transportService, instanceOf(ShieldServerTransportService.class));
+            assertThat(transportService, instanceOf(SecurityServerTransportService.class));
             for (Map.Entry<String, RequestHandlerRegistry> entry : transportService.requestHandlers.entrySet()) {
                 assertThat(
-                        "handler not wrapped by " + ShieldServerTransportService.ProfileSecuredRequestHandler.class +
+                        "handler not wrapped by " + SecurityServerTransportService.ProfileSecuredRequestHandler.class +
                                 "; do all the handler registration methods have overrides?",
                         entry.getValue().toString(),
-                        startsWith(ShieldServerTransportService.ProfileSecuredRequestHandler.class.getName() + "@")
+                        startsWith(SecurityServerTransportService.ProfileSecuredRequestHandler.class.getName() + "@")
                 );
             }
         }
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/transport/netty/NettyMockUtil.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/transport/netty/NettyMockUtil.java
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/transport/netty/NettyMockUtil.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/transport/netty/NettyMockUtil.java
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ShieldF.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityF.java
similarity index 72%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ShieldF.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityF.java
index 7eea0b9718a..b9176179eb7 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ShieldF.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityF.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import org.apache.lucene.util.IOUtils;
 import org.elasticsearch.ElasticsearchException;
@@ -11,11 +11,11 @@ import org.elasticsearch.common.io.PathUtils;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.node.MockNode;
 import org.elasticsearch.node.Node;
-import org.elasticsearch.shield.authc.esnative.NativeRealm;
-import org.elasticsearch.shield.authc.file.FileRealm;
-import org.elasticsearch.shield.authz.store.FileRolesStore;
-import org.elasticsearch.shield.test.ShieldTestUtils;
-import org.elasticsearch.test.ShieldSettingsSource;
+import org.elasticsearch.xpack.security.authc.esnative.NativeRealm;
+import org.elasticsearch.xpack.security.authc.file.FileRealm;
+import org.elasticsearch.xpack.security.authz.store.FileRolesStore;
+import org.elasticsearch.xpack.security.test.SecurityTestUtils;
+import org.elasticsearch.test.SecuritySettingsSource;
 import org.elasticsearch.xpack.XPackPlugin;
 
 import java.io.IOException;
@@ -24,42 +24,42 @@ import java.nio.file.Path;
 import java.util.Arrays;
 import java.util.concurrent.CountDownLatch;
 
-import static org.elasticsearch.shield.test.ShieldTestUtils.writeFile;
+import static org.elasticsearch.xpack.security.test.SecurityTestUtils.writeFile;
 
 /**
- * Main class to easily run Shield from a IDE.
+ * Main class to easily run X-Pack Security from a IDE.
  *
  * During startup an error will be printed that the config directory can't be found, to fix this:
  * set `-Des.path.home=` to a location where there is a config directory on your machine.
  */
-public class ShieldF {
+public class SecurityF {
 
     public static void main(String[] args) throws Throwable {
         Settings.Builder settings = Settings.builder();
         settings.put("http.cors.enabled", "true");
         settings.put("http.cors.allow-origin", "*");
         settings.put("script.inline", "true");
-        settings.put("xpack.shield.enabled", "true");
+        settings.put("xpack.security.enabled", "true");
         // Disable Monitoring to prevent cluster activity
         settings.put("xpack.monitoring.enabled", "false");
-        settings.put("cluster.name", ShieldF.class.getSimpleName());
+        settings.put("cluster.name", SecurityF.class.getSimpleName());
 
         String homeDir = System.getProperty("es.path.home");
         if (homeDir == null || Files.exists(PathUtils.get(homeDir)) == false) {
             throw new IllegalStateException("es.path.home must be set and exist");
         }
-        Path folder = ShieldTestUtils.createFolder(ShieldTestUtils.createFolder(PathUtils.get(homeDir), "config"), "shield");
+        Path folder = SecurityTestUtils.createFolder(SecurityTestUtils.createFolder(PathUtils.get(homeDir), "config"), "x-pack");
 
         settings.put("xpack.security.authc.realms.file.type", FileRealm.TYPE);
         settings.put("xpack.security.authc.realms.file.order", "0");
         settings.put("xpack.security.authc.realms.file.files.users",
-                writeFile(folder, "users", ShieldSettingsSource.CONFIG_STANDARD_USER));
+                writeFile(folder, "users", SecuritySettingsSource.CONFIG_STANDARD_USER));
         settings.put("xpack.security.authc.realms.file.files.users_roles", writeFile(folder, "users_roles",
-                ShieldSettingsSource.CONFIG_STANDARD_USER_ROLES));
+                SecuritySettingsSource.CONFIG_STANDARD_USER_ROLES));
         settings.put("xpack.security.authc.realms.esnative.type", NativeRealm.TYPE);
         settings.put("xpack.security.authc.realms.esnative.order", "1");
         settings.put(FileRolesStore.ROLES_FILE_SETTING.getKey(),
-                writeFile(folder, "roles.yml", ShieldSettingsSource.CONFIG_ROLE_ALLOW_ALL));
+                writeFile(folder, "roles.yml", SecuritySettingsSource.CONFIG_ROLE_ALLOW_ALL));
 
         final CountDownLatch latch = new CountDownLatch(1);
         final Node node = new MockNode(settings.build(), Arrays.asList(XPackPlugin.class));
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/SecurityFeatureSetTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/SecurityFeatureSetTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java
index 0aaee2b15b3..faad01e0072 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/SecurityFeatureSetTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java
@@ -3,12 +3,12 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import org.elasticsearch.common.io.stream.NamedWriteableRegistry;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authc.Realm;
-import org.elasticsearch.shield.authc.Realms;
+import org.elasticsearch.xpack.security.authc.Realm;
+import org.elasticsearch.xpack.security.authc.Realms;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.xpack.XPackFeatureSet;
 import org.elasticsearch.xpack.watcher.support.xcontent.XContentSource;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ShieldLicenseStateTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityLicenseStateTests.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ShieldLicenseStateTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityLicenseStateTests.java
index 526f7780c35..9fd0c4f9aca 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ShieldLicenseStateTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityLicenseStateTests.java
@@ -3,13 +3,13 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import org.elasticsearch.license.core.License;
 import org.elasticsearch.license.core.License.OperationMode;
 import org.elasticsearch.license.plugin.core.LicenseState;
 import org.elasticsearch.license.plugin.core.Licensee;
-import org.elasticsearch.shield.SecurityLicenseState.EnabledRealmType;
+import org.elasticsearch.xpack.security.SecurityLicenseState.EnabledRealmType;
 import org.elasticsearch.test.ESTestCase;
 
 import static org.hamcrest.Matchers.is;
@@ -17,7 +17,7 @@ import static org.hamcrest.Matchers.is;
 /**
  * Unit tests for the {@link SecurityLicenseState}
  */
-public class ShieldLicenseStateTests extends ESTestCase {
+public class SecurityLicenseStateTests extends ESTestCase {
 
     public void testDefaults() {
         SecurityLicenseState licenseState = new SecurityLicenseState();
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ShieldLicenseeTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityLicenseeTests.java
similarity index 83%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ShieldLicenseeTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityLicenseeTests.java
index 1f797a90bbe..c221c7be83a 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ShieldLicenseeTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityLicenseeTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.license.core.License.OperationMode;
@@ -21,41 +21,41 @@ import static org.mockito.Mockito.verifyNoMoreInteractions;
  * <p>
  * If you change the behavior of these tests, then it means that licensing changes for Security!
  */
-public class ShieldLicenseeTests extends AbstractLicenseeTestCase {
-    private final SecurityLicenseState shieldState = mock(SecurityLicenseState.class);
+public class SecurityLicenseeTests extends AbstractLicenseeTestCase {
+    private final SecurityLicenseState securityLicenseState = mock(SecurityLicenseState.class);
     private final LicenseeRegistry registry = mock(LicenseeRegistry.class);
 
     public void testStartsWithoutTribeNode() {
-        SecurityLicensee licensee = new SecurityLicensee(Settings.EMPTY, registry, shieldState);
+        SecurityLicensee licensee = new SecurityLicensee(Settings.EMPTY, registry, securityLicenseState);
 
         // starting the Licensee start trigger it being registered
         licensee.start();
 
         verify(registry).register(licensee);
-        verifyNoMoreInteractions(registry, shieldState);
+        verifyNoMoreInteractions(registry, securityLicenseState);
     }
 
     public void testDoesNotStartWithTribeNode() {
         Settings settings = Settings.builder().put("tribe.fake.cluster.name", "notchecked").build();
-        SecurityLicensee licensee = new SecurityLicensee(settings, registry, shieldState);
+        SecurityLicensee licensee = new SecurityLicensee(settings, registry, securityLicenseState);
 
         // starting the Licensee as a tribe node should not trigger it being registered
         licensee.start();
 
-        verifyNoMoreInteractions(registry, shieldState);
+        verifyNoMoreInteractions(registry, securityLicenseState);
     }
 
-    public void testOnChangeModifiesShieldLicenseState() {
+    public void testOnChangeModifiesSecurityLicenseState() {
         Status status = mock(Status.class);
 
-        SecurityLicensee licensee = new SecurityLicensee(Settings.EMPTY, registry, shieldState);
+        SecurityLicensee licensee = new SecurityLicensee(Settings.EMPTY, registry, securityLicenseState);
 
         licensee.onChange(status);
 
         assertSame(status, licensee.getStatus());
 
-        verify(shieldState).updateStatus(status);
-        verifyNoMoreInteractions(registry, shieldState);
+        verify(securityLicenseState).updateStatus(status);
+        verifyNoMoreInteractions(registry, securityLicenseState);
     }
 
     public void testAcknowledgementMessagesFromBasicToAnyNotGoldOrStandardIsNoOp() {
@@ -97,6 +97,6 @@ public class ShieldLicenseeTests extends AbstractLicenseeTestCase {
     }
 
     private SecurityLicensee buildLicensee() {
-        return new SecurityLicensee(Settings.EMPTY, registry, shieldState);
+        return new SecurityLicensee(Settings.EMPTY, registry, securityLicenseState);
     }
 }
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ShieldPluginEnabledDisabledTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityPluginEnabledDisabledTests.java
similarity index 65%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ShieldPluginEnabledDisabledTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityPluginEnabledDisabledTests.java
index fbb4b49145e..7d93416c63e 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ShieldPluginEnabledDisabledTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityPluginEnabledDisabledTests.java
@@ -3,24 +3,14 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.HttpClients;
 import org.elasticsearch.common.network.NetworkModule;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.http.HttpServerTransport;
 import org.elasticsearch.integration.LicensingTests;
-import org.elasticsearch.license.core.License.OperationMode;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
-import org.elasticsearch.shield.transport.ShieldServerTransportService;
-import org.elasticsearch.shield.transport.netty.ShieldNettyTransport;
-import org.elasticsearch.test.ShieldIntegTestCase;
-import org.elasticsearch.test.ShieldSettingsSource;
-import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
-import org.elasticsearch.test.rest.client.http.HttpResponse;
-import org.elasticsearch.test.rest.json.JsonPath;
+import org.elasticsearch.xpack.security.transport.SecurityServerTransportService;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
+import org.elasticsearch.test.SecurityIntegTestCase;
 import org.elasticsearch.transport.Transport;
 import org.elasticsearch.transport.TransportService;
 import org.elasticsearch.xpack.XPackPlugin;
@@ -28,11 +18,6 @@ import org.hamcrest.Matcher;
 import org.junit.After;
 import org.junit.BeforeClass;
 
-import java.io.IOException;
-
-import static org.elasticsearch.rest.RestStatus.OK;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
-import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.instanceOf;
 import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.not;
@@ -40,7 +25,7 @@ import static org.hamcrest.Matchers.not;
 /**
  *
  */
-public class ShieldPluginEnabledDisabledTests extends ShieldIntegTestCase {
+public class SecurityPluginEnabledDisabledTests extends SecurityIntegTestCase {
     private static boolean enabled;
 
     @BeforeClass
@@ -63,7 +48,7 @@ public class ShieldPluginEnabledDisabledTests extends ShieldIntegTestCase {
 
     @Override
     protected Settings nodeSettings(int nodeOrdinal) {
-        logger.info("******* shield is {}", enabled ? "enabled" : "disabled");
+        logger.info("******* security is {}", enabled ? "enabled" : "disabled");
         return Settings.builder()
                 .put(super.nodeSettings(nodeOrdinal))
                 .put(XPackPlugin.featureEnabledSetting(Security.NAME), enabled)
@@ -81,14 +66,14 @@ public class ShieldPluginEnabledDisabledTests extends ShieldIntegTestCase {
 
     public void testTransportEnabledDisabled() throws Exception {
         for (TransportService service : internalCluster().getInstances(TransportService.class)) {
-            Matcher<TransportService> matcher = instanceOf(ShieldServerTransportService.class);
+            Matcher<TransportService> matcher = instanceOf(SecurityServerTransportService.class);
             if (!enabled) {
                 matcher = not(matcher);
             }
             assertThat(service, matcher);
         }
         for (Transport transport : internalCluster().getInstances(Transport.class)) {
-            Matcher<Transport> matcher = instanceOf(ShieldNettyTransport.class);
+            Matcher<Transport> matcher = instanceOf(SecurityNettyTransport.class);
             if (!enabled) {
                 matcher = not(matcher);
             }
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ShieldPluginTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityPluginTests.java
similarity index 76%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ShieldPluginTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityPluginTests.java
index 2f543a4b280..6778430cf8f 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ShieldPluginTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityPluginTests.java
@@ -3,16 +3,16 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClients;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.http.HttpServerTransport;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
-import org.elasticsearch.test.ShieldIntegTestCase;
-import org.elasticsearch.test.ShieldSettingsSource;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
+import org.elasticsearch.test.SecurityIntegTestCase;
+import org.elasticsearch.test.SecuritySettingsSource;
 import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
 import org.elasticsearch.test.rest.client.http.HttpResponse;
 
@@ -20,12 +20,11 @@ import java.io.IOException;
 
 import static org.elasticsearch.rest.RestStatus.OK;
 import static org.elasticsearch.rest.RestStatus.UNAUTHORIZED;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 import static org.hamcrest.Matchers.allOf;
-import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.is;
 
-public class ShieldPluginTests extends ShieldIntegTestCase {
+public class SecurityPluginTests extends SecurityIntegTestCase {
 
     @Override
     public Settings nodeSettings(int nodeOrdinal) {
@@ -50,8 +49,8 @@ public class ShieldPluginTests extends ShieldIntegTestCase {
                     .method("GET")
                     .path("/_xpack")
                     .addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
-                        basicAuthHeaderValue(ShieldSettingsSource.DEFAULT_USER_NAME,
-                            new SecuredString(ShieldSettingsSource.DEFAULT_PASSWORD.toCharArray())))
+                        basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
+                            new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())))
                     .execute();
             assertThat(response.getStatusCode(), is(OK.getStatus()));
         }
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/SecuritySettingsTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecuritySettingsTests.java
similarity index 79%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/SecuritySettingsTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecuritySettingsTests.java
index 9f04443c89b..64eda1a9f47 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/SecuritySettingsTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecuritySettingsTests.java
@@ -3,12 +3,12 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.audit.AuditTrailModule;
-import org.elasticsearch.shield.audit.index.IndexAuditTrail;
+import org.elasticsearch.xpack.security.audit.AuditTrailModule;
+import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.xpack.XPackPlugin;
 
@@ -22,10 +22,10 @@ import static org.hamcrest.Matchers.not;
 
 public class SecuritySettingsTests extends ESTestCase {
 
-    private static final String TRIBE_T1_SHIELD_ENABLED = "tribe.t1." + Security.enabledSetting();
-    private static final String TRIBE_T2_SHIELD_ENABLED = "tribe.t2." + Security.enabledSetting();
+    private static final String TRIBE_T1_SECURITY_ENABLED = "tribe.t1." + Security.enabledSetting();
+    private static final String TRIBE_T2_SECURITY_ENABLED = "tribe.t2." + Security.enabledSetting();
 
-    public void testShieldIsMandatoryOnTribes() {
+    public void testSecurityIsMandatoryOnTribes() {
         Settings settings = Settings.builder().put("tribe.t1.cluster.name", "non_existing")
                 .put("tribe.t2.cluster.name", "non_existing").build();
 
@@ -47,14 +47,14 @@ public class SecuritySettingsTests extends ESTestCase {
         //simulate what PluginsService#updatedSettings does to make sure we don't override existing mandatory plugins
         try {
             Settings.builder().put(settings).put(security.additionalSettings()).build();
-            fail("shield cannot change the value of a setting that is already defined, so a exception should be thrown");
+            fail("security cannot change the value of a setting that is already defined, so a exception should be thrown");
         } catch (IllegalStateException e) {
             assertThat(e.getMessage(), containsString(XPackPlugin.NAME));
             assertThat(e.getMessage(), containsString("plugin.mandatory"));
         }
     }
 
-    public void testMandatoryPluginsOnTribesShieldAlreadyMandatory() {
+    public void testMandatoryPluginsOnTribesSecurityAlreadyMandatory() {
         Settings settings = Settings.builder().put("tribe.t1.cluster.name", "non_existing")
                 .putArray("tribe.t1.plugin.mandatory", "test_plugin", XPackPlugin.NAME).build();
 
@@ -70,7 +70,7 @@ public class SecuritySettingsTests extends ESTestCase {
         assertThat(finalMandatoryPlugins[1], equalTo(XPackPlugin.NAME));
     }
 
-    public void testShieldIsEnabledByDefaultOnTribes() {
+    public void testSecurityIsEnabledByDefaultOnTribes() {
         Settings settings = Settings.builder().put("tribe.t1.cluster.name", "non_existing")
                 .put("tribe.t2.cluster.name", "non_existing").build();
 
@@ -78,28 +78,28 @@ public class SecuritySettingsTests extends ESTestCase {
 
         Settings additionalSettings = security.additionalSettings();
 
-        assertThat(additionalSettings.getAsBoolean(TRIBE_T1_SHIELD_ENABLED, null), equalTo(true));
-        assertThat(additionalSettings.getAsBoolean(TRIBE_T2_SHIELD_ENABLED, null), equalTo(true));
+        assertThat(additionalSettings.getAsBoolean(TRIBE_T1_SECURITY_ENABLED, null), equalTo(true));
+        assertThat(additionalSettings.getAsBoolean(TRIBE_T2_SECURITY_ENABLED, null), equalTo(true));
     }
 
-    public void testShieldDisabledOnATribe() {
+    public void testSecurityDisabledOnATribe() {
         Settings settings = Settings.builder().put("tribe.t1.cluster.name", "non_existing")
-                .put(TRIBE_T1_SHIELD_ENABLED, false)
+                .put(TRIBE_T1_SECURITY_ENABLED, false)
                 .put("tribe.t2.cluster.name", "non_existing").build();
 
         Security security = new Security(settings);
 
         try {
             security.additionalSettings();
-            fail("shield cannot change the value of a setting that is already defined, so a exception should be thrown");
+            fail("security cannot change the value of a setting that is already defined, so a exception should be thrown");
         } catch (IllegalStateException e) {
-            assertThat(e.getMessage(), containsString(TRIBE_T1_SHIELD_ENABLED));
+            assertThat(e.getMessage(), containsString(TRIBE_T1_SECURITY_ENABLED));
         }
     }
 
-    public void testShieldDisabledOnTribesShieldAlreadyMandatory() {
+    public void testSecurityDisabledOnTribesSecurityAlreadyMandatory() {
         Settings settings = Settings.builder().put("tribe.t1.cluster.name", "non_existing")
-                .put(TRIBE_T1_SHIELD_ENABLED, false)
+                .put(TRIBE_T1_SECURITY_ENABLED, false)
                 .put("tribe.t2.cluster.name", "non_existing")
                 .putArray("tribe.t1.plugin.mandatory", "test_plugin", XPackPlugin.NAME).build();
 
@@ -107,13 +107,13 @@ public class SecuritySettingsTests extends ESTestCase {
 
         try {
             security.additionalSettings();
-            fail("shield cannot change the value of a setting that is already defined, so a exception should be thrown");
+            fail("security cannot change the value of a setting that is already defined, so a exception should be thrown");
         } catch (IllegalStateException e) {
-            assertThat(e.getMessage(), containsString(TRIBE_T1_SHIELD_ENABLED));
+            assertThat(e.getMessage(), containsString(TRIBE_T1_SECURITY_ENABLED));
         }
     }
 
-    public void testShieldSettingsCopiedForTribeNodes() {
+    public void testSecuritySettingsCopiedForTribeNodes() {
         Settings settings = Settings.builder()
                 .put("tribe.t1.cluster.name", "non_existing")
                 .put("tribe.t2.cluster.name", "non_existing")
@@ -144,7 +144,7 @@ public class SecuritySettingsTests extends ESTestCase {
             Security.validateAutoCreateIndex(Settings.builder().put("action.auto_create_index", false).build());
             fail("IllegalArgumentException expected");
         } catch (IllegalArgumentException e) {
-            assertThat(e.getMessage(), containsString(ShieldTemplateService.SECURITY_INDEX_NAME));
+            assertThat(e.getMessage(), containsString(SecurityTemplateService.SECURITY_INDEX_NAME));
             assertThat(e.getMessage(), not(containsString(IndexAuditTrail.INDEX_NAME_PREFIX)));
         }
 
@@ -156,15 +156,15 @@ public class SecuritySettingsTests extends ESTestCase {
             Security.validateAutoCreateIndex(Settings.builder().put("action.auto_create_index", "foo").build());
             fail("IllegalArgumentException expected");
         } catch (IllegalArgumentException e) {
-            assertThat(e.getMessage(), containsString(ShieldTemplateService.SECURITY_INDEX_NAME));
+            assertThat(e.getMessage(), containsString(SecurityTemplateService.SECURITY_INDEX_NAME));
             assertThat(e.getMessage(), not(containsString(IndexAuditTrail.INDEX_NAME_PREFIX)));
         }
 
         try {
-            Security.validateAutoCreateIndex(Settings.builder().put("action.auto_create_index", ".shield_audit_log*").build());
+            Security.validateAutoCreateIndex(Settings.builder().put("action.auto_create_index", ".security_audit_log*").build());
             fail("IllegalArgumentException expected");
         } catch (IllegalArgumentException e) {
-            assertThat(e.getMessage(), containsString(ShieldTemplateService.SECURITY_INDEX_NAME));
+            assertThat(e.getMessage(), containsString(SecurityTemplateService.SECURITY_INDEX_NAME));
         }
 
         Security.validateAutoCreateIndex(Settings.builder()
@@ -180,12 +180,12 @@ public class SecuritySettingsTests extends ESTestCase {
                     .build());
             fail("IllegalArgumentException expected");
         } catch (IllegalArgumentException e) {
-            assertThat(e.getMessage(), containsString(ShieldTemplateService.SECURITY_INDEX_NAME));
+            assertThat(e.getMessage(), containsString(SecurityTemplateService.SECURITY_INDEX_NAME));
             assertThat(e.getMessage(), containsString(IndexAuditTrail.INDEX_NAME_PREFIX));
         }
 
         Security.validateAutoCreateIndex(Settings.builder()
-                .put("action.auto_create_index", ".shield_audit_log*,.security")
+                .put("action.auto_create_index", ".security_audit_log*,.security")
                 .put(AuditTrailModule.ENABLED_SETTING.getKey(), true)
                 .put(AuditTrailModule.OUTPUTS_SETTING.getKey(), randomFrom("index", "logfile,index"))
                 .build());
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/VersionCompatibilityTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/VersionCompatibilityTests.java
similarity index 81%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/VersionCompatibilityTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/VersionCompatibilityTests.java
index b9bffa980c5..c7a68aca203 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/VersionCompatibilityTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/VersionCompatibilityTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import org.elasticsearch.Version;
 import org.elasticsearch.test.ESTestCase;
@@ -20,10 +20,6 @@ import static org.hamcrest.CoreMatchers.is;
  * issue that applies the
  * required fixes upstream.
  * <p>
- * NOTE: changes suggested by asserts descriptions may break backwards compatibility. The same shield jar is supposed to work against
- * multiple es core versions,
- * thus if we make a change in shield that requires e.g. es core 1.4.1 it means that the next shield release won't support es core 1.4.0
- * anymore.
  * In many cases we will just have to bump the version of the assert then, unless we want to break backwards compatibility, but the idea
  * is that this class
  * helps keeping track of this and eventually making changes when needed.
@@ -31,7 +27,7 @@ import static org.hamcrest.CoreMatchers.is;
 public class VersionCompatibilityTests extends ESTestCase {
     public void testCompatibility() {
         /**
-         * see https://github.com/elasticsearch/elasticsearch/issues/9372 {@link ShieldLicensee}
+         * see https://github.com/elasticsearch/elasticsearch/issues/9372 {@link SecurityLicensee}
          * Once es core supports merging cluster level custom metadata (licenses in our case), the tribe node will see some license
          * coming from the tribe and everything will be ok.
          *
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/ShieldActionMapperTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/SecurityActionMapperTests.java
similarity index 71%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/ShieldActionMapperTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/SecurityActionMapperTests.java
index 5b2a898a6cb..92f18870ba1 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/ShieldActionMapperTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/SecurityActionMapperTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action;
+package org.elasticsearch.xpack.security.action;
 
 import org.elasticsearch.action.admin.indices.analyze.AnalyzeAction;
 import org.elasticsearch.action.admin.indices.analyze.AnalyzeRequest;
@@ -18,14 +18,14 @@ import java.util.List;
 
 import static org.hamcrest.CoreMatchers.equalTo;
 
-public class ShieldActionMapperTests extends ESTestCase {
+public class SecurityActionMapperTests extends ESTestCase {
 
     public void testThatAllOrdinaryActionsRemainTheSame() {
         List<String> actions = new ArrayList<>();
         actions.addAll(KnownActionsTests.loadKnownActions());
         actions.addAll(KnownActionsTests.loadKnownHandlers());
 
-        ShieldActionMapper shieldActionMapper = new ShieldActionMapper();
+        SecurityActionMapper securityActionMapper = new SecurityActionMapper();
         int iterations = randomIntBetween(10, 100);
         for (int i = 0; i < iterations; i++) {
             String randomAction;
@@ -39,22 +39,22 @@ public class ShieldActionMapperTests extends ESTestCase {
                     randomAction.equals(AnalyzeAction.NAME) ||
                     randomAction.equals(AnalyzeAction.NAME + "[s]"));
 
-            assertThat(shieldActionMapper.action(randomAction, null), equalTo(randomAction));
+            assertThat(securityActionMapper.action(randomAction, null), equalTo(randomAction));
         }
     }
 
     public void testClearScroll() {
-        ShieldActionMapper shieldActionMapper = new ShieldActionMapper();
+        SecurityActionMapper securityActionMapper = new SecurityActionMapper();
         ClearScrollRequest clearScrollRequest = new ClearScrollRequest();
         int scrollIds = randomIntBetween(1, 10);
         for (int i = 0; i < scrollIds; i++) {
             clearScrollRequest.addScrollId(randomAsciiOfLength(randomIntBetween(1, 30)));
         }
-        assertThat(shieldActionMapper.action(ClearScrollAction.NAME, clearScrollRequest), equalTo(ClearScrollAction.NAME));
+        assertThat(securityActionMapper.action(ClearScrollAction.NAME, clearScrollRequest), equalTo(ClearScrollAction.NAME));
     }
 
     public void testClearScrollAll() {
-        ShieldActionMapper shieldActionMapper = new ShieldActionMapper();
+        SecurityActionMapper securityActionMapper = new SecurityActionMapper();
         ClearScrollRequest clearScrollRequest = new ClearScrollRequest();
         int scrollIds = randomIntBetween(0, 10);
         for (int i = 0; i < scrollIds; i++) {
@@ -64,12 +64,12 @@ public class ShieldActionMapperTests extends ESTestCase {
         //make sure that wherever the _all is among the scroll ids the action name gets translated
         Collections.shuffle(clearScrollRequest.getScrollIds(), random());
 
-        assertThat(shieldActionMapper.action(ClearScrollAction.NAME, clearScrollRequest),
-                equalTo(ShieldActionMapper.CLUSTER_PERMISSION_SCROLL_CLEAR_ALL_NAME));
+        assertThat(securityActionMapper.action(ClearScrollAction.NAME, clearScrollRequest),
+                equalTo(SecurityActionMapper.CLUSTER_PERMISSION_SCROLL_CLEAR_ALL_NAME));
     }
 
     public void testIndicesAnalyze() {
-        ShieldActionMapper shieldActionMapper = new ShieldActionMapper();
+        SecurityActionMapper securityActionMapper = new SecurityActionMapper();
         AnalyzeRequest analyzeRequest;
         if (randomBoolean()) {
             analyzeRequest = new AnalyzeRequest(randomAsciiOfLength(randomIntBetween(1, 30))).text("text");
@@ -77,12 +77,13 @@ public class ShieldActionMapperTests extends ESTestCase {
             analyzeRequest = new AnalyzeRequest(null).text("text");
             analyzeRequest.index(randomAsciiOfLength(randomIntBetween(1, 30)));
         }
-        assertThat(shieldActionMapper.action(AnalyzeAction.NAME, analyzeRequest), equalTo(AnalyzeAction.NAME));
+        assertThat(securityActionMapper.action(AnalyzeAction.NAME, analyzeRequest), equalTo(AnalyzeAction.NAME));
     }
 
     public void testClusterAnalyze() {
-        ShieldActionMapper shieldActionMapper = new ShieldActionMapper();
+        SecurityActionMapper securityActionMapper = new SecurityActionMapper();
         AnalyzeRequest analyzeRequest = new AnalyzeRequest(null).text("text");
-        assertThat(shieldActionMapper.action(AnalyzeAction.NAME, analyzeRequest), equalTo(ShieldActionMapper.CLUSTER_PERMISSION_ANALYZE));
+        assertThat(securityActionMapper.action(AnalyzeAction.NAME, analyzeRequest),
+                equalTo(SecurityActionMapper.CLUSTER_PERMISSION_ANALYZE));
     }
 }
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/filter/ShieldActionFilterTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilterTests.java
similarity index 84%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/filter/ShieldActionFilterTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilterTests.java
index 7bebea884c3..730b473a424 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/filter/ShieldActionFilterTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilterTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.filter;
+package org.elasticsearch.xpack.security.action.filter;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.action.ActionListener;
@@ -12,17 +12,17 @@ import org.elasticsearch.action.search.SearchScrollRequest;
 import org.elasticsearch.action.support.ActionFilterChain;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.SecurityContext;
-import org.elasticsearch.shield.action.ShieldActionMapper;
-import org.elasticsearch.shield.authc.Authentication;
-import org.elasticsearch.shield.authc.Authentication.RealmRef;
-import org.elasticsearch.shield.user.SystemUser;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.audit.AuditTrail;
-import org.elasticsearch.shield.authc.AuthenticationService;
-import org.elasticsearch.shield.authz.AuthorizationService;
-import org.elasticsearch.shield.crypto.CryptoService;
-import org.elasticsearch.shield.SecurityLicenseState;
+import org.elasticsearch.xpack.security.SecurityContext;
+import org.elasticsearch.xpack.security.action.SecurityActionMapper;
+import org.elasticsearch.xpack.security.authc.Authentication;
+import org.elasticsearch.xpack.security.authc.Authentication.RealmRef;
+import org.elasticsearch.xpack.security.user.SystemUser;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.audit.AuditTrail;
+import org.elasticsearch.xpack.security.authc.AuthenticationService;
+import org.elasticsearch.xpack.security.authz.AuthorizationService;
+import org.elasticsearch.xpack.security.crypto.CryptoService;
+import org.elasticsearch.xpack.security.SecurityLicenseState;
 import org.elasticsearch.tasks.Task;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.threadpool.ThreadPool;
@@ -45,13 +45,13 @@ import static org.mockito.Mockito.when;
 /**
  *
  */
-public class ShieldActionFilterTests extends ESTestCase {
+public class SecurityActionFilterTests extends ESTestCase {
     private AuthenticationService authcService;
     private AuthorizationService authzService;
     private CryptoService cryptoService;
     private AuditTrail auditTrail;
     private SecurityLicenseState securityLicenseState;
-    private ShieldActionFilter filter;
+    private SecurityActionFilter filter;
 
     @Before
     public void init() throws Exception {
@@ -64,8 +64,8 @@ public class ShieldActionFilterTests extends ESTestCase {
         when(securityLicenseState.statsAndHealthEnabled()).thenReturn(true);
         ThreadPool threadPool = mock(ThreadPool.class);
         when(threadPool.getThreadContext()).thenReturn(new ThreadContext(Settings.EMPTY));
-        filter = new ShieldActionFilter(Settings.EMPTY, authcService, authzService, cryptoService, auditTrail, securityLicenseState,
-                new ShieldActionMapper(), new HashSet<>(), threadPool, mock(SecurityContext.class));
+        filter = new SecurityActionFilter(Settings.EMPTY, authcService, authzService, cryptoService, auditTrail, securityLicenseState,
+                new SecurityActionMapper(), new HashSet<>(), threadPool, mock(SecurityContext.class));
     }
 
     public void testApply() throws Exception {
@@ -79,7 +79,7 @@ public class ShieldActionFilterTests extends ESTestCase {
         doReturn(request).when(spy(filter)).unsign(user, "_action", request);
         filter.apply(task, "_action", request, listener, chain);
         verify(authzService).authorize(authentication, "_action", request);
-        verify(chain).proceed(eq(task), eq("_action"), eq(request), isA(ShieldActionFilter.SigningListener.class));
+        verify(chain).proceed(eq(task), eq("_action"), eq(request), isA(SecurityActionFilter.SigningListener.class));
     }
 
     public void testActionProcessException() throws Exception {
@@ -110,7 +110,7 @@ public class ShieldActionFilterTests extends ESTestCase {
         filter.apply(task, "_action", request, listener, chain);
         assertThat(request.scrollId(), equalTo("scroll_id"));
         verify(authzService).authorize(authentication, "_action", request);
-        verify(chain).proceed(eq(task), eq("_action"), eq(request), isA(ShieldActionFilter.SigningListener.class));
+        verify(chain).proceed(eq(task), eq("_action"), eq(request), isA(SecurityActionFilter.SigningListener.class));
     }
 
     public void testActionSignatureError() throws Exception {
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/role/TransportDeleteRoleActionTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/role/TransportDeleteRoleActionTests.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/role/TransportDeleteRoleActionTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/role/TransportDeleteRoleActionTests.java
index 1bba8339fb7..e0afd716a0a 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/role/TransportDeleteRoleActionTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/role/TransportDeleteRoleActionTests.java
@@ -3,15 +3,15 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.role;
+package org.elasticsearch.xpack.security.action.role;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.action.ActionListener;
 import org.elasticsearch.action.support.ActionFilters;
 import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authz.store.NativeRolesStore;
-import org.elasticsearch.shield.authz.store.ReservedRolesStore;
+import org.elasticsearch.xpack.security.authz.store.NativeRolesStore;
+import org.elasticsearch.xpack.security.authz.store.ReservedRolesStore;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.TransportService;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/role/TransportGetRolesActionTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/role/TransportGetRolesActionTests.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/role/TransportGetRolesActionTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/role/TransportGetRolesActionTests.java
index 70cf6686771..825f2540af5 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/role/TransportGetRolesActionTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/role/TransportGetRolesActionTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.role;
+package org.elasticsearch.xpack.security.action.role;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.action.ActionListener;
@@ -11,12 +11,12 @@ import org.elasticsearch.action.support.ActionFilters;
 import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
 import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.SecurityContext;
-import org.elasticsearch.shield.authz.RoleDescriptor;
-import org.elasticsearch.shield.authz.permission.KibanaRole;
-import org.elasticsearch.shield.authz.store.NativeRolesStore;
-import org.elasticsearch.shield.authz.store.ReservedRolesStore;
-import org.elasticsearch.shield.user.KibanaUser;
+import org.elasticsearch.xpack.security.SecurityContext;
+import org.elasticsearch.xpack.security.authz.RoleDescriptor;
+import org.elasticsearch.xpack.security.authz.permission.KibanaRole;
+import org.elasticsearch.xpack.security.authz.store.NativeRolesStore;
+import org.elasticsearch.xpack.security.authz.store.ReservedRolesStore;
+import org.elasticsearch.xpack.security.user.KibanaUser;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.TransportService;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/role/TransportPutRoleActionTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/role/TransportPutRoleActionTests.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/role/TransportPutRoleActionTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/role/TransportPutRoleActionTests.java
index f4e64544fae..3a7150e4679 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/role/TransportPutRoleActionTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/role/TransportPutRoleActionTests.java
@@ -3,16 +3,16 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.role;
+package org.elasticsearch.xpack.security.action.role;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.action.ActionListener;
 import org.elasticsearch.action.support.ActionFilters;
 import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authz.RoleDescriptor;
-import org.elasticsearch.shield.authz.store.NativeRolesStore;
-import org.elasticsearch.shield.authz.store.ReservedRolesStore;
+import org.elasticsearch.xpack.security.authz.RoleDescriptor;
+import org.elasticsearch.xpack.security.authz.store.NativeRolesStore;
+import org.elasticsearch.xpack.security.authz.store.ReservedRolesStore;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.TransportService;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/PutUserRequestBuilderTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/user/PutUserRequestBuilderTests.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/PutUserRequestBuilderTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/user/PutUserRequestBuilderTests.java
index 2504cd7dea6..e049dac1d4c 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/PutUserRequestBuilderTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/user/PutUserRequestBuilderTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.ElasticsearchParseException;
 import org.elasticsearch.client.Client;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportAuthenticateActionTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/user/TransportAuthenticateActionTests.java
similarity index 93%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportAuthenticateActionTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/user/TransportAuthenticateActionTests.java
index 4cb4cd9bf24..e7b820642a9 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportAuthenticateActionTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/user/TransportAuthenticateActionTests.java
@@ -3,18 +3,18 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.action.ActionListener;
 import org.elasticsearch.action.support.ActionFilters;
 import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.SecurityContext;
-import org.elasticsearch.shield.user.ElasticUser;
-import org.elasticsearch.shield.user.KibanaUser;
-import org.elasticsearch.shield.user.SystemUser;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.SecurityContext;
+import org.elasticsearch.xpack.security.user.ElasticUser;
+import org.elasticsearch.xpack.security.user.KibanaUser;
+import org.elasticsearch.xpack.security.user.SystemUser;
+import org.elasticsearch.xpack.security.user.User;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.TransportService;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportChangePasswordActionTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/user/TransportChangePasswordActionTests.java
similarity index 94%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportChangePasswordActionTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/user/TransportChangePasswordActionTests.java
index 06e113bf695..450e53caf65 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportChangePasswordActionTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/user/TransportChangePasswordActionTests.java
@@ -3,21 +3,21 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.action.ActionListener;
 import org.elasticsearch.action.support.ActionFilters;
 import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authc.esnative.NativeUsersStore;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.user.AnonymousUser;
-import org.elasticsearch.shield.user.ElasticUser;
-import org.elasticsearch.shield.user.KibanaUser;
-import org.elasticsearch.shield.user.SystemUser;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.user.AnonymousUser;
+import org.elasticsearch.xpack.security.user.ElasticUser;
+import org.elasticsearch.xpack.security.user.KibanaUser;
+import org.elasticsearch.xpack.security.user.SystemUser;
+import org.elasticsearch.xpack.security.user.User;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.TransportService;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportDeleteUserActionTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/user/TransportDeleteUserActionTests.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportDeleteUserActionTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/user/TransportDeleteUserActionTests.java
index 872f0ca8b0c..9735a698e8b 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportDeleteUserActionTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/user/TransportDeleteUserActionTests.java
@@ -3,18 +3,18 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.action.ActionListener;
 import org.elasticsearch.action.support.ActionFilters;
 import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authc.esnative.NativeUsersStore;
-import org.elasticsearch.shield.authc.esnative.ReservedRealm;
-import org.elasticsearch.shield.user.AnonymousUser;
-import org.elasticsearch.shield.user.SystemUser;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore;
+import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm;
+import org.elasticsearch.xpack.security.user.AnonymousUser;
+import org.elasticsearch.xpack.security.user.SystemUser;
+import org.elasticsearch.xpack.security.user.User;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.TransportService;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportGetUsersActionTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/user/TransportGetUsersActionTests.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportGetUsersActionTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/user/TransportGetUsersActionTests.java
index e7ee032804f..4d8e0e32c37 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportGetUsersActionTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/user/TransportGetUsersActionTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.action.ActionListener;
@@ -12,11 +12,11 @@ import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
 import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.ValidationException;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authc.esnative.NativeUsersStore;
-import org.elasticsearch.shield.authc.esnative.ReservedRealm;
-import org.elasticsearch.shield.user.AnonymousUser;
-import org.elasticsearch.shield.user.SystemUser;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore;
+import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm;
+import org.elasticsearch.xpack.security.user.AnonymousUser;
+import org.elasticsearch.xpack.security.user.SystemUser;
+import org.elasticsearch.xpack.security.user.User;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.TransportService;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportPutUserActionTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/user/TransportPutUserActionTests.java
similarity index 95%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportPutUserActionTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/user/TransportPutUserActionTests.java
index d428eb29741..a99e0f9da00 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportPutUserActionTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/user/TransportPutUserActionTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action.user;
+package org.elasticsearch.xpack.security.action.user;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.action.ActionListener;
@@ -11,13 +11,13 @@ import org.elasticsearch.action.support.ActionFilters;
 import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
 import org.elasticsearch.common.ValidationException;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authc.esnative.NativeUsersStore;
-import org.elasticsearch.shield.authc.esnative.ReservedRealm;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.user.AnonymousUser;
-import org.elasticsearch.shield.user.SystemUser;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore;
+import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.user.AnonymousUser;
+import org.elasticsearch.xpack.security.user.SystemUser;
+import org.elasticsearch.xpack.security.user.User;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.TransportService;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/AuditTrailModuleTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/AuditTrailModuleTests.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/AuditTrailModuleTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/AuditTrailModuleTests.java
index 99e2eeb8480..9072197572d 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/AuditTrailModuleTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/AuditTrailModuleTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.audit;
+package org.elasticsearch.xpack.security.audit;
 
 import org.elasticsearch.Version;
 import org.elasticsearch.common.inject.Guice;
@@ -15,7 +15,7 @@ import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.settings.SettingsModule;
 import org.elasticsearch.indices.breaker.CircuitBreakerService;
 import org.elasticsearch.node.Node;
-import org.elasticsearch.shield.audit.logfile.LoggingAuditTrail;
+import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.threadpool.TestThreadPool;
 import org.elasticsearch.threadpool.ThreadPool;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/AuditTrailServiceTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/AuditTrailServiceTests.java
similarity index 92%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/AuditTrailServiceTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/AuditTrailServiceTests.java
index 54fc7821f0e..cfcd031d0a4 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/AuditTrailServiceTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/AuditTrailServiceTests.java
@@ -3,15 +3,15 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.audit;
+package org.elasticsearch.xpack.security.audit;
 
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.rest.RestRequest;
-import org.elasticsearch.shield.SecurityLicenseState;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.authc.AuthenticationToken;
-import org.elasticsearch.shield.transport.filter.IPFilter;
-import org.elasticsearch.shield.transport.filter.ShieldIpFilterRule;
+import org.elasticsearch.xpack.security.SecurityLicenseState;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.authc.AuthenticationToken;
+import org.elasticsearch.xpack.security.transport.filter.IPFilter;
+import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.transport.TransportMessage;
 import org.junit.Before;
@@ -167,7 +167,7 @@ public class AuditTrailServiceTests extends ESTestCase {
 
     public void testConnectionGranted() throws Exception {
         InetAddress inetAddress = InetAddress.getLoopbackAddress();
-        ShieldIpFilterRule rule = randomBoolean() ? ShieldIpFilterRule.ACCEPT_ALL : IPFilter.DEFAULT_PROFILE_ACCEPT_ALL;
+        SecurityIpFilterRule rule = randomBoolean() ? SecurityIpFilterRule.ACCEPT_ALL : IPFilter.DEFAULT_PROFILE_ACCEPT_ALL;
         service.connectionGranted(inetAddress, "client", rule);
         verify(securityLicenseState).auditingEnabled();
         if (auditingEnabled) {
@@ -181,7 +181,7 @@ public class AuditTrailServiceTests extends ESTestCase {
 
     public void testConnectionDenied() throws Exception {
         InetAddress inetAddress = InetAddress.getLoopbackAddress();
-        ShieldIpFilterRule rule = new ShieldIpFilterRule(false, "_all");
+        SecurityIpFilterRule rule = new SecurityIpFilterRule(false, "_all");
         service.connectionDenied(inetAddress, "client", rule);
         verify(securityLicenseState).auditingEnabled();
         if (auditingEnabled) {
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditLevelTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditLevelTests.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditLevelTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditLevelTests.java
index 85ffc3c01a3..96b38f2ae10 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditLevelTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditLevelTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.audit.index;
+package org.elasticsearch.xpack.security.audit.index;
 
 import org.elasticsearch.test.ESTestCase;
 
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailMutedTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailMutedTests.java
similarity index 94%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailMutedTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailMutedTests.java
index 5e76ebd3921..c658447ee43 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailMutedTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailMutedTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.audit.index;
+package org.elasticsearch.xpack.security.audit.index;
 
 import org.elasticsearch.action.Action;
 import org.elasticsearch.action.ActionListener;
@@ -18,12 +18,12 @@ import org.elasticsearch.common.transport.BoundTransportAddress;
 import org.elasticsearch.common.transport.DummyTransportAddress;
 import org.elasticsearch.common.transport.TransportAddress;
 import org.elasticsearch.rest.RestRequest;
-import org.elasticsearch.shield.InternalClient;
-import org.elasticsearch.shield.audit.index.IndexAuditTrail.State;
-import org.elasticsearch.shield.authc.AuthenticationToken;
-import org.elasticsearch.shield.transport.filter.ShieldIpFilterRule;
-import org.elasticsearch.shield.user.SystemUser;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.InternalClient;
+import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail.State;
+import org.elasticsearch.xpack.security.authc.AuthenticationToken;
+import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
+import org.elasticsearch.xpack.security.user.SystemUser;
+import org.elasticsearch.xpack.security.user.User;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.threadpool.TestThreadPool;
 import org.elasticsearch.threadpool.ThreadPool;
@@ -204,7 +204,7 @@ public class IndexAuditTrailMutedTests extends ESTestCase {
     public void testConnectionGrantedMuted() {
         createAuditTrail(new String[] { "connection_granted" });
         InetAddress address = mock(InetAddress.class);
-        ShieldIpFilterRule rule = mock(ShieldIpFilterRule.class);
+        SecurityIpFilterRule rule = mock(SecurityIpFilterRule.class);
 
         auditTrail.connectionGranted(address, randomAsciiOfLengthBetween(1, 12), rule);
         assertThat(messageEnqueued.get(), is(false));
@@ -216,7 +216,7 @@ public class IndexAuditTrailMutedTests extends ESTestCase {
     public void testConnectionDeniedMuted() {
         createAuditTrail(new String[] { "connection_denied" });
         InetAddress address = mock(InetAddress.class);
-        ShieldIpFilterRule rule = mock(ShieldIpFilterRule.class);
+        SecurityIpFilterRule rule = mock(SecurityIpFilterRule.class);
 
         auditTrail.connectionDenied(address, randomAsciiOfLengthBetween(1, 12), rule);
         assertThat(messageEnqueued.get(), is(false));
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailTests.java
similarity index 93%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailTests.java
index 066ee7b773e..67828e8b0c9 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.audit.index;
+package org.elasticsearch.xpack.security.audit.index;
 
 import org.apache.lucene.util.SetOnce;
 import org.elasticsearch.action.IndicesRequest;
@@ -27,22 +27,19 @@ import org.elasticsearch.common.transport.LocalTransportAddress;
 import org.elasticsearch.common.transport.TransportAddress;
 import org.elasticsearch.rest.RestRequest;
 import org.elasticsearch.search.SearchHit;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.audit.index.IndexAuditTrail.Message;
-import org.elasticsearch.shield.transport.netty.ShieldNettyTransport;
-import org.elasticsearch.shield.user.SystemUser;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.authc.AuthenticationToken;
-import org.elasticsearch.shield.crypto.InternalCryptoService;
-import org.elasticsearch.shield.transport.filter.IPFilter;
-import org.elasticsearch.shield.transport.filter.ShieldIpFilterRule;
-import org.elasticsearch.shield.transport.netty.ShieldNettyTransport;
-import org.elasticsearch.shield.user.SystemUser;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail.Message;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
+import org.elasticsearch.xpack.security.user.SystemUser;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.authc.AuthenticationToken;
+import org.elasticsearch.xpack.security.crypto.InternalCryptoService;
+import org.elasticsearch.xpack.security.transport.filter.IPFilter;
+import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
 import org.elasticsearch.test.ESIntegTestCase;
 import org.elasticsearch.test.InternalTestCluster;
-import org.elasticsearch.test.ShieldIntegTestCase;
-import org.elasticsearch.test.ShieldSettingsSource;
+import org.elasticsearch.test.SecurityIntegTestCase;
+import org.elasticsearch.test.SecuritySettingsSource;
 import org.elasticsearch.threadpool.TestThreadPool;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.Transport;
@@ -67,10 +64,10 @@ import java.util.Map;
 import java.util.Set;
 import java.util.function.Function;
 
-import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.DAILY;
-import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.HOURLY;
-import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.MONTHLY;
-import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.WEEKLY;
+import static org.elasticsearch.xpack.security.audit.index.IndexNameResolver.Rollover.DAILY;
+import static org.elasticsearch.xpack.security.audit.index.IndexNameResolver.Rollover.HOURLY;
+import static org.elasticsearch.xpack.security.audit.index.IndexNameResolver.Rollover.MONTHLY;
+import static org.elasticsearch.xpack.security.audit.index.IndexNameResolver.Rollover.WEEKLY;
 import static org.elasticsearch.test.ESIntegTestCase.Scope.SUITE;
 import static org.elasticsearch.test.InternalTestCluster.clusterName;
 import static org.hamcrest.Matchers.contains;
@@ -85,7 +82,7 @@ import static org.mockito.Mockito.when;
  *
  */
 @ESIntegTestCase.ClusterScope(scope = SUITE, supportsDedicatedMasters = false, numDataNodes = 1)
-public class IndexAuditTrailTests extends ShieldIntegTestCase {
+public class IndexAuditTrailTests extends SecurityIntegTestCase {
     public static final String SECOND_CLUSTER_NODE_PREFIX = "remote_" + SUITE_CLUSTER_NODE_PREFIX;
 
     private static boolean remoteIndexing;
@@ -132,24 +129,24 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
         // create another cluster
         String cluster2Name = clusterName(Scope.SUITE.name(), randomLong());
 
-        // Setup a second test cluster with randomization for number of nodes, shield enabled, and SSL
+        // Setup a second test cluster with randomization for number of nodes, security enabled, and SSL
         final int numNodes = randomIntBetween(1, 2);
-        final boolean useShield = randomBoolean();
-        final boolean useSSL = useShield && randomBoolean();
-        logger.info("--> remote indexing enabled. shield enabled: [{}], SSL enabled: [{}], nodes: [{}]", useShield, useSSL, numNodes);
-        ShieldSettingsSource cluster2SettingsSource =
-                new ShieldSettingsSource(numNodes, useSSL, systemKey(), createTempDir(), Scope.SUITE) {
+        final boolean useSecurity = randomBoolean();
+        final boolean useSSL = useSecurity && randomBoolean();
+        logger.info("--> remote indexing enabled. security enabled: [{}], SSL enabled: [{}], nodes: [{}]", useSecurity, useSSL, numNodes);
+        SecuritySettingsSource cluster2SettingsSource =
+                new SecuritySettingsSource(numNodes, useSSL, systemKey(), createTempDir(), Scope.SUITE) {
             @Override
             public Settings nodeSettings(int nodeOrdinal) {
                 Settings.Builder builder = Settings.builder()
                         .put(super.nodeSettings(nodeOrdinal))
-                        .put(Security.enabledSetting(), useShield);
+                        .put(Security.enabledSetting(), useSecurity);
                 return builder.build();
             }
         };
         remoteCluster = new InternalTestCluster("network", randomLong(), createTempDir(), false, numNodes, numNodes, cluster2Name,
                 cluster2SettingsSource, 0, false, SECOND_CLUSTER_NODE_PREFIX, getMockPlugins(),
-                useShield ? getClientWrapper() : Function.identity());
+                useSecurity ? getClientWrapper() : Function.identity());
         remoteCluster.beforeTest(random(), 0.5);
 
         NodesInfoResponse response = remoteCluster.client().admin().cluster().prepareNodesInfo().execute().actionGet();
@@ -157,17 +154,17 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
         InetSocketTransportAddress inet = (InetSocketTransportAddress) info.address().publishAddress();
 
         Settings.Builder builder = Settings.builder()
-                .put(Security.enabledSetting(), useShield)
+                .put(Security.enabledSetting(), useSecurity)
                 .put(remoteSettings(NetworkAddress.format(inet.address().getAddress()), inet.address().getPort(), cluster2Name))
-                .put("xpack.security.audit.index.client.xpack.security.user", ShieldSettingsSource.DEFAULT_USER_NAME + ":" +
-                        ShieldSettingsSource.DEFAULT_PASSWORD);
+                .put("xpack.security.audit.index.client.xpack.security.user", SecuritySettingsSource.DEFAULT_USER_NAME + ":" +
+                        SecuritySettingsSource.DEFAULT_PASSWORD);
 
         if (useSSL) {
             for (Map.Entry<String, String> entry : cluster2SettingsSource.getClientSSLSettings().getAsMap().entrySet()) {
                 builder.put("xpack.security.audit.index.client." + entry.getKey(), entry.getValue());
             }
         } else {
-            builder.put("xpack.security.audit.index.client." + ShieldNettyTransport.SSL_SETTING.getKey(), false);
+            builder.put("xpack.security.audit.index.client." + SecurityNettyTransport.SSL_SETTING.getKey(), false);
         }
         remoteSettings = builder.build();
     }
@@ -561,7 +558,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
     public void testConnectionGranted() throws Exception {
         initialize();
         InetAddress inetAddress = InetAddress.getLoopbackAddress();
-        ShieldIpFilterRule rule = IPFilter.DEFAULT_PROFILE_ACCEPT_ALL;
+        SecurityIpFilterRule rule = IPFilter.DEFAULT_PROFILE_ACCEPT_ALL;
         auditor.connectionGranted(inetAddress, "default", rule);
 
         SearchHit hit = getIndexedAuditMessage(enqueuedMessage.get());
@@ -575,7 +572,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
     public void testConnectionDenied() throws Exception {
         initialize();
         InetAddress inetAddress = InetAddress.getLoopbackAddress();
-        ShieldIpFilterRule rule = new ShieldIpFilterRule(false, "_all");
+        SecurityIpFilterRule rule = new SecurityIpFilterRule(false, "_all");
         auditor.connectionDenied(inetAddress, "default", rule);
 
         SearchHit hit = getIndexedAuditMessage(enqueuedMessage.get());
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailUpdateMappingTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailUpdateMappingTests.java
similarity index 86%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailUpdateMappingTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailUpdateMappingTests.java
index 11b567456f0..b79738ed81e 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailUpdateMappingTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailUpdateMappingTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.audit.index;
+package org.elasticsearch.xpack.security.audit.index;
 
 import org.elasticsearch.action.admin.indices.mapping.get.GetMappingsResponse;
 import org.elasticsearch.cluster.service.ClusterService;
@@ -12,7 +12,7 @@ import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.transport.BoundTransportAddress;
 import org.elasticsearch.common.transport.DummyTransportAddress;
 import org.elasticsearch.common.transport.TransportAddress;
-import org.elasticsearch.test.ShieldIntegTestCase;
+import org.elasticsearch.test.SecurityIntegTestCase;
 import org.elasticsearch.test.rest.FakeRestRequest;
 import org.elasticsearch.threadpool.TestThreadPool;
 import org.elasticsearch.threadpool.ThreadPool;
@@ -22,10 +22,10 @@ import org.junit.Before;
 
 import java.util.Locale;
 
-import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.DAILY;
-import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.HOURLY;
-import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.MONTHLY;
-import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.WEEKLY;
+import static org.elasticsearch.xpack.security.audit.index.IndexNameResolver.Rollover.DAILY;
+import static org.elasticsearch.xpack.security.audit.index.IndexNameResolver.Rollover.HOURLY;
+import static org.elasticsearch.xpack.security.audit.index.IndexNameResolver.Rollover.MONTHLY;
+import static org.elasticsearch.xpack.security.audit.index.IndexNameResolver.Rollover.WEEKLY;
 import static org.hamcrest.Matchers.notNullValue;
 import static org.hamcrest.Matchers.nullValue;
 import static org.mockito.Mockito.mock;
@@ -34,7 +34,7 @@ import static org.mockito.Mockito.when;
 /**
  * This test checks to make sure that the index audit trail actually updates the mappings on startups
  */
-public class IndexAuditTrailUpdateMappingTests extends ShieldIntegTestCase {
+public class IndexAuditTrailUpdateMappingTests extends SecurityIntegTestCase {
     private ThreadPool threadPool;
     private IndexAuditTrail auditor;
 
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/RemoteIndexAuditTrailStartingTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/RemoteIndexAuditTrailStartingTests.java
similarity index 93%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/RemoteIndexAuditTrailStartingTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/RemoteIndexAuditTrailStartingTests.java
index 776b8e0ebd0..477e828d149 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/RemoteIndexAuditTrailStartingTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/RemoteIndexAuditTrailStartingTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.audit.index;
+package org.elasticsearch.xpack.security.audit.index;
 
 import org.elasticsearch.action.admin.cluster.node.info.NodeInfo;
 import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse;
@@ -12,8 +12,8 @@ import org.elasticsearch.common.transport.InetSocketTransportAddress;
 import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
 import org.elasticsearch.test.ESIntegTestCase.Scope;
 import org.elasticsearch.test.InternalTestCluster;
-import org.elasticsearch.test.ShieldIntegTestCase;
-import org.elasticsearch.test.ShieldSettingsSource;
+import org.elasticsearch.test.SecurityIntegTestCase;
+import org.elasticsearch.test.SecuritySettingsSource;
 import org.junit.After;
 import org.junit.Before;
 
@@ -35,7 +35,7 @@ import static org.hamcrest.Matchers.is;
  * The cluster started by the integrations tests may also index into itself...
  */
 @ClusterScope(scope = Scope.TEST)
-public class RemoteIndexAuditTrailStartingTests extends ShieldIntegTestCase {
+public class RemoteIndexAuditTrailStartingTests extends SecurityIntegTestCase {
 
     public static final String SECOND_CLUSTER_NODE_PREFIX = "remote_" + TEST_CLUSTER_NODE_PREFIX;
 
@@ -85,9 +85,10 @@ public class RemoteIndexAuditTrailStartingTests extends ShieldIntegTestCase {
         // create another cluster
         String cluster2Name = clusterName(Scope.TEST.name(), randomLong());
 
-        // Setup a second test cluster with randomization for number of nodes, shield enabled, and SSL
+        // Setup a second test cluster with randomization for number of nodes, security enabled, and SSL
         final int numNodes = randomIntBetween(2, 3);
-        ShieldSettingsSource cluster2SettingsSource = new ShieldSettingsSource(numNodes, useSSL, systemKey(), createTempDir(), Scope.TEST) {
+        SecuritySettingsSource cluster2SettingsSource =
+                new SecuritySettingsSource(numNodes, useSSL, systemKey(), createTempDir(), Scope.TEST) {
             @Override
             public Settings nodeSettings(int nodeOrdinal) {
                 Settings.Builder builder = Settings.builder()
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/logfile/CapturingLogger.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/CapturingLogger.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/logfile/CapturingLogger.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/CapturingLogger.java
index d5846d52428..f95f2ab80e5 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/logfile/CapturingLogger.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/CapturingLogger.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.audit.logfile;
+package org.elasticsearch.xpack.security.audit.logfile;
 
 import org.elasticsearch.common.logging.ESLogger;
 
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrailTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrailTests.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrailTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrailTests.java
index a84b8e0bf88..ee82d66f2bc 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrailTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrailTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.audit.logfile;
+package org.elasticsearch.xpack.security.audit.logfile;
 
 import org.elasticsearch.action.IndicesRequest;
 import org.elasticsearch.action.support.IndicesOptions;
@@ -19,13 +19,13 @@ import org.elasticsearch.common.transport.LocalTransportAddress;
 import org.elasticsearch.common.transport.TransportAddress;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
 import org.elasticsearch.rest.RestRequest;
-import org.elasticsearch.shield.user.SystemUser;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.audit.logfile.CapturingLogger.Level;
-import org.elasticsearch.shield.authc.AuthenticationToken;
-import org.elasticsearch.shield.rest.RemoteHostHeader;
-import org.elasticsearch.shield.transport.filter.IPFilter;
-import org.elasticsearch.shield.transport.filter.ShieldIpFilterRule;
+import org.elasticsearch.xpack.security.user.SystemUser;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.audit.logfile.CapturingLogger.Level;
+import org.elasticsearch.xpack.security.authc.AuthenticationToken;
+import org.elasticsearch.xpack.security.rest.RemoteHostHeader;
+import org.elasticsearch.xpack.security.transport.filter.IPFilter;
+import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.transport.Transport;
 import org.elasticsearch.transport.TransportMessage;
@@ -621,7 +621,7 @@ public class LoggingAuditTrailTests extends ESTestCase {
             CapturingLogger logger = new CapturingLogger(level);
             LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext).start();
             InetAddress inetAddress = InetAddress.getLoopbackAddress();
-            ShieldIpFilterRule rule = new ShieldIpFilterRule(false, "_all");
+            SecurityIpFilterRule rule = new SecurityIpFilterRule(false, "_all");
             auditTrail.connectionDenied(inetAddress, "default", rule);
             switch (level) {
                 case ERROR:
@@ -643,7 +643,7 @@ public class LoggingAuditTrailTests extends ESTestCase {
             CapturingLogger logger = new CapturingLogger(level);
             LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext).start();
             InetAddress inetAddress = InetAddress.getLoopbackAddress();
-            ShieldIpFilterRule rule = IPFilter.DEFAULT_PROFILE_ACCEPT_ALL;
+            SecurityIpFilterRule rule = IPFilter.DEFAULT_PROFILE_ACCEPT_ALL;
             auditTrail.connectionGranted(inetAddress, "default", rule);
             switch (level) {
                 case ERROR:
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/AuthenticationModuleTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/AuthenticationModuleTests.java
similarity index 87%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/AuthenticationModuleTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/AuthenticationModuleTests.java
index cff68baa61c..aedd3a25917 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/AuthenticationModuleTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/AuthenticationModuleTests.java
@@ -3,13 +3,13 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc;
+package org.elasticsearch.xpack.security.authc;
 
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authc.activedirectory.ActiveDirectoryRealm;
-import org.elasticsearch.shield.authc.file.FileRealm;
-import org.elasticsearch.shield.authc.ldap.LdapRealm;
-import org.elasticsearch.shield.authc.pki.PkiRealm;
+import org.elasticsearch.xpack.security.authc.activedirectory.ActiveDirectoryRealm;
+import org.elasticsearch.xpack.security.authc.file.FileRealm;
+import org.elasticsearch.xpack.security.authc.ldap.LdapRealm;
+import org.elasticsearch.xpack.security.authc.pki.PkiRealm;
 import org.elasticsearch.test.ESTestCase;
 
 import static org.hamcrest.Matchers.containsString;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/InternalAuthenticationServiceTests.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/InternalAuthenticationServiceTests.java
index 1869972c94e..0925f5dc05f 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/InternalAuthenticationServiceTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc;
+package org.elasticsearch.xpack.security.authc;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.ElasticsearchSecurityException;
@@ -14,18 +14,18 @@ import org.elasticsearch.common.util.concurrent.ThreadContext;
 import org.elasticsearch.env.Environment;
 import org.elasticsearch.rest.RestController;
 import org.elasticsearch.rest.RestRequest;
-import org.elasticsearch.shield.authc.Authentication.RealmRef;
-import org.elasticsearch.shield.authc.InternalAuthenticationService.Authenticator;
-import org.elasticsearch.shield.SecurityLicenseState.EnabledRealmType;
-import org.elasticsearch.shield.user.AnonymousUser;
-import org.elasticsearch.shield.user.SystemUser;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.audit.AuditTrail;
-import org.elasticsearch.shield.authc.esnative.ReservedRealm;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
-import org.elasticsearch.shield.crypto.CryptoService;
-import org.elasticsearch.shield.SecurityLicenseState;
+import org.elasticsearch.xpack.security.authc.Authentication.RealmRef;
+import org.elasticsearch.xpack.security.authc.InternalAuthenticationService.Authenticator;
+import org.elasticsearch.xpack.security.SecurityLicenseState.EnabledRealmType;
+import org.elasticsearch.xpack.security.user.AnonymousUser;
+import org.elasticsearch.xpack.security.user.SystemUser;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.audit.AuditTrail;
+import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
+import org.elasticsearch.xpack.security.crypto.CryptoService;
+import org.elasticsearch.xpack.security.SecurityLicenseState;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.test.rest.FakeRestRequest;
 import org.elasticsearch.threadpool.ThreadPool;
@@ -37,8 +37,8 @@ import java.io.IOException;
 import java.util.Arrays;
 import java.util.Collections;
 
-import static org.elasticsearch.shield.support.Exceptions.authenticationError;
-import static org.elasticsearch.test.ShieldTestsUtils.assertAuthenticationException;
+import static org.elasticsearch.xpack.security.support.Exceptions.authenticationError;
+import static org.elasticsearch.test.SecurityTestsUtils.assertAuthenticationException;
 import static org.hamcrest.Matchers.arrayContaining;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.equalTo;
@@ -90,10 +90,10 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
                 .put("path.home", createTempDir())
                 .put("node.name", "authc_test")
                 .build();
-        SecurityLicenseState shieldLicenseState = mock(SecurityLicenseState.class);
-        when(shieldLicenseState.enabledRealmType()).thenReturn(EnabledRealmType.ALL);
-        when(shieldLicenseState.authenticationAndAuthorizationEnabled()).thenReturn(true);
-        realms = new Realms(Settings.EMPTY, new Environment(settings), Collections.<String, Realm.Factory>emptyMap(), shieldLicenseState,
+        SecurityLicenseState securityLicenseState = mock(SecurityLicenseState.class);
+        when(securityLicenseState.enabledRealmType()).thenReturn(EnabledRealmType.ALL);
+        when(securityLicenseState.authenticationAndAuthorizationEnabled()).thenReturn(true);
+        realms = new Realms(Settings.EMPTY, new Environment(settings), Collections.<String, Realm.Factory>emptyMap(), securityLicenseState,
                 mock(ReservedRealm.class)) {
 
             @Override
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/RealmsTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/RealmsTests.java
similarity index 87%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/RealmsTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/RealmsTests.java
index 426c9a13c23..d8400e0d06f 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/RealmsTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/RealmsTests.java
@@ -3,18 +3,18 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc;
+package org.elasticsearch.xpack.security.authc;
 
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.shield.SecurityLicenseState.EnabledRealmType;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.authc.esnative.ReservedRealm;
-import org.elasticsearch.shield.authc.esnative.NativeRealm;
-import org.elasticsearch.shield.authc.file.FileRealm;
-import org.elasticsearch.shield.authc.ldap.LdapRealm;
-import org.elasticsearch.shield.SecurityLicenseState;
+import org.elasticsearch.xpack.security.SecurityLicenseState.EnabledRealmType;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm;
+import org.elasticsearch.xpack.security.authc.esnative.NativeRealm;
+import org.elasticsearch.xpack.security.authc.file.FileRealm;
+import org.elasticsearch.xpack.security.authc.ldap.LdapRealm;
+import org.elasticsearch.xpack.security.SecurityLicenseState;
 import org.elasticsearch.test.ESTestCase;
 import org.junit.Before;
 
@@ -38,7 +38,7 @@ import static org.mockito.Mockito.when;
  */
 public class RealmsTests extends ESTestCase {
     private Map<String, Realm.Factory> factories;
-    private SecurityLicenseState shieldLicenseState;
+    private SecurityLicenseState securityLicenseState;
     private ReservedRealm reservedRealm;
 
     @Before
@@ -50,10 +50,10 @@ public class RealmsTests extends ESTestCase {
             DummyRealm.Factory factory = new DummyRealm.Factory("type_" + i, rarely());
             factories.put("type_" + i, factory);
         }
-        shieldLicenseState = mock(SecurityLicenseState.class);
+        securityLicenseState = mock(SecurityLicenseState.class);
         reservedRealm = mock(ReservedRealm.class);
-        when(shieldLicenseState.authenticationAndAuthorizationEnabled()).thenReturn(true);
-        when(shieldLicenseState.enabledRealmType()).thenReturn(EnabledRealmType.ALL);
+        when(securityLicenseState.authenticationAndAuthorizationEnabled()).thenReturn(true);
+        when(securityLicenseState.enabledRealmType()).thenReturn(EnabledRealmType.ALL);
     }
 
     public void testWithSettings() throws Exception {
@@ -72,7 +72,7 @@ public class RealmsTests extends ESTestCase {
         }
         Settings settings = builder.build();
         Environment env = new Environment(settings);
-        Realms realms = new Realms(settings, env, factories, shieldLicenseState, reservedRealm);
+        Realms realms = new Realms(settings, env, factories, securityLicenseState, reservedRealm);
         realms.start();
 
         Iterator<Realm> iterator = realms.iterator();
@@ -101,7 +101,7 @@ public class RealmsTests extends ESTestCase {
                 .build();
         Environment env = new Environment(settings);
         try {
-            new Realms(settings, env, factories, shieldLicenseState, reservedRealm).start();
+            new Realms(settings, env, factories, securityLicenseState, reservedRealm).start();
             fail("Expected IllegalArgumentException");
         } catch (IllegalArgumentException e) {
             assertThat(e.getMessage(), containsString("multiple [file] realms are configured"));
@@ -110,7 +110,7 @@ public class RealmsTests extends ESTestCase {
 
     public void testWithEmptySettings() throws Exception {
         Realms realms = new Realms(Settings.EMPTY, new Environment(Settings.builder().put("path.home", createTempDir()).build()),
-                factories, shieldLicenseState, reservedRealm);
+                factories, securityLicenseState, reservedRealm);
         realms.start();
         Iterator<Realm> iter = realms.iterator();
         assertThat(iter.hasNext(), is(true));
@@ -143,7 +143,7 @@ public class RealmsTests extends ESTestCase {
         }
         Settings settings = builder.build();
         Environment env = new Environment(settings);
-        Realms realms = new Realms(settings, env, factories, shieldLicenseState, reservedRealm);
+        Realms realms = new Realms(settings, env, factories, securityLicenseState, reservedRealm);
         realms.start();
 
         // this is the iterator when licensed
@@ -161,7 +161,7 @@ public class RealmsTests extends ESTestCase {
             i++;
         }
 
-        when(shieldLicenseState.enabledRealmType()).thenReturn(EnabledRealmType.DEFAULT);
+        when(securityLicenseState.enabledRealmType()).thenReturn(EnabledRealmType.DEFAULT);
 
         iter = realms.iterator();
         assertThat(iter.hasNext(), is(true));
@@ -177,7 +177,7 @@ public class RealmsTests extends ESTestCase {
         assertThat(realm.name(), equalTo("default_" + NativeRealm.TYPE));
         assertThat(iter.hasNext(), is(false));
 
-        when(shieldLicenseState.enabledRealmType()).thenReturn(EnabledRealmType.NATIVE);
+        when(securityLicenseState.enabledRealmType()).thenReturn(EnabledRealmType.NATIVE);
 
         iter = realms.iterator();
         assertThat(iter.hasNext(), is(true));
@@ -205,7 +205,7 @@ public class RealmsTests extends ESTestCase {
                 .put("xpack.security.authc.realms.custom.order", "1");
         Settings settings = builder.build();
         Environment env = new Environment(settings);
-        Realms realms = new Realms(settings, env, factories, shieldLicenseState, reservedRealm);
+        Realms realms = new Realms(settings, env, factories, securityLicenseState, reservedRealm);
         realms.start();
         Iterator<Realm> iter = realms.iterator();
         assertThat(iter.hasNext(), is(true));
@@ -222,7 +222,7 @@ public class RealmsTests extends ESTestCase {
         }
         assertThat(types, contains("ldap", "type_0"));
 
-        when(shieldLicenseState.enabledRealmType()).thenReturn(EnabledRealmType.DEFAULT);
+        when(securityLicenseState.enabledRealmType()).thenReturn(EnabledRealmType.DEFAULT);
         iter = realms.iterator();
         assertThat(iter.hasNext(), is(true));
         realm = iter.next();
@@ -235,7 +235,7 @@ public class RealmsTests extends ESTestCase {
         }
         assertThat(i, is(1));
 
-        when(shieldLicenseState.enabledRealmType()).thenReturn(EnabledRealmType.NATIVE);
+        when(securityLicenseState.enabledRealmType()).thenReturn(EnabledRealmType.NATIVE);
         iter = realms.iterator();
         assertThat(iter.hasNext(), is(true));
         realm = iter.next();
@@ -262,7 +262,7 @@ public class RealmsTests extends ESTestCase {
                 .put("xpack.security.authc.realms.native.order", "1");
         Settings settings = builder.build();
         Environment env = new Environment(settings);
-        Realms realms = new Realms(settings, env, factories, shieldLicenseState, reservedRealm);
+        Realms realms = new Realms(settings, env, factories, securityLicenseState, reservedRealm);
         realms.start();
         Iterator<Realm> iter = realms.iterator();
         assertThat(iter.hasNext(), is(true));
@@ -276,7 +276,7 @@ public class RealmsTests extends ESTestCase {
         assertThat(realm.type(), is(type));
         assertThat(iter.hasNext(), is(false));
 
-        when(shieldLicenseState.enabledRealmType()).thenReturn(EnabledRealmType.NATIVE);
+        when(securityLicenseState.enabledRealmType()).thenReturn(EnabledRealmType.NATIVE);
         iter = realms.iterator();
         assertThat(iter.hasNext(), is(true));
         realm = iter.next();
@@ -308,7 +308,7 @@ public class RealmsTests extends ESTestCase {
         }
         Settings settings = builder.build();
         Environment env = new Environment(settings);
-        Realms realms = new Realms(settings, env, factories, shieldLicenseState, reservedRealm);
+        Realms realms = new Realms(settings, env, factories, securityLicenseState, reservedRealm);
         realms.start();
         Iterator<Realm> iterator = realms.iterator();
         Realm realm = iterator.next();
@@ -346,11 +346,11 @@ public class RealmsTests extends ESTestCase {
                 .put("xpack.security.authc.realms.realm_1.order", 0)
                 .build();
         Environment env = new Environment(settings);
-        Realms realms = new Realms(settings, env, factories, shieldLicenseState, reservedRealm).start();
+        Realms realms = new Realms(settings, env, factories, securityLicenseState, reservedRealm).start();
 
         assertThat(realms.iterator().hasNext(), is(true));
 
-        when(shieldLicenseState.authenticationAndAuthorizationEnabled()).thenReturn(false);
+        when(securityLicenseState.authenticationAndAuthorizationEnabled()).thenReturn(false);
         assertThat(realms.iterator().hasNext(), is(false));
     }
 
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/RunAsIntegTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/RunAsIntegTests.java
similarity index 80%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/RunAsIntegTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/RunAsIntegTests.java
index 5da10e734b3..0a62c5132e4 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/RunAsIntegTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/RunAsIntegTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc;
+package org.elasticsearch.xpack.security.authc;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.action.admin.cluster.health.ClusterHealthResponse;
@@ -13,13 +13,13 @@ import org.elasticsearch.client.transport.TransportClient;
 import org.elasticsearch.common.network.NetworkModule;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.transport.TransportAddress;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.SecuredStringTests;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
-import org.elasticsearch.shield.transport.netty.ShieldNettyTransport;
-import org.elasticsearch.test.ShieldIntegTestCase;
-import org.elasticsearch.test.ShieldSettingsSource;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredStringTests;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
+import org.elasticsearch.test.SecurityIntegTestCase;
+import org.elasticsearch.test.SecuritySettingsSource;
 import org.elasticsearch.test.rest.client.http.HttpResponse;
 import org.elasticsearch.xpack.XPackPlugin;
 
@@ -34,14 +34,14 @@ import static org.hamcrest.Matchers.is;
 /**
  *
  */
-public class RunAsIntegTests extends ShieldIntegTestCase {
+public class RunAsIntegTests extends SecurityIntegTestCase {
     static final String RUN_AS_USER = "run_as_user";
     static final String TRANSPORT_CLIENT_USER = "transport_user";
     static final String ROLES =
             "transport_client:\n" +
             "  cluster: [ 'cluster:monitor/nodes/liveness' ]\n" +
             "run_as_role:\n" +
-            "  run_as: [ '" + ShieldSettingsSource.DEFAULT_USER_NAME + "', 'idontexist' ]\n";
+            "  run_as: [ '" + SecuritySettingsSource.DEFAULT_USER_NAME + "', 'idontexist' ]\n";
 
     @Override
     public Settings nodeSettings(int nodeOrdinal) {
@@ -64,8 +64,8 @@ public class RunAsIntegTests extends ShieldIntegTestCase {
     @Override
     public String configUsers() {
         return super.configUsers()
-                + RUN_AS_USER + ":" + ShieldSettingsSource.DEFAULT_PASSWORD_HASHED + "\n"
-                + TRANSPORT_CLIENT_USER + ":" + ShieldSettingsSource.DEFAULT_PASSWORD_HASHED + "\n";
+                + RUN_AS_USER + ":" + SecuritySettingsSource.DEFAULT_PASSWORD_HASHED + "\n"
+                + TRANSPORT_CLIENT_USER + ":" + SecuritySettingsSource.DEFAULT_PASSWORD_HASHED + "\n";
     }
 
     @Override
@@ -77,7 +77,7 @@ public class RunAsIntegTests extends ShieldIntegTestCase {
 
     public void testUserImpersonation() throws Exception {
         try (TransportClient client = getTransportClient(Settings.builder()
-                .put(Security.USER_SETTING.getKey(), TRANSPORT_CLIENT_USER + ":" + ShieldSettingsSource.DEFAULT_PASSWORD).build())) {
+                .put(Security.USER_SETTING.getKey(), TRANSPORT_CLIENT_USER + ":" + SecuritySettingsSource.DEFAULT_PASSWORD).build())) {
             //ensure the client can connect
             awaitBusy(() -> {
                 return client.connectedNodes().size() > 0;
@@ -94,7 +94,7 @@ public class RunAsIntegTests extends ShieldIntegTestCase {
             // let's run as without authorization
             try {
                 Map<String, String> headers = Collections.singletonMap(InternalAuthenticationService.RUN_AS_USER_HEADER,
-                        ShieldSettingsSource.DEFAULT_USER_NAME);
+                        SecuritySettingsSource.DEFAULT_USER_NAME);
                 client.filterWithHeader(headers)
                         .admin().cluster().prepareHealth().get();
                 fail("run as should be unauthorized for the transport client user");
@@ -105,8 +105,8 @@ public class RunAsIntegTests extends ShieldIntegTestCase {
 
             Map<String, String> headers = new HashMap<>();
             headers.put("Authorization", UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER,
-                    new SecuredString(ShieldSettingsSource.DEFAULT_PASSWORD.toCharArray())));
-            headers.put(InternalAuthenticationService.RUN_AS_USER_HEADER, ShieldSettingsSource.DEFAULT_USER_NAME);
+                    new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())));
+            headers.put(InternalAuthenticationService.RUN_AS_USER_HEADER, SecuritySettingsSource.DEFAULT_USER_NAME);
             // lets set the user
             ClusterHealthResponse response = client.filterWithHeader(headers).admin().cluster().prepareHealth().get();
             assertThat(response.isTimedOut(), is(false));
@@ -118,8 +118,8 @@ public class RunAsIntegTests extends ShieldIntegTestCase {
         HttpResponse response = httpClient().method("GET")
                 .path("/_nodes")
                 .addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, UsernamePasswordToken.basicAuthHeaderValue(TRANSPORT_CLIENT_USER,
-                        SecuredStringTests.build(ShieldSettingsSource.DEFAULT_PASSWORD)))
-                .addHeader(InternalAuthenticationService.RUN_AS_USER_HEADER, ShieldSettingsSource.DEFAULT_USER_NAME)
+                        SecuredStringTests.build(SecuritySettingsSource.DEFAULT_PASSWORD)))
+                .addHeader(InternalAuthenticationService.RUN_AS_USER_HEADER, SecuritySettingsSource.DEFAULT_USER_NAME)
                 .execute();
         assertThat(response.getStatusCode(), is(403));
 
@@ -127,7 +127,7 @@ public class RunAsIntegTests extends ShieldIntegTestCase {
         response = httpClient().method("GET")
                 .path("/_nodes")
                 .addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER,
-                        SecuredStringTests.build(ShieldSettingsSource.DEFAULT_PASSWORD)))
+                        SecuredStringTests.build(SecuritySettingsSource.DEFAULT_PASSWORD)))
                 .execute();
         assertThat(response.getStatusCode(), is(403));
 
@@ -135,15 +135,15 @@ public class RunAsIntegTests extends ShieldIntegTestCase {
         response = httpClient().method("GET")
                 .path("/_nodes")
                 .addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER,
-                        SecuredStringTests.build(ShieldSettingsSource.DEFAULT_PASSWORD)))
-                .addHeader(InternalAuthenticationService.RUN_AS_USER_HEADER, ShieldSettingsSource.DEFAULT_USER_NAME)
+                        SecuredStringTests.build(SecuritySettingsSource.DEFAULT_PASSWORD)))
+                .addHeader(InternalAuthenticationService.RUN_AS_USER_HEADER, SecuritySettingsSource.DEFAULT_USER_NAME)
                 .execute();
         assertThat(response.getStatusCode(), is(200));
     }
 
     public void testEmptyUserImpersonationHeader() throws Exception {
         try (TransportClient client = getTransportClient(Settings.builder()
-                .put(Security.USER_SETTING.getKey(), TRANSPORT_CLIENT_USER + ":" + ShieldSettingsSource.DEFAULT_PASSWORD).build())) {
+                .put(Security.USER_SETTING.getKey(), TRANSPORT_CLIENT_USER + ":" + SecuritySettingsSource.DEFAULT_PASSWORD).build())) {
             //ensure the client can connect
             awaitBusy(() -> {
                 return client.connectedNodes().size() > 0;
@@ -152,7 +152,7 @@ public class RunAsIntegTests extends ShieldIntegTestCase {
             try {
                 Map<String, String> headers = new HashMap<>();
                 headers.put("Authorization", UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER,
-                        new SecuredString(ShieldSettingsSource.DEFAULT_PASSWORD.toCharArray())));
+                        new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())));
                 headers.put(InternalAuthenticationService.RUN_AS_USER_HEADER, "");
 
                 client.filterWithHeader(headers).admin().cluster().prepareHealth().get();
@@ -167,7 +167,7 @@ public class RunAsIntegTests extends ShieldIntegTestCase {
         HttpResponse response = httpClient().method("GET")
                 .path("/_nodes")
                 .addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER,
-                        SecuredStringTests.build(ShieldSettingsSource.DEFAULT_PASSWORD)))
+                        SecuredStringTests.build(SecuritySettingsSource.DEFAULT_PASSWORD)))
                 .addHeader(InternalAuthenticationService.RUN_AS_USER_HEADER, "")
                 .execute();
         assertThat(response.getStatusCode(), is(401));
@@ -175,7 +175,7 @@ public class RunAsIntegTests extends ShieldIntegTestCase {
 
     public void testNonExistentRunAsUser() throws Exception {
         try (TransportClient client = getTransportClient(Settings.builder()
-                .put(Security.USER_SETTING.getKey(), TRANSPORT_CLIENT_USER + ":" + ShieldSettingsSource.DEFAULT_PASSWORD).build())) {
+                .put(Security.USER_SETTING.getKey(), TRANSPORT_CLIENT_USER + ":" + SecuritySettingsSource.DEFAULT_PASSWORD).build())) {
             //ensure the client can connect
             awaitBusy(() -> {
                 return client.connectedNodes().size() > 0;
@@ -184,7 +184,7 @@ public class RunAsIntegTests extends ShieldIntegTestCase {
             try {
                 Map<String, String> headers = new HashMap<>();
                 headers.put("Authorization", UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER,
-                        new SecuredString(ShieldSettingsSource.DEFAULT_PASSWORD.toCharArray())));
+                        new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())));
                 headers.put(InternalAuthenticationService.RUN_AS_USER_HEADER, "idontexist");
 
                 client.filterWithHeader(headers).admin().cluster().prepareHealth().get();
@@ -199,7 +199,7 @@ public class RunAsIntegTests extends ShieldIntegTestCase {
         HttpResponse response = httpClient().method("GET")
                 .path("/_nodes")
                 .addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER,
-                        SecuredStringTests.build(ShieldSettingsSource.DEFAULT_PASSWORD)))
+                        SecuredStringTests.build(SecuritySettingsSource.DEFAULT_PASSWORD)))
                 .addHeader(InternalAuthenticationService.RUN_AS_USER_HEADER, "idontexist")
                 .execute();
         assertThat(response.getStatusCode(), is(403));
@@ -216,7 +216,7 @@ public class RunAsIntegTests extends ShieldIntegTestCase {
         Settings settings = Settings.builder()
                 .put(extraSettings)
                 .put("cluster.name", clusterName)
-                .put(ShieldNettyTransport.SSL_SETTING.getKey(), false)
+                .put(SecurityNettyTransport.SSL_SETTING.getKey(), false)
                 .build();
 
         return TransportClient.builder()
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/AbstractActiveDirectoryIntegTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/AbstractActiveDirectoryIntegTests.java
similarity index 91%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/AbstractActiveDirectoryIntegTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/AbstractActiveDirectoryIntegTests.java
index 9cbd6b06eae..5d7e57aedf4 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/AbstractActiveDirectoryIntegTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/AbstractActiveDirectoryIntegTests.java
@@ -3,13 +3,13 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.activedirectory;
+package org.elasticsearch.xpack.security.authc.activedirectory;
 
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.shield.authc.ldap.support.LdapSearchScope;
-import org.elasticsearch.shield.ssl.ClientSSLService;
-import org.elasticsearch.shield.ssl.SSLConfiguration.Global;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapSearchScope;
+import org.elasticsearch.xpack.security.ssl.ClientSSLService;
+import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.test.junit.annotations.Network;
 import org.junit.Before;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryGroupsResolverTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryGroupsResolverTests.java
similarity index 95%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryGroupsResolverTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryGroupsResolverTests.java
index a8545833124..b275c31b210 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryGroupsResolverTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryGroupsResolverTests.java
@@ -3,14 +3,14 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.activedirectory;
+package org.elasticsearch.xpack.security.authc.activedirectory;
 
 import com.unboundid.ldap.sdk.Filter;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.unit.TimeValue;
-import org.elasticsearch.shield.authc.ldap.GroupsResolverTestCase;
-import org.elasticsearch.shield.authc.ldap.support.LdapSearchScope;
-import org.elasticsearch.shield.support.NoOpLogger;
+import org.elasticsearch.xpack.security.authc.ldap.GroupsResolverTestCase;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapSearchScope;
+import org.elasticsearch.xpack.security.support.NoOpLogger;
 import org.elasticsearch.test.junit.annotations.Network;
 
 import java.util.List;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryRealmTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryRealmTests.java
similarity index 94%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryRealmTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryRealmTests.java
index 68b4186dd46..1c01653718a 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryRealmTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryRealmTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.activedirectory;
+package org.elasticsearch.xpack.security.authc.activedirectory;
 
 import com.unboundid.ldap.listener.InMemoryDirectoryServer;
 import com.unboundid.ldap.listener.InMemoryDirectoryServerConfig;
@@ -14,13 +14,13 @@ import com.unboundid.ldap.sdk.schema.Schema;
 
 import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.support.CachingUsernamePasswordRealm;
-import org.elasticsearch.shield.authc.support.DnRoleMapper;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.SecuredStringTests;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm;
+import org.elasticsearch.xpack.security.authc.support.DnRoleMapper;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredStringTests;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.threadpool.TestThreadPool;
 import org.elasticsearch.threadpool.ThreadPool;
@@ -32,8 +32,8 @@ import org.junit.BeforeClass;
 import java.util.ArrayList;
 import java.util.List;
 
-import static org.elasticsearch.shield.authc.ldap.support.SessionFactory.HOSTNAME_VERIFICATION_SETTING;
-import static org.elasticsearch.shield.authc.ldap.support.SessionFactory.URLS_SETTING;
+import static org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory.HOSTNAME_VERIFICATION_SETTING;
+import static org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory.URLS_SETTING;
 import static org.hamcrest.Matchers.arrayContaining;
 import static org.hamcrest.Matchers.arrayContainingInAnyOrder;
 import static org.hamcrest.Matchers.containsString;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryRealmUsageTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryRealmUsageTests.java
similarity index 87%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryRealmUsageTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryRealmUsageTests.java
index ed71448bad5..633685400b7 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryRealmUsageTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryRealmUsageTests.java
@@ -3,12 +3,12 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.activedirectory;
+package org.elasticsearch.xpack.security.authc.activedirectory;
 
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.ldap.support.LdapSearchScope;
-import org.elasticsearch.shield.authc.support.DnRoleMapper;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapSearchScope;
+import org.elasticsearch.xpack.security.authc.support.DnRoleMapper;
 import org.elasticsearch.test.junit.annotations.Network;
 
 import java.util.Map;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectorySessionFactoryTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectorySessionFactoryTests.java
similarity index 95%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectorySessionFactoryTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectorySessionFactoryTests.java
index 491f980083a..78da9be72a1 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectorySessionFactoryTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectorySessionFactoryTests.java
@@ -3,23 +3,23 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.activedirectory;
+package org.elasticsearch.xpack.security.authc.activedirectory;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.ldap.LdapSessionFactory;
-import org.elasticsearch.shield.authc.ldap.support.LdapSearchScope;
-import org.elasticsearch.shield.authc.ldap.support.LdapSession;
-import org.elasticsearch.shield.authc.ldap.support.LdapTestCase;
-import org.elasticsearch.shield.authc.ldap.support.SessionFactory;
-import org.elasticsearch.shield.authc.support.SecuredStringTests;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.ldap.LdapSessionFactory;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapSearchScope;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapTestCase;
+import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory;
+import org.elasticsearch.xpack.security.authc.support.SecuredStringTests;
 import org.elasticsearch.test.junit.annotations.Network;
 
 import java.io.IOException;
 import java.util.List;
 
-import static org.elasticsearch.test.ShieldTestsUtils.assertAuthenticationException;
+import static org.elasticsearch.test.SecurityTestsUtils.assertAuthenticationException;
 import static org.hamcrest.Matchers.containsInAnyOrder;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.hasItem;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/NativeRealmIntegTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/NativeRealmIntegTests.java
similarity index 88%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/NativeRealmIntegTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/NativeRealmIntegTests.java
index f30b5b18f11..f4236fd239d 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/NativeRealmIntegTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/NativeRealmIntegTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.esnative;
+package org.elasticsearch.xpack.security.authc.esnative;
 
 import org.apache.lucene.util.CollectionUtil;
 import org.elasticsearch.ElasticsearchSecurityException;
@@ -15,28 +15,28 @@ import org.elasticsearch.common.ValidationException;
 import org.elasticsearch.common.bytes.BytesArray;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.rest.RestStatus;
-import org.elasticsearch.shield.ShieldTemplateService;
-import org.elasticsearch.shield.action.role.DeleteRoleResponse;
-import org.elasticsearch.shield.action.role.GetRolesResponse;
-import org.elasticsearch.shield.action.user.AuthenticateAction;
-import org.elasticsearch.shield.action.user.AuthenticateRequest;
-import org.elasticsearch.shield.action.user.AuthenticateResponse;
-import org.elasticsearch.shield.action.user.ChangePasswordResponse;
-import org.elasticsearch.shield.action.user.DeleteUserResponse;
-import org.elasticsearch.shield.action.user.GetUsersResponse;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authz.RoleDescriptor;
-import org.elasticsearch.shield.authz.permission.KibanaRole;
-import org.elasticsearch.shield.authz.permission.Role;
-import org.elasticsearch.shield.authz.permission.SuperuserRole;
-import org.elasticsearch.shield.client.SecurityClient;
-import org.elasticsearch.shield.user.AnonymousUser;
-import org.elasticsearch.shield.user.ElasticUser;
-import org.elasticsearch.shield.user.KibanaUser;
-import org.elasticsearch.shield.user.SystemUser;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.SecurityTemplateService;
+import org.elasticsearch.xpack.security.action.role.DeleteRoleResponse;
+import org.elasticsearch.xpack.security.action.role.GetRolesResponse;
+import org.elasticsearch.xpack.security.action.user.AuthenticateAction;
+import org.elasticsearch.xpack.security.action.user.AuthenticateRequest;
+import org.elasticsearch.xpack.security.action.user.AuthenticateResponse;
+import org.elasticsearch.xpack.security.action.user.ChangePasswordResponse;
+import org.elasticsearch.xpack.security.action.user.DeleteUserResponse;
+import org.elasticsearch.xpack.security.action.user.GetUsersResponse;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authz.RoleDescriptor;
+import org.elasticsearch.xpack.security.authz.permission.KibanaRole;
+import org.elasticsearch.xpack.security.authz.permission.Role;
+import org.elasticsearch.xpack.security.authz.permission.SuperuserRole;
+import org.elasticsearch.xpack.security.client.SecurityClient;
+import org.elasticsearch.xpack.security.user.AnonymousUser;
+import org.elasticsearch.xpack.security.user.ElasticUser;
+import org.elasticsearch.xpack.security.user.KibanaUser;
+import org.elasticsearch.xpack.security.user.SystemUser;
+import org.elasticsearch.xpack.security.user.User;
 import org.elasticsearch.test.NativeRealmIntegTestCase;
-import org.elasticsearch.test.ShieldSettingsSource;
+import org.elasticsearch.test.SecuritySettingsSource;
 import org.junit.BeforeClass;
 
 import java.util.ArrayList;
@@ -45,7 +45,7 @@ import java.util.Collections;
 import java.util.List;
 
 import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 import static org.hamcrest.Matchers.arrayContaining;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.is;
@@ -67,7 +67,7 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase {
     public Settings nodeSettings(int nodeOrdinal) {
         if (anonymousEnabled) {
             return Settings.builder().put(super.nodeSettings(nodeOrdinal))
-                    .put(AnonymousUser.ROLES_SETTING.getKey(), ShieldSettingsSource.DEFAULT_ROLE)
+                    .put(AnonymousUser.ROLES_SETTING.getKey(), SecuritySettingsSource.DEFAULT_ROLE)
                     .build();
         }
         return super.nodeSettings(nodeOrdinal);
@@ -95,8 +95,8 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase {
         final int existing = existingUsers.size();
         logger.error("--> creating user");
         c.preparePutUser("joe", "s3kirt".toCharArray(), "role1", "user").get();
-        logger.error("--> waiting for .shield index");
-        ensureGreen(ShieldTemplateService.SECURITY_INDEX_NAME);
+        logger.error("--> waiting for .security index");
+        ensureGreen(SecurityTemplateService.SECURITY_INDEX_NAME);
         logger.info("--> retrieving user");
         GetUsersResponse resp = c.prepareGetUsers("joe").get();
         assertTrue("user should exist", resp.hasUsers());
@@ -148,8 +148,8 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase {
                 .addIndices(new String[]{"index"}, new String[]{"read"},
                         new String[]{"body", "title"}, new BytesArray("{\"query\": {\"match_all\": {}}}"))
                 .get();
-        logger.error("--> waiting for .shield index");
-        ensureGreen(ShieldTemplateService.SECURITY_INDEX_NAME);
+        logger.error("--> waiting for .security index");
+        ensureGreen(SecurityTemplateService.SECURITY_INDEX_NAME);
         logger.info("--> retrieving role");
         GetRolesResponse resp = c.prepareGetRoles().names("test_role").get();
         assertTrue("role should exist", resp.hasRoles());
@@ -197,8 +197,8 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase {
                 .get();
         logger.error("--> creating user");
         c.preparePutUser("joe", "s3krit".toCharArray(), "test_role").get();
-        logger.error("--> waiting for .shield index");
-        ensureGreen(ShieldTemplateService.SECURITY_INDEX_NAME);
+        logger.error("--> waiting for .security index");
+        ensureGreen(SecurityTemplateService.SECURITY_INDEX_NAME);
         logger.info("--> retrieving user");
         GetUsersResponse resp = c.prepareGetUsers("joe").get();
         assertTrue("user should exist", resp.hasUsers());
@@ -217,13 +217,13 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase {
     public void testUpdatingUserAndAuthentication() throws Exception {
         SecurityClient c = securityClient();
         logger.error("--> creating user");
-        c.preparePutUser("joe", "s3krit".toCharArray(), ShieldSettingsSource.DEFAULT_ROLE).get();
-        logger.error("--> waiting for .shield index");
-        ensureGreen(ShieldTemplateService.SECURITY_INDEX_NAME);
+        c.preparePutUser("joe", "s3krit".toCharArray(), SecuritySettingsSource.DEFAULT_ROLE).get();
+        logger.error("--> waiting for .security index");
+        ensureGreen(SecurityTemplateService.SECURITY_INDEX_NAME);
         logger.info("--> retrieving user");
         GetUsersResponse resp = c.prepareGetUsers("joe").get();
         assertTrue("user should exist", resp.hasUsers());
-        assertThat(resp.users()[0].roles(), arrayContaining(ShieldSettingsSource.DEFAULT_ROLE));
+        assertThat(resp.users()[0].roles(), arrayContaining(SecuritySettingsSource.DEFAULT_ROLE));
 
         createIndex("idx");
         ensureGreen("idx");
@@ -234,7 +234,7 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase {
 
         assertEquals(searchResp.getHits().getTotalHits(), 1L);
 
-        c.preparePutUser("joe", "s3krit2".toCharArray(), ShieldSettingsSource.DEFAULT_ROLE).get();
+        c.preparePutUser("joe", "s3krit2".toCharArray(), SecuritySettingsSource.DEFAULT_ROLE).get();
 
         try {
             client().filterWithHeader(Collections.singletonMap("Authorization", token)).prepareSearch("idx").get();
@@ -252,13 +252,13 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase {
     public void testCreateDeleteAuthenticate() {
         SecurityClient c = securityClient();
         logger.error("--> creating user");
-        c.preparePutUser("joe", "s3krit".toCharArray(), ShieldSettingsSource.DEFAULT_ROLE).get();
-        logger.error("--> waiting for .shield index");
-        ensureGreen(ShieldTemplateService.SECURITY_INDEX_NAME);
+        c.preparePutUser("joe", "s3krit".toCharArray(), SecuritySettingsSource.DEFAULT_ROLE).get();
+        logger.error("--> waiting for .security index");
+        ensureGreen(SecurityTemplateService.SECURITY_INDEX_NAME);
         logger.info("--> retrieving user");
         GetUsersResponse resp = c.prepareGetUsers("joe").get();
         assertTrue("user should exist", resp.hasUsers());
-        assertThat(resp.users()[0].roles(), arrayContaining(ShieldSettingsSource.DEFAULT_ROLE));
+        assertThat(resp.users()[0].roles(), arrayContaining(SecuritySettingsSource.DEFAULT_ROLE));
 
         createIndex("idx");
         ensureGreen("idx");
@@ -291,8 +291,8 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase {
                 .get();
         logger.error("--> creating user");
         c.preparePutUser("joe", "s3krit".toCharArray(), "test_role").get();
-        logger.error("--> waiting for .shield index");
-        ensureGreen(ShieldTemplateService.SECURITY_INDEX_NAME);
+        logger.error("--> waiting for .security index");
+        ensureGreen(SecurityTemplateService.SECURITY_INDEX_NAME);
 
         if (authenticate) {
             final String token = basicAuthHeaderValue("joe", new SecuredString("s3krit".toCharArray()));
@@ -338,8 +338,8 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase {
                         new String[]{"body", "title"}, new BytesArray("{\"match_all\": {}}"))
                 .get();
         c.preparePutUser("joe", "s3krit".toCharArray(), "test_role").get();
-        logger.error("--> waiting for .shield index");
-        ensureGreen(ShieldTemplateService.SECURITY_INDEX_NAME);
+        logger.error("--> waiting for .security index");
+        ensureGreen(SecurityTemplateService.SECURITY_INDEX_NAME);
 
         final String token = basicAuthHeaderValue("joe", new SecuredString("s3krit".toCharArray()));
         ClusterHealthResponse response = client().filterWithHeader(Collections.singletonMap("Authorization", token)).admin().cluster()
@@ -442,7 +442,7 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase {
 
         SecurityClient client = securityClient();
         if (randomBoolean()) {
-            client.preparePutUser("joe", "s3krit".toCharArray(), ShieldSettingsSource.DEFAULT_ROLE).get();
+            client.preparePutUser("joe", "s3krit".toCharArray(), SecuritySettingsSource.DEFAULT_ROLE).get();
         } else {
             client.preparePutRole("read_role")
                     .cluster("none")
@@ -450,11 +450,11 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase {
                     .get();
         }
 
-        IndicesStatsResponse response = client().admin().indices().prepareStats("foo", ShieldTemplateService.SECURITY_INDEX_NAME).get();
+        IndicesStatsResponse response = client().admin().indices().prepareStats("foo", SecurityTemplateService.SECURITY_INDEX_NAME).get();
         assertThat(response.getIndices().size(), is(2));
-        assertThat(response.getIndices().get(ShieldTemplateService.SECURITY_INDEX_NAME), notNullValue());
-        assertThat(response.getIndices().get(ShieldTemplateService.SECURITY_INDEX_NAME).getIndex(),
-                is(ShieldTemplateService.SECURITY_INDEX_NAME));
+        assertThat(response.getIndices().get(SecurityTemplateService.SECURITY_INDEX_NAME), notNullValue());
+        assertThat(response.getIndices().get(SecurityTemplateService.SECURITY_INDEX_NAME).getIndex(),
+                is(SecurityTemplateService.SECURITY_INDEX_NAME));
     }
 
     public void testOperationsOnReservedUsers() throws Exception {
@@ -526,7 +526,7 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase {
     }
 
     public void testCreateAndChangePassword() throws Exception {
-        securityClient().preparePutUser("joe", "s3krit".toCharArray(), ShieldSettingsSource.DEFAULT_ROLE).get();
+        securityClient().preparePutUser("joe", "s3krit".toCharArray(), SecuritySettingsSource.DEFAULT_ROLE).get();
         final String token = basicAuthHeaderValue("joe", new SecuredString("s3krit".toCharArray()));
         ClusterHealthResponse response = client().filterWithHeader(Collections.singletonMap("Authorization", token))
                 .admin().cluster().prepareHealth().get();
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/ReservedRealmIntegTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/ReservedRealmIntegTests.java
similarity index 87%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/ReservedRealmIntegTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/ReservedRealmIntegTests.java
index c1f549bf058..0c842875f34 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/ReservedRealmIntegTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/ReservedRealmIntegTests.java
@@ -3,20 +3,20 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.esnative;
+package org.elasticsearch.xpack.security.authc.esnative;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.action.admin.cluster.health.ClusterHealthResponse;
-import org.elasticsearch.shield.user.ElasticUser;
-import org.elasticsearch.shield.user.KibanaUser;
-import org.elasticsearch.shield.action.user.ChangePasswordResponse;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.user.ElasticUser;
+import org.elasticsearch.xpack.security.user.KibanaUser;
+import org.elasticsearch.xpack.security.action.user.ChangePasswordResponse;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
 import org.elasticsearch.test.NativeRealmIntegTestCase;
 
 import java.util.Arrays;
 
 import static java.util.Collections.singletonMap;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.notNullValue;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/ReservedRealmTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/ReservedRealmTests.java
similarity index 87%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/ReservedRealmTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/ReservedRealmTests.java
index f803306aae4..b84b3cb444f 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/ReservedRealmTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/ReservedRealmTests.java
@@ -3,19 +3,19 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.esnative;
+package org.elasticsearch.xpack.security.authc.esnative;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.shield.authc.esnative.NativeUsersStore.ChangeListener;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
-import org.elasticsearch.shield.user.AnonymousUser;
-import org.elasticsearch.shield.user.ElasticUser;
-import org.elasticsearch.shield.user.KibanaUser;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore.ChangeListener;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
+import org.elasticsearch.xpack.security.user.AnonymousUser;
+import org.elasticsearch.xpack.security.user.ElasticUser;
+import org.elasticsearch.xpack.security.user.KibanaUser;
+import org.elasticsearch.xpack.security.user.User;
 import org.elasticsearch.test.ESTestCase;
 import org.junit.Before;
 
@@ -60,9 +60,9 @@ public class ReservedRealmTests extends ESTestCase {
     }
 
     public void testDefaultPasswordAuthentication() throws Throwable {
-        final boolean shieldIndexExists = randomBoolean();
-        if (shieldIndexExists) {
-            when(usersStore.shieldIndexExists()).thenReturn(true);
+        final boolean securityIndexExists = randomBoolean();
+        if (securityIndexExists) {
+            when(usersStore.securityIndexExists()).thenReturn(true);
         }
         final ReservedRealm reservedRealm = new ReservedRealm(mock(Environment.class), Settings.EMPTY, usersStore);
         final User expected = randomFrom((User) ElasticUser.INSTANCE, KibanaUser.INSTANCE);
@@ -72,8 +72,8 @@ public class ReservedRealmTests extends ESTestCase {
         assertThat(authenticated, sameInstance(expected));
         verify(usersStore).addListener(any(ChangeListener.class));
         verify(usersStore).started();
-        verify(usersStore).shieldIndexExists();
-        if (shieldIndexExists) {
+        verify(usersStore).securityIndexExists();
+        if (securityIndexExists) {
             verify(usersStore).reservedUserPassword(principal);
         }
         verifyNoMoreInteractions(usersStore);
@@ -84,7 +84,7 @@ public class ReservedRealmTests extends ESTestCase {
         final User expectedUser = randomFrom((User) ElasticUser.INSTANCE, KibanaUser.INSTANCE);
         final String principal = expectedUser.principal();
         final SecuredString newPassword = new SecuredString("foobar".toCharArray());
-        when(usersStore.shieldIndexExists()).thenReturn(true);
+        when(usersStore.securityIndexExists()).thenReturn(true);
         when(usersStore.reservedUserPassword(principal)).thenReturn(Hasher.BCRYPT.hash(newPassword));
 
         // test default password
@@ -100,7 +100,7 @@ public class ReservedRealmTests extends ESTestCase {
         assertThat(authenticated, sameInstance(expectedUser));
         verify(usersStore).addListener(any(ChangeListener.class));
         verify(usersStore, times(2)).started();
-        verify(usersStore, times(2)).shieldIndexExists();
+        verify(usersStore, times(2)).securityIndexExists();
         verify(usersStore, times(2)).reservedUserPassword(principal);
         verifyNoMoreInteractions(usersStore);
     }
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/FileRealmTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/file/FileRealmTests.java
similarity index 95%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/FileRealmTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/file/FileRealmTests.java
index 29a953199a3..007668b9bd1 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/FileRealmTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/file/FileRealmTests.java
@@ -3,16 +3,16 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.file;
+package org.elasticsearch.xpack.security.authc.file;
 
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredStringTests;
-import org.elasticsearch.shield.authc.support.UsernamePasswordRealm;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.SecuredStringTests;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordRealm;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
+import org.elasticsearch.xpack.security.user.User;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.watcher.ResourceWatcherService;
 import org.junit.Before;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/FileUserPasswdStoreTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/file/FileUserPasswdStoreTests.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/FileUserPasswdStoreTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/file/FileUserPasswdStoreTests.java
index cb4735eec51..9dca00f7d47 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/FileUserPasswdStoreTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/file/FileUserPasswdStoreTests.java
@@ -3,18 +3,18 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.file;
+package org.elasticsearch.xpack.security.authc.file;
 
 import org.elasticsearch.common.SuppressLoggerChecks;
 import org.elasticsearch.common.logging.ESLogger;
 import org.elasticsearch.common.logging.ESLoggerFactory;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.shield.audit.logfile.CapturingLogger;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.RefreshListener;
-import org.elasticsearch.shield.authc.support.SecuredStringTests;
+import org.elasticsearch.xpack.security.audit.logfile.CapturingLogger;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.RefreshListener;
+import org.elasticsearch.xpack.security.authc.support.SecuredStringTests;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.threadpool.TestThreadPool;
 import org.elasticsearch.threadpool.ThreadPool;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/FileUserRolesStoreTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/file/FileUserRolesStoreTests.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/FileUserRolesStoreTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/file/FileUserRolesStoreTests.java
index 09dfd3133e7..43826371603 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/FileUserRolesStoreTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/file/FileUserRolesStoreTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.file;
+package org.elasticsearch.xpack.security.authc.file;
 
 import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.SuppressLoggerChecks;
@@ -11,9 +11,9 @@ import org.elasticsearch.common.logging.ESLogger;
 import org.elasticsearch.common.logging.ESLoggerFactory;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.shield.audit.logfile.CapturingLogger;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.support.RefreshListener;
+import org.elasticsearch.xpack.security.audit.logfile.CapturingLogger;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.support.RefreshListener;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.threadpool.TestThreadPool;
 import org.elasticsearch.threadpool.ThreadPool;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/tool/UsersToolTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/file/tool/UsersToolTests.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/tool/UsersToolTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/file/tool/UsersToolTests.java
index 44a1c2730a8..6271c75180e 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/tool/UsersToolTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/file/tool/UsersToolTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.file.tool;
+package org.elasticsearch.xpack.security.authc.file.tool;
 
 import com.google.common.jimfs.Configuration;
 import com.google.common.jimfs.Jimfs;
@@ -16,10 +16,10 @@ import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.io.PathUtilsForTesting;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.SecuredStringTests;
-import org.elasticsearch.shield.authz.store.ReservedRolesStore;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredStringTests;
+import org.elasticsearch.xpack.security.authz.store.ReservedRolesStore;
 import org.elasticsearch.xpack.XPackPlugin;
 import org.junit.AfterClass;
 import org.junit.Before;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/GroupsResolverTestCase.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/GroupsResolverTestCase.java
similarity index 90%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/GroupsResolverTestCase.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/GroupsResolverTestCase.java
index be0a45373ec..808b6420eff 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/GroupsResolverTestCase.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/GroupsResolverTestCase.java
@@ -3,16 +3,16 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.ldap;
+package org.elasticsearch.xpack.security.authc.ldap;
 
 import com.unboundid.ldap.sdk.LDAPConnection;
 import com.unboundid.ldap.sdk.LDAPConnectionOptions;
 import com.unboundid.ldap.sdk.LDAPURL;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.shield.authc.ldap.support.SessionFactory;
-import org.elasticsearch.shield.ssl.ClientSSLService;
-import org.elasticsearch.shield.ssl.SSLConfiguration.Global;
+import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory;
+import org.elasticsearch.xpack.security.ssl.ClientSSLService;
+import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global;
 import org.elasticsearch.test.ESTestCase;
 import org.junit.After;
 import org.junit.Before;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/LdapRealmTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapRealmTests.java
similarity index 91%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/LdapRealmTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapRealmTests.java
index 4be76a5c787..56588941cfe 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/LdapRealmTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapRealmTests.java
@@ -3,18 +3,18 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.ldap;
+package org.elasticsearch.xpack.security.authc.ldap;
 
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.ldap.support.LdapSearchScope;
-import org.elasticsearch.shield.authc.ldap.support.LdapTestCase;
-import org.elasticsearch.shield.authc.ldap.support.SessionFactory;
-import org.elasticsearch.shield.authc.support.DnRoleMapper;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.SecuredStringTests;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapSearchScope;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapTestCase;
+import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory;
+import org.elasticsearch.xpack.security.authc.support.DnRoleMapper;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredStringTests;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
+import org.elasticsearch.xpack.security.user.User;
 import org.elasticsearch.threadpool.TestThreadPool;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.watcher.ResourceWatcherService;
@@ -23,9 +23,9 @@ import org.junit.Before;
 
 import java.util.Map;
 
-import static org.elasticsearch.shield.authc.ldap.LdapSessionFactory.USER_DN_TEMPLATES_SETTING;
-import static org.elasticsearch.shield.authc.ldap.support.SessionFactory.HOSTNAME_VERIFICATION_SETTING;
-import static org.elasticsearch.shield.authc.ldap.support.SessionFactory.URLS_SETTING;
+import static org.elasticsearch.xpack.security.authc.ldap.LdapSessionFactory.USER_DN_TEMPLATES_SETTING;
+import static org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory.HOSTNAME_VERIFICATION_SETTING;
+import static org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory.URLS_SETTING;
 import static org.hamcrest.Matchers.arrayContaining;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.hasEntry;
@@ -211,7 +211,8 @@ public class LdapRealmTests extends LdapTestCase {
         String userTemplate = VALID_USER_TEMPLATE;
         Settings settings = Settings.builder()
                 .put(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE))
-                .put(DnRoleMapper.ROLE_MAPPING_FILE_SETTING, getDataPath("/org/elasticsearch/shield/authc/support/role_mapping.yml"))
+                .put(DnRoleMapper.ROLE_MAPPING_FILE_SETTING,
+                        getDataPath("/org/elasticsearch/xpack/security/authc/support/role_mapping.yml"))
                 .build();
         RealmConfig config = new RealmConfig("test-ldap-realm-userdn", settings, globalSettings);
 
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/LdapSessionFactoryTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapSessionFactoryTests.java
similarity index 93%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/LdapSessionFactoryTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapSessionFactoryTests.java
index 16e6412c614..e745513984f 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/LdapSessionFactoryTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapSessionFactoryTests.java
@@ -3,19 +3,19 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.ldap;
+package org.elasticsearch.xpack.security.authc.ldap;
 
 import com.unboundid.ldap.listener.InMemoryDirectoryServer;
 import com.unboundid.ldap.sdk.LDAPURL;
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.ldap.support.LdapSearchScope;
-import org.elasticsearch.shield.authc.ldap.support.LdapSession;
-import org.elasticsearch.shield.authc.ldap.support.LdapTestCase;
-import org.elasticsearch.shield.authc.ldap.support.SessionFactory;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.SecuredStringTests;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapSearchScope;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapTestCase;
+import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredStringTests;
 import org.elasticsearch.test.junit.annotations.Network;
 import org.junit.Before;
 
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/LdapUserSearchSessionFactoryTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapUserSearchSessionFactoryTests.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/LdapUserSearchSessionFactoryTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapUserSearchSessionFactoryTests.java
index 29b84be8df0..03db6a4ee15 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/LdapUserSearchSessionFactoryTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapUserSearchSessionFactoryTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.ldap;
+package org.elasticsearch.xpack.security.authc.ldap;
 
 import com.carrotsearch.randomizedtesting.ThreadFilter;
 import com.carrotsearch.randomizedtesting.annotations.ThreadLeakFilters;
@@ -20,16 +20,16 @@ import org.elasticsearch.common.unit.TimeValue;
 import org.elasticsearch.env.Environment;
 import org.elasticsearch.node.MockNode;
 import org.elasticsearch.node.Node;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.activedirectory.ActiveDirectorySessionFactoryTests;
-import org.elasticsearch.shield.authc.ldap.support.LdapSearchScope;
-import org.elasticsearch.shield.authc.ldap.support.LdapSession;
-import org.elasticsearch.shield.authc.ldap.support.LdapTestCase;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.SecuredStringTests;
-import org.elasticsearch.shield.ssl.ClientSSLService;
-import org.elasticsearch.shield.ssl.SSLConfiguration.Global;
-import org.elasticsearch.shield.support.NoOpLogger;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.activedirectory.ActiveDirectorySessionFactoryTests;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapSearchScope;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapTestCase;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredStringTests;
+import org.elasticsearch.xpack.security.ssl.ClientSSLService;
+import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global;
+import org.elasticsearch.xpack.security.support.NoOpLogger;
 import org.elasticsearch.test.junit.annotations.Network;
 import org.elasticsearch.xpack.watcher.Watcher;
 import org.elasticsearch.xpack.XPackPlugin;
@@ -43,7 +43,7 @@ import java.util.List;
 import java.util.Locale;
 import java.util.Map;
 
-import static org.elasticsearch.test.ShieldTestsUtils.assertAuthenticationException;
+import static org.elasticsearch.test.SecurityTestsUtils.assertAuthenticationException;
 import static org.hamcrest.Matchers.containsInAnyOrder;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.equalTo;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/OpenLdapTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/OpenLdapTests.java
similarity index 93%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/OpenLdapTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/OpenLdapTests.java
index 90fc92d8672..dace77af176 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/OpenLdapTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/OpenLdapTests.java
@@ -3,20 +3,20 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.ldap;
+package org.elasticsearch.xpack.security.authc.ldap;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.ldap.support.LdapSearchScope;
-import org.elasticsearch.shield.authc.ldap.support.LdapSession;
-import org.elasticsearch.shield.authc.ldap.support.LdapTestCase;
-import org.elasticsearch.shield.authc.ldap.support.SessionFactory;
-import org.elasticsearch.shield.authc.support.DnRoleMapper;
-import org.elasticsearch.shield.authc.support.SecuredStringTests;
-import org.elasticsearch.shield.ssl.ClientSSLService;
-import org.elasticsearch.shield.ssl.SSLConfiguration.Global;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapSearchScope;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapTestCase;
+import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory;
+import org.elasticsearch.xpack.security.authc.support.DnRoleMapper;
+import org.elasticsearch.xpack.security.authc.support.SecuredStringTests;
+import org.elasticsearch.xpack.security.ssl.ClientSSLService;
+import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.test.junit.annotations.Network;
 import org.junit.Before;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/SearchGroupsResolverTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/SearchGroupsResolverTests.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/SearchGroupsResolverTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/SearchGroupsResolverTests.java
index f2e62aebdd4..df0ec6d60a0 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/SearchGroupsResolverTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/SearchGroupsResolverTests.java
@@ -3,13 +3,13 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.ldap;
+package org.elasticsearch.xpack.security.authc.ldap;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.unit.TimeValue;
-import org.elasticsearch.shield.authc.ldap.support.LdapSearchScope;
-import org.elasticsearch.shield.support.NoOpLogger;
+import org.elasticsearch.xpack.security.authc.ldap.support.LdapSearchScope;
+import org.elasticsearch.xpack.security.support.NoOpLogger;
 import org.elasticsearch.test.junit.annotations.Network;
 
 import java.util.List;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/UserAttributeGroupsResolverTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/UserAttributeGroupsResolverTests.java
similarity index 92%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/UserAttributeGroupsResolverTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/UserAttributeGroupsResolverTests.java
index 6ebd0f97cc6..f297c920e7e 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/UserAttributeGroupsResolverTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/UserAttributeGroupsResolverTests.java
@@ -3,12 +3,12 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.ldap;
+package org.elasticsearch.xpack.security.authc.ldap;
 
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.unit.TimeValue;
-import org.elasticsearch.shield.authc.activedirectory.ActiveDirectorySessionFactoryTests;
-import org.elasticsearch.shield.support.NoOpLogger;
+import org.elasticsearch.xpack.security.authc.activedirectory.ActiveDirectorySessionFactoryTests;
+import org.elasticsearch.xpack.security.support.NoOpLogger;
 import org.elasticsearch.test.junit.annotations.Network;
 
 import java.util.List;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/support/LDAPServersTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/LDAPServersTests.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/support/LDAPServersTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/LDAPServersTests.java
index 6d34835a2c5..ec68a22fb4d 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/support/LDAPServersTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/LDAPServersTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.ldap.support;
+package org.elasticsearch.xpack.security.authc.ldap.support;
 
 import org.elasticsearch.test.ESTestCase;
 
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/support/LdapLoadBalancingTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapLoadBalancingTests.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/support/LdapLoadBalancingTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapLoadBalancingTests.java
index af2fdc58274..cefe7310dae 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/support/LdapLoadBalancingTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapLoadBalancingTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.ldap.support;
+package org.elasticsearch.xpack.security.authc.ldap.support;
 
 import com.unboundid.ldap.sdk.FailoverServerSet;
 import com.unboundid.ldap.sdk.RoundRobinDNSServerSet;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/support/LdapTestCase.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapTestCase.java
similarity index 86%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/support/LdapTestCase.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapTestCase.java
index d96e296f3db..03443b09c44 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/support/LdapTestCase.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapTestCase.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.ldap.support;
+package org.elasticsearch.xpack.security.authc.ldap.support;
 
 import com.unboundid.ldap.listener.InMemoryDirectoryServer;
 import com.unboundid.ldap.sdk.Attribute;
@@ -11,9 +11,9 @@ import com.unboundid.ldap.sdk.LDAPException;
 import com.unboundid.ldap.sdk.LDAPURL;
 import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.ldap.LdapRealm;
-import org.elasticsearch.shield.authc.support.DnRoleMapper;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.ldap.LdapRealm;
+import org.elasticsearch.xpack.security.authc.support.DnRoleMapper;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.watcher.ResourceWatcherService;
 import org.junit.After;
@@ -23,9 +23,9 @@ import org.junit.BeforeClass;
 import java.util.ArrayList;
 import java.util.List;
 
-import static org.elasticsearch.shield.authc.ldap.LdapSessionFactory.HOSTNAME_VERIFICATION_SETTING;
-import static org.elasticsearch.shield.authc.ldap.LdapSessionFactory.URLS_SETTING;
-import static org.elasticsearch.shield.authc.ldap.LdapSessionFactory.USER_DN_TEMPLATES_SETTING;
+import static org.elasticsearch.xpack.security.authc.ldap.LdapSessionFactory.HOSTNAME_VERIFICATION_SETTING;
+import static org.elasticsearch.xpack.security.authc.ldap.LdapSessionFactory.URLS_SETTING;
+import static org.elasticsearch.xpack.security.authc.ldap.LdapSessionFactory.USER_DN_TEMPLATES_SETTING;
 
 public abstract class LdapTestCase extends ESTestCase {
 
@@ -44,7 +44,8 @@ public abstract class LdapTestCase extends ESTestCase {
             InMemoryDirectoryServer ldapServer = new InMemoryDirectoryServer("o=sevenSeas");
             ldapServer.add("o=sevenSeas", new Attribute("dc", "UnboundID"),
                     new Attribute("objectClass", "top", "domain", "extensibleObject"));
-            ldapServer.importFromLDIF(false, getDataPath("/org/elasticsearch/shield/authc/ldap/support/seven-seas.ldif").toString());
+            ldapServer.importFromLDIF(false,
+                    getDataPath("/org/elasticsearch/xpack/security/authc/ldap/support/seven-seas.ldif").toString());
             ldapServer.startListening();
             ldapServers[i] = ldapServer;
         }
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/support/SessionFactoryLoadBalancingTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactoryLoadBalancingTests.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/support/SessionFactoryLoadBalancingTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactoryLoadBalancingTests.java
index 6998b614bb7..2201bff81f7 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/support/SessionFactoryLoadBalancingTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactoryLoadBalancingTests.java
@@ -3,14 +3,14 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.ldap.support;
+package org.elasticsearch.xpack.security.authc.ldap.support;
 
 import com.unboundid.ldap.listener.InMemoryDirectoryServer;
 import com.unboundid.ldap.sdk.LDAPConnection;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.ssl.ClientSSLService;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.ssl.ClientSSLService;
 
 import java.util.ArrayList;
 import java.util.Arrays;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/support/SessionFactoryTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactoryTests.java
similarity index 94%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/support/SessionFactoryTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactoryTests.java
index 067b174b295..5d6a87f88dc 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/support/SessionFactoryTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactoryTests.java
@@ -3,14 +3,14 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.ldap.support;
+package org.elasticsearch.xpack.security.authc.ldap.support;
 
 import com.unboundid.ldap.sdk.LDAPConnectionOptions;
 import com.unboundid.util.ssl.HostNameSSLSocketVerifier;
 import com.unboundid.util.ssl.TrustAllSSLSocketVerifier;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
 import org.elasticsearch.test.ESTestCase;
 
 import static org.hamcrest.Matchers.equalTo;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiAuthenticationTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiAuthenticationTests.java
similarity index 87%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiAuthenticationTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiAuthenticationTests.java
index 26f8f964ea7..c00b088eb36 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiAuthenticationTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiAuthenticationTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.pki;
+package org.elasticsearch.xpack.security.authc.pki;
 
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpPut;
@@ -18,12 +18,12 @@ import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.transport.InetSocketTransportAddress;
 import org.elasticsearch.common.transport.TransportAddress;
 import org.elasticsearch.http.HttpServerTransport;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.authc.file.FileRealm;
-import org.elasticsearch.shield.transport.SSLClientAuth;
-import org.elasticsearch.shield.transport.netty.ShieldNettyHttpServerTransport;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.authc.file.FileRealm;
+import org.elasticsearch.xpack.security.transport.SSLClientAuth;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
 import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
-import org.elasticsearch.test.ShieldIntegTestCase;
+import org.elasticsearch.test.SecurityIntegTestCase;
 import org.elasticsearch.transport.Transport;
 import org.elasticsearch.xpack.XPackPlugin;
 
@@ -38,7 +38,7 @@ import java.security.SecureRandom;
 import java.util.Locale;
 import java.util.Map.Entry;
 
-import static org.elasticsearch.test.ShieldSettingsSource.getSSLSettingsForStore;
+import static org.elasticsearch.test.SecuritySettingsSource.getSSLSettingsForStore;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.instanceOf;
 import static org.hamcrest.Matchers.is;
@@ -47,7 +47,7 @@ import static org.hamcrest.Matchers.is;
  * Test authentication via PKI on both REST and Transport layers
  */
 @ClusterScope(numClientNodes = 0, supportsDedicatedMasters = false, numDataNodes = 1)
-public class PkiAuthenticationTests extends ShieldIntegTestCase {
+public class PkiAuthenticationTests extends SecurityIntegTestCase {
 
     @Override
     protected Settings nodeSettings(int nodeOrdinal) {
@@ -56,14 +56,14 @@ public class PkiAuthenticationTests extends ShieldIntegTestCase {
                 .put(super.nodeSettings(nodeOrdinal))
                 .put(NetworkModule.HTTP_ENABLED.getKey(), true)
 
-                .put(ShieldNettyHttpServerTransport.SSL_SETTING.getKey(), true)
-                .put(ShieldNettyHttpServerTransport.CLIENT_AUTH_SETTING.getKey(), sslClientAuth)
+                .put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), true)
+                .put(SecurityNettyHttpServerTransport.CLIENT_AUTH_SETTING.getKey(), sslClientAuth)
                 .put("xpack.security.authc.realms.file.type", FileRealm.TYPE)
                 .put("xpack.security.authc.realms.file.order", "0")
                 .put("xpack.security.authc.realms.pki1.type", PkiRealm.TYPE)
                 .put("xpack.security.authc.realms.pki1.order", "1")
                 .put("xpack.security.authc.realms.pki1.truststore.path",
-                        getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/truststore-testnode-only.jks"))
+                        getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/truststore-testnode-only.jks"))
                 .put("xpack.security.authc.realms.pki1.truststore.password", "truststore-testnode-only")
                 .put("xpack.security.authc.realms.pki1.files.role_mapping", getDataPath("role_mapping.yml"))
                 .build();
@@ -75,7 +75,7 @@ public class PkiAuthenticationTests extends ShieldIntegTestCase {
     }
 
     public void testTransportClientCanAuthenticateViaPki() {
-        Settings settings = getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks", "testnode");
+        Settings settings = getSSLSettingsForStore("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks", "testnode");
         try (TransportClient client = createTransportClient(settings)) {
             client.addTransportAddress(randomFrom(internalCluster().getInstance(Transport.class).boundAddress().boundAddresses()));
             IndexResponse response = client.prepareIndex("foo", "bar").setSource("pki", "auth").get();
@@ -98,7 +98,7 @@ public class PkiAuthenticationTests extends ShieldIntegTestCase {
     }
 
     public void testRestAuthenticationViaPki() throws Exception {
-        SSLContext context = getRestSSLContext("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks", "testnode");
+        SSLContext context = getRestSSLContext("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks", "testnode");
         try (CloseableHttpClient client = HttpClients.custom().setSslcontext(context).build()) {
             HttpPut put = new HttpPut(getNodeUrl() + "foo");
             try (CloseableHttpResponse response = client.execute(put)) {
@@ -109,7 +109,7 @@ public class PkiAuthenticationTests extends ShieldIntegTestCase {
     }
 
     public void testRestAuthenticationFailure() throws Exception {
-        SSLContext context = getRestSSLContext("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.jks", "testclient");
+        SSLContext context = getRestSSLContext("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.jks", "testclient");
         try (CloseableHttpClient client = HttpClients.custom().setSslcontext(context).build()) {
             HttpPut put = new HttpPut(getNodeUrl() + "foo");
             try (CloseableHttpResponse response = client.execute(put)) {
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiOptionalClientAuthTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiOptionalClientAuthTests.java
similarity index 75%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiOptionalClientAuthTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiOptionalClientAuthTests.java
index 4e983854641..2be1bd68846 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiOptionalClientAuthTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiOptionalClientAuthTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.pki;
+package org.elasticsearch.xpack.security.authc.pki;
 
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClients;
@@ -12,14 +12,14 @@ import org.elasticsearch.common.network.NetworkModule;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.transport.InetSocketTransportAddress;
 import org.elasticsearch.http.HttpServerTransport;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
-import org.elasticsearch.shield.transport.SSLClientAuth;
-import org.elasticsearch.shield.transport.netty.ShieldNettyHttpServerTransport;
-import org.elasticsearch.shield.transport.netty.ShieldNettyTransport;
-import org.elasticsearch.test.ShieldIntegTestCase;
-import org.elasticsearch.test.ShieldSettingsSource;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
+import org.elasticsearch.xpack.security.transport.SSLClientAuth;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
+import org.elasticsearch.test.SecurityIntegTestCase;
+import org.elasticsearch.test.SecuritySettingsSource;
 import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
 import org.elasticsearch.test.rest.client.http.HttpResponse;
 import org.elasticsearch.transport.Transport;
@@ -35,12 +35,12 @@ import java.nio.file.Path;
 import java.security.KeyStore;
 import java.security.SecureRandom;
 
-import static org.elasticsearch.test.ShieldSettingsSource.DEFAULT_PASSWORD;
-import static org.elasticsearch.test.ShieldSettingsSource.DEFAULT_USER_NAME;
-import static org.elasticsearch.test.ShieldSettingsSource.getSSLSettingsForStore;
+import static org.elasticsearch.test.SecuritySettingsSource.DEFAULT_PASSWORD;
+import static org.elasticsearch.test.SecuritySettingsSource.DEFAULT_USER_NAME;
+import static org.elasticsearch.test.SecuritySettingsSource.getSSLSettingsForStore;
 import static org.hamcrest.Matchers.is;
 
-public class PkiOptionalClientAuthTests extends ShieldIntegTestCase {
+public class PkiOptionalClientAuthTests extends SecurityIntegTestCase {
 
     private static int randomClientPort;
 
@@ -56,14 +56,14 @@ public class PkiOptionalClientAuthTests extends ShieldIntegTestCase {
         return Settings.builder()
                 .put(super.nodeSettings(nodeOrdinal))
                 .put(NetworkModule.HTTP_ENABLED.getKey(), true)
-                .put(ShieldNettyHttpServerTransport.SSL_SETTING.getKey(), true)
-                .put(ShieldNettyHttpServerTransport.CLIENT_AUTH_SETTING.getKey(), SSLClientAuth.OPTIONAL)
+                .put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), true)
+                .put(SecurityNettyHttpServerTransport.CLIENT_AUTH_SETTING.getKey(), SSLClientAuth.OPTIONAL)
                 .put("xpack.security.authc.realms.file.type", "file")
                 .put("xpack.security.authc.realms.file.order", "0")
                 .put("xpack.security.authc.realms.pki1.type", "pki")
                 .put("xpack.security.authc.realms.pki1.order", "1")
                 .put("xpack.security.authc.realms.pki1.truststore.path",
-                        getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/truststore-testnode-only.jks"))
+                        getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/truststore-testnode-only.jks"))
                 .put("xpack.security.authc.realms.pki1.truststore.password", "truststore-testnode-only")
                 .put("xpack.security.authc.realms.pki1.files.role_mapping", getDataPath("role_mapping.yml"))
                 .put("transport.profiles.want_client_auth.port", randomClientPortRange)
@@ -91,8 +91,8 @@ public class PkiOptionalClientAuthTests extends ShieldIntegTestCase {
             assertThat(response.getStatusCode(), is(401));
 
             requestBuilder.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
-                    UsernamePasswordToken.basicAuthHeaderValue(ShieldSettingsSource.DEFAULT_USER_NAME,
-                            new SecuredString(ShieldSettingsSource.DEFAULT_PASSWORD.toCharArray())));
+                    UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
+                            new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())));
             response = requestBuilder.execute();
             assertThat(response.getStatusCode(), is(200));
         }
@@ -104,12 +104,12 @@ public class PkiOptionalClientAuthTests extends ShieldIntegTestCase {
                 randomFrom(transport.profileBoundAddresses().get("want_client_auth").boundAddresses())).address().getPort();
 
         Settings sslSettingsForStore = getSSLSettingsForStore
-                ("/org/elasticsearch/shield/transport/ssl/certs/simple/truststore-testnode-only.jks", "truststore-testnode-only");
+                ("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/truststore-testnode-only.jks", "truststore-testnode-only");
         Settings settings = Settings.builder()
                 .put(sslSettingsForStore)
                 .put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
                 .put("cluster.name", internalCluster().getClusterName())
-                .put(ShieldNettyTransport.SSL_SETTING.getKey(), true)
+                .put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
                 .build();
 
 
@@ -121,7 +121,7 @@ public class PkiOptionalClientAuthTests extends ShieldIntegTestCase {
 
     private SSLContext getSSLContext() throws Exception {
         SSLContext sc = SSLContext.getInstance("TLSv1.2");
-        Path truststore = getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/truststore-testnode-only.jks");
+        Path truststore = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/truststore-testnode-only.jks");
         KeyStore keyStore = KeyStore.getInstance("JKS");
         try (InputStream stream = Files.newInputStream(truststore)) {
             keyStore.load(stream, "truststore-testnode-only".toCharArray());
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiRealmTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiRealmTests.java
similarity index 86%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiRealmTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiRealmTests.java
index 9b13269c919..5fbba1c04b1 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiRealmTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiRealmTests.java
@@ -3,16 +3,16 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.pki;
+package org.elasticsearch.xpack.security.authc.pki;
 
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.support.DnRoleMapper;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
-import org.elasticsearch.shield.support.NoOpLogger;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.support.DnRoleMapper;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
+import org.elasticsearch.xpack.security.support.NoOpLogger;
 import org.elasticsearch.test.ESTestCase;
 import org.junit.Before;
 
@@ -52,7 +52,7 @@ public class PkiRealmTests extends ESTestCase {
     }
 
     public void testExtractToken() throws Exception {
-        X509Certificate certificate = readCert(getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.crt"));
+        X509Certificate certificate = readCert(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"));
         ThreadContext threadContext = new ThreadContext(Settings.EMPTY);
         threadContext.putTransient(PkiRealm.PKI_CERT_HEADER_NAME, new X509Certificate[] { certificate });
         PkiRealm realm = new PkiRealm(new RealmConfig("", Settings.EMPTY, globalSettings), mock(DnRoleMapper.class));
@@ -64,7 +64,7 @@ public class PkiRealmTests extends ESTestCase {
     }
 
     public void testAuthenticateBasedOnCertToken() throws Exception {
-        X509Certificate certificate = readCert(getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.crt"));
+        X509Certificate certificate = readCert(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"));
         X509AuthenticationToken token = new X509AuthenticationToken(new X509Certificate[] { certificate }, "Elasticsearch Test Node",
                 "CN=Elasticsearch Test Node,");
         DnRoleMapper roleMapper = mock(DnRoleMapper.class);
@@ -79,7 +79,7 @@ public class PkiRealmTests extends ESTestCase {
     }
 
     public void testCustomUsernamePattern() throws Exception {
-        X509Certificate certificate = readCert(getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.crt"));
+        X509Certificate certificate = readCert(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"));
         DnRoleMapper roleMapper = mock(DnRoleMapper.class);
         PkiRealm realm = new PkiRealm(new RealmConfig("", Settings.builder().put("username_pattern", "OU=(.*?),").build(), globalSettings),
                 roleMapper);
@@ -96,10 +96,10 @@ public class PkiRealmTests extends ESTestCase {
     }
 
     public void testVerificationUsingATruststore() throws Exception {
-        X509Certificate certificate = readCert(getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.crt"));
+        X509Certificate certificate = readCert(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"));
         DnRoleMapper roleMapper = mock(DnRoleMapper.class);
         Settings settings = Settings.builder()
-                .put("truststore.path", getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks"))
+                .put("truststore.path", getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"))
                 .put("truststore.password", "testnode")
                 .build();
         PkiRealm realm = new PkiRealm(new RealmConfig("", settings, globalSettings), roleMapper);
@@ -117,10 +117,11 @@ public class PkiRealmTests extends ESTestCase {
     }
 
     public void testVerificationFailsUsingADifferentTruststore() throws Exception {
-        X509Certificate certificate = readCert(getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.crt"));
+        X509Certificate certificate = readCert(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"));
         DnRoleMapper roleMapper = mock(DnRoleMapper.class);
         Settings settings = Settings.builder()
-                .put("truststore.path", getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-client-profile.jks"))
+                .put("truststore.path",
+                        getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-client-profile.jks"))
                 .put("truststore.password", "testnode-client-profile")
                 .build();
         PkiRealm realm = new PkiRealm(new RealmConfig("", settings, globalSettings), roleMapper);
@@ -136,7 +137,8 @@ public class PkiRealmTests extends ESTestCase {
 
     public void testTruststorePathWithoutPasswordThrowsException() throws Exception {
         Settings settings = Settings.builder()
-                .put("truststore.path", getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-client-profile.jks"))
+                .put("truststore.path",
+                        getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-client-profile.jks"))
                 .build();
         try {
             new PkiRealm(new RealmConfig("", settings, globalSettings), mock(DnRoleMapper.class));
@@ -160,26 +162,26 @@ public class PkiRealmTests extends ESTestCase {
 
     public void testCertificateWithCnAndOuExtractsProperly() throws Exception {
         X509Certificate certificate = mock(X509Certificate.class);
-        X500Principal principal = new X500Principal("CN=PKI Client, OU=Shield");
+        X500Principal principal = new X500Principal("CN=PKI Client, OU=Security");
         when(certificate.getSubjectX500Principal()).thenReturn(principal);
 
         X509AuthenticationToken token = PkiRealm.token(new X509Certificate[]{certificate},
                 Pattern.compile(PkiRealm.DEFAULT_USERNAME_PATTERN), NoOpLogger.INSTANCE);
         assertThat(token, notNullValue());
         assertThat(token.principal(), is("PKI Client"));
-        assertThat(token.dn(), is("CN=PKI Client, OU=Shield"));
+        assertThat(token.dn(), is("CN=PKI Client, OU=Security"));
     }
 
     public void testCertificateWithCnInMiddle() throws Exception {
         X509Certificate certificate = mock(X509Certificate.class);
-        X500Principal principal = new X500Principal("EMAILADDRESS=pki@elastic.co, CN=PKI Client, OU=Shield");
+        X500Principal principal = new X500Principal("EMAILADDRESS=pki@elastic.co, CN=PKI Client, OU=Security");
         when(certificate.getSubjectX500Principal()).thenReturn(principal);
 
         X509AuthenticationToken token = PkiRealm.token(new X509Certificate[]{certificate},
                 Pattern.compile(PkiRealm.DEFAULT_USERNAME_PATTERN), NoOpLogger.INSTANCE);
         assertThat(token, notNullValue());
         assertThat(token.principal(), is("PKI Client"));
-        assertThat(token.dn(), is("EMAILADDRESS=pki@elastic.co, CN=PKI Client, OU=Shield"));
+        assertThat(token.dn(), is("EMAILADDRESS=pki@elastic.co, CN=PKI Client, OU=Security"));
     }
 
     static X509Certificate readCert(Path path) throws Exception {
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiWithoutClientAuthenticationTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiWithoutClientAuthenticationTests.java
similarity index 77%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiWithoutClientAuthenticationTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiWithoutClientAuthenticationTests.java
index f874fcfebe2..6b16ef3fc75 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiWithoutClientAuthenticationTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiWithoutClientAuthenticationTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.pki;
+package org.elasticsearch.xpack.security.authc.pki;
 
 
 import org.apache.http.impl.client.CloseableHttpClient;
@@ -13,14 +13,14 @@ import org.elasticsearch.common.network.NetworkModule;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.transport.InetSocketTransportAddress;
 import org.elasticsearch.http.HttpServerTransport;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
-import org.elasticsearch.shield.transport.SSLClientAuth;
-import org.elasticsearch.shield.transport.netty.ShieldNettyHttpServerTransport;
-import org.elasticsearch.shield.transport.netty.ShieldNettyTransport;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
+import org.elasticsearch.xpack.security.transport.SSLClientAuth;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
 import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
-import org.elasticsearch.test.ShieldIntegTestCase;
-import org.elasticsearch.test.ShieldSettingsSource;
+import org.elasticsearch.test.SecurityIntegTestCase;
+import org.elasticsearch.test.SecuritySettingsSource;
 import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
 import org.elasticsearch.test.rest.client.http.HttpResponse;
 
@@ -34,7 +34,7 @@ import java.util.Locale;
 import static org.hamcrest.Matchers.is;
 
 @ClusterScope(numClientNodes = 0, supportsDedicatedMasters = false, numDataNodes = 1)
-public class PkiWithoutClientAuthenticationTests extends ShieldIntegTestCase {
+public class PkiWithoutClientAuthenticationTests extends SecurityIntegTestCase {
     private TrustManager[] trustAllCerts = new TrustManager[] {
             new X509TrustManager() {
                 @Override
@@ -62,9 +62,9 @@ public class PkiWithoutClientAuthenticationTests extends ShieldIntegTestCase {
         return Settings.builder()
                 .put(super.nodeSettings(nodeOrdinal))
                 .put(NetworkModule.HTTP_ENABLED.getKey(), true)
-                .put(ShieldNettyTransport.CLIENT_AUTH_SETTING.getKey(), false)
-                .put(ShieldNettyHttpServerTransport.SSL_SETTING.getKey(), true)
-                .put(ShieldNettyHttpServerTransport.CLIENT_AUTH_SETTING.getKey(),
+                .put(SecurityNettyTransport.CLIENT_AUTH_SETTING.getKey(), false)
+                .put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), true)
+                .put(SecurityNettyHttpServerTransport.CLIENT_AUTH_SETTING.getKey(),
                         randomFrom(SSLClientAuth.NO.name(), false, "false", "FALSE", SSLClientAuth.NO.name().toLowerCase(Locale.ROOT)))
                 .put("xpack.security.authc.realms.pki1.type", "pki")
                 .put("xpack.security.authc.realms.pki1.order", "0")
@@ -88,8 +88,8 @@ public class PkiWithoutClientAuthenticationTests extends ShieldIntegTestCase {
                     .method("GET")
                     .path("/_nodes");
             requestBuilder.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
-                    UsernamePasswordToken.basicAuthHeaderValue(ShieldSettingsSource.DEFAULT_USER_NAME,
-                            new SecuredString(ShieldSettingsSource.DEFAULT_PASSWORD.toCharArray())));
+                    UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
+                            new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())));
             HttpResponse response = requestBuilder.execute();
             assertThat(response.getStatusCode(), is(200));
         }
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiWithoutSSLTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiWithoutSSLTests.java
similarity index 81%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiWithoutSSLTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiWithoutSSLTests.java
index fcfc3cccdb0..2902b87d2fc 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiWithoutSSLTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiWithoutSSLTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.pki;
+package org.elasticsearch.xpack.security.authc.pki;
 
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClients;
@@ -11,18 +11,18 @@ import org.elasticsearch.client.Client;
 import org.elasticsearch.common.network.NetworkModule;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.http.HttpServerTransport;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
 import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
-import org.elasticsearch.test.ShieldIntegTestCase;
-import org.elasticsearch.test.ShieldSettingsSource;
+import org.elasticsearch.test.SecurityIntegTestCase;
+import org.elasticsearch.test.SecuritySettingsSource;
 import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
 import org.elasticsearch.test.rest.client.http.HttpResponse;
 
 import static org.hamcrest.Matchers.is;
 
 @ClusterScope(numClientNodes = 0, supportsDedicatedMasters = false, numDataNodes = 1)
-public class PkiWithoutSSLTests extends ShieldIntegTestCase {
+public class PkiWithoutSSLTests extends SecurityIntegTestCase {
     @Override
     public boolean sslTransportEnabled() {
         return false;
@@ -51,8 +51,8 @@ public class PkiWithoutSSLTests extends ShieldIntegTestCase {
                     .method("GET")
                     .path("/_nodes");
             requestBuilder.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
-                    UsernamePasswordToken.basicAuthHeaderValue(ShieldSettingsSource.DEFAULT_USER_NAME,
-                            new SecuredString(ShieldSettingsSource.DEFAULT_PASSWORD.toCharArray())));
+                    UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
+                            new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())));
             HttpResponse response = requestBuilder.execute();
             assertThat(response.getStatusCode(), is(200));
         }
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/BCryptTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/support/BCryptTests.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/BCryptTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/support/BCryptTests.java
index 4a397f7f31a..58d7fd95d19 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/BCryptTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/support/BCryptTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.support;
+package org.elasticsearch.xpack.security.authc.support;
 
 import org.elasticsearch.test.ESTestCase;
 
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/CachingUsernamePasswordRealmTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/support/CachingUsernamePasswordRealmTests.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/CachingUsernamePasswordRealmTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/support/CachingUsernamePasswordRealmTests.java
index e976369a8a2..09b1e12852b 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/CachingUsernamePasswordRealmTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/support/CachingUsernamePasswordRealmTests.java
@@ -3,13 +3,13 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.support;
+package org.elasticsearch.xpack.security.authc.support;
 
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.unit.TimeValue;
-import org.elasticsearch.shield.authc.Realm;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.authc.Realm;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.user.User;
 import org.elasticsearch.test.ESTestCase;
 import org.junit.Before;
 
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/DnRoleMapperTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/support/DnRoleMapperTests.java
similarity index 95%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/DnRoleMapperTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/support/DnRoleMapperTests.java
index 2ae0276059b..6d95614ade5 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/DnRoleMapperTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/support/DnRoleMapperTests.java
@@ -3,15 +3,15 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.support;
+package org.elasticsearch.xpack.security.authc.support;
 
 import com.unboundid.ldap.sdk.DN;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.shield.audit.logfile.CapturingLogger;
-import org.elasticsearch.shield.authc.RealmConfig;
-import org.elasticsearch.shield.authc.activedirectory.ActiveDirectoryRealm;
-import org.elasticsearch.shield.authc.ldap.LdapRealm;
+import org.elasticsearch.xpack.security.audit.logfile.CapturingLogger;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.activedirectory.ActiveDirectoryRealm;
+import org.elasticsearch.xpack.security.authc.ldap.LdapRealm;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.threadpool.TestThreadPool;
 import org.elasticsearch.threadpool.ThreadPool;
@@ -107,7 +107,7 @@ public class DnRoleMapperTests extends ESTestCase {
         Set<String> roles = mapper.resolveRoles("", Collections.singletonList("cn=shield,ou=marvel,o=superheros"));
         assertThat(roles, notNullValue());
         assertThat(roles.size(), is(1));
-        assertThat(roles, contains("shield"));
+        assertThat(roles, contains("security"));
 
         watcherService.start();
 
@@ -146,7 +146,7 @@ public class DnRoleMapperTests extends ESTestCase {
         Set<String> roles = mapper.resolveRoles("", Collections.singletonList("cn=shield,ou=marvel,o=superheros"));
         assertThat(roles, notNullValue());
         assertThat(roles.size(), is(1));
-        assertThat(roles, contains("shield"));
+        assertThat(roles, contains("security"));
 
         watcherService.start();
 
@@ -172,14 +172,14 @@ public class DnRoleMapperTests extends ESTestCase {
         Set<String> roles = mappings.get(dn);
         assertThat(roles, notNullValue());
         assertThat(roles, hasSize(2));
-        assertThat(roles, containsInAnyOrder("shield", "avenger"));
+        assertThat(roles, containsInAnyOrder("security", "avenger"));
 
         dn = new DN("cn=shield,ou=marvel,o=superheros");
         assertThat(mappings, hasKey(dn));
         roles = mappings.get(dn);
         assertThat(roles, notNullValue());
         assertThat(roles, hasSize(1));
-        assertThat(roles, contains("shield"));
+        assertThat(roles, contains("security"));
 
         dn = new DN("cn=Horatio Hornblower,ou=people,o=sevenSeas");
         assertThat(mappings, hasKey(dn));
@@ -246,7 +246,7 @@ public class DnRoleMapperTests extends ESTestCase {
         Set<String> roles = mapper.resolveRoles("", Arrays.asList(STARK_GROUP_DNS));
 
         //verify
-        assertThat(roles, hasItems("shield", "avenger"));
+        assertThat(roles, hasItems("security", "avenger"));
     }
 
     public void testRelativeDN() {
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/HasherTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/support/HasherTests.java
similarity index 95%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/HasherTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/support/HasherTests.java
index d914a6bd4ab..54c3e4d811e 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/HasherTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/support/HasherTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.support;
+package org.elasticsearch.xpack.security.authc.support;
 
 import org.elasticsearch.test.ESTestCase;
 
@@ -54,7 +54,7 @@ public class HasherTests extends ESTestCase {
         assertThat(Hasher.resolve("clear_text"), sameInstance(Hasher.NOOP));
         try {
             Hasher.resolve("unknown_hasher");
-            fail("expected a shield setting error when trying to resolve an unknown hasher");
+            fail("expected a settings error when trying to resolve an unknown hasher");
         } catch (IllegalArgumentException e) {
             // expected
         }
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/SecuredStringTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/support/SecuredStringTests.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/SecuredStringTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/support/SecuredStringTests.java
index e1d3c51ff34..e0e643ffdc2 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/SecuredStringTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/support/SecuredStringTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.support;
+package org.elasticsearch.xpack.security.authc.support;
 
 import org.elasticsearch.test.ESTestCase;
 
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/UsernamePasswordRealmTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/support/UsernamePasswordRealmTests.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/UsernamePasswordRealmTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/support/UsernamePasswordRealmTests.java
index 74e088fa589..01b88d21d33 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/UsernamePasswordRealmTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/support/UsernamePasswordRealmTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.support;
+package org.elasticsearch.xpack.security.authc.support;
 
 import org.elasticsearch.test.ESTestCase;
 
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/UsernamePasswordTokenTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/support/UsernamePasswordTokenTests.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/UsernamePasswordTokenTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/support/UsernamePasswordTokenTests.java
index c8ea49237d3..ad3a5a664ed 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/UsernamePasswordTokenTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/support/UsernamePasswordTokenTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authc.support;
+package org.elasticsearch.xpack.security.authc.support;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.common.settings.Settings;
@@ -15,7 +15,7 @@ import org.junit.rules.ExpectedException;
 import java.nio.charset.StandardCharsets;
 import java.util.Base64;
 
-import static org.elasticsearch.test.ShieldTestsUtils.assertAuthenticationException;
+import static org.elasticsearch.test.SecurityTestsUtils.assertAuthenticationException;
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.not;
 import static org.hamcrest.Matchers.notNullValue;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/AnalyzeTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/AnalyzeTests.java
similarity index 87%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/AnalyzeTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/AnalyzeTests.java
index f9e46480c22..986fa94299f 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/AnalyzeTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/AnalyzeTests.java
@@ -3,21 +3,21 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz;
+package org.elasticsearch.xpack.security.authz;
 
 import org.elasticsearch.ElasticsearchSecurityException;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.test.ShieldIntegTestCase;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.test.SecurityIntegTestCase;
 
 import java.util.Collections;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
-import static org.elasticsearch.test.ShieldTestsUtils.assertAuthorizationException;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.test.SecurityTestsUtils.assertAuthorizationException;
 import static org.hamcrest.CoreMatchers.containsString;
 
-public class AnalyzeTests extends ShieldIntegTestCase {
+public class AnalyzeTests extends SecurityIntegTestCase {
     protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("test123".toCharArray())));
 
     @Override
diff --git a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/shield/authz/AuthorizationUtilsTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/AuthorizationUtilsTests.java
similarity index 89%
rename from elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/shield/authz/AuthorizationUtilsTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/AuthorizationUtilsTests.java
index cdff7aa1e87..540af489890 100644
--- a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/shield/authz/AuthorizationUtilsTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/AuthorizationUtilsTests.java
@@ -3,14 +3,14 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz;
+package org.elasticsearch.xpack.security.authz;
 
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.authc.Authentication;
-import org.elasticsearch.shield.authc.Authentication.RealmRef;
-import org.elasticsearch.shield.user.SystemUser;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.authc.Authentication;
+import org.elasticsearch.xpack.security.authc.Authentication.RealmRef;
+import org.elasticsearch.xpack.security.user.SystemUser;
+import org.elasticsearch.xpack.security.user.User;
 import org.elasticsearch.test.ESTestCase;
 import org.junit.Before;
 
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/IndexAliasesTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/IndexAliasesTests.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/IndexAliasesTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/IndexAliasesTests.java
index 14564560d53..78ac5a3d017 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/IndexAliasesTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/IndexAliasesTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz;
+package org.elasticsearch.xpack.security.authz;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.action.admin.indices.alias.Alias;
@@ -12,23 +12,23 @@ import org.elasticsearch.action.admin.indices.alias.get.GetAliasesResponse;
 import org.elasticsearch.action.support.IndicesOptions;
 import org.elasticsearch.client.Client;
 import org.elasticsearch.index.IndexNotFoundException;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.test.ShieldIntegTestCase;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.test.SecurityIntegTestCase;
 import org.junit.Before;
 
 import java.util.Collections;
 import java.util.Map;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
-import static org.elasticsearch.test.ShieldTestsUtils.assertAuthorizationException;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.test.SecurityTestsUtils.assertAuthorizationException;
 import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
 import static org.hamcrest.CoreMatchers.containsString;
 import static org.hamcrest.CoreMatchers.equalTo;
 import static org.hamcrest.CoreMatchers.is;
 
-public class IndexAliasesTests extends ShieldIntegTestCase {
+public class IndexAliasesTests extends SecurityIntegTestCase {
 
     protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("test123".toCharArray())));
 
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/InternalAuthorizationServiceTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/InternalAuthorizationServiceTests.java
similarity index 89%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/InternalAuthorizationServiceTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/InternalAuthorizationServiceTests.java
index b242a89f710..60a673249b2 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/InternalAuthorizationServiceTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/InternalAuthorizationServiceTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz;
+package org.elasticsearch.xpack.security.authz;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.Version;
@@ -55,21 +55,21 @@ import org.elasticsearch.common.collect.Tuple;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
 import org.elasticsearch.search.action.SearchTransportService;
-import org.elasticsearch.shield.ShieldTemplateService;
-import org.elasticsearch.shield.authc.Authentication;
-import org.elasticsearch.shield.authc.Authentication.RealmRef;
-import org.elasticsearch.shield.user.AnonymousUser;
-import org.elasticsearch.shield.user.SystemUser;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.user.XPackUser;
-import org.elasticsearch.shield.audit.AuditTrail;
-import org.elasticsearch.shield.authc.DefaultAuthenticationFailureHandler;
-import org.elasticsearch.shield.authz.permission.Role;
-import org.elasticsearch.shield.authz.permission.SuperuserRole;
-import org.elasticsearch.shield.authz.privilege.ClusterPrivilege;
-import org.elasticsearch.shield.authz.privilege.GeneralPrivilege;
-import org.elasticsearch.shield.authz.privilege.IndexPrivilege;
-import org.elasticsearch.shield.authz.store.RolesStore;
+import org.elasticsearch.xpack.security.SecurityTemplateService;
+import org.elasticsearch.xpack.security.authc.Authentication;
+import org.elasticsearch.xpack.security.authc.Authentication.RealmRef;
+import org.elasticsearch.xpack.security.user.AnonymousUser;
+import org.elasticsearch.xpack.security.user.SystemUser;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.user.XPackUser;
+import org.elasticsearch.xpack.security.audit.AuditTrail;
+import org.elasticsearch.xpack.security.authc.DefaultAuthenticationFailureHandler;
+import org.elasticsearch.xpack.security.authz.permission.Role;
+import org.elasticsearch.xpack.security.authz.permission.SuperuserRole;
+import org.elasticsearch.xpack.security.authz.privilege.ClusterPrivilege;
+import org.elasticsearch.xpack.security.authz.privilege.GeneralPrivilege;
+import org.elasticsearch.xpack.security.authz.privilege.IndexPrivilege;
+import org.elasticsearch.xpack.security.authz.store.RolesStore;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.TransportRequest;
@@ -79,8 +79,8 @@ import org.junit.Before;
 import java.util.ArrayList;
 import java.util.List;
 
-import static org.elasticsearch.test.ShieldTestsUtils.assertAuthenticationException;
-import static org.elasticsearch.test.ShieldTestsUtils.assertAuthorizationException;
+import static org.elasticsearch.test.SecurityTestsUtils.assertAuthenticationException;
+import static org.elasticsearch.test.SecurityTestsUtils.assertAuthorizationException;
 import static org.hamcrest.Matchers.containsInAnyOrder;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.is;
@@ -505,7 +505,7 @@ public class InternalAuthorizationServiceTests extends ESTestCase {
         verifyNoMoreInteractions(auditTrail);
     }
 
-    public void testNonXPackUserCannotExecuteOperationAgainstShieldIndex() {
+    public void testNonXPackUserCannotExecuteOperationAgainstSecurityIndex() {
         User user = new User("all_access_user", "all_access");
         when(rolesStore.role("all_access")).thenReturn(Role.builder("all_access")
                 .add(IndexPrivilege.ALL, "*")
@@ -514,23 +514,25 @@ public class InternalAuthorizationServiceTests extends ESTestCase {
         ClusterState state = mock(ClusterState.class);
         when(clusterService.state()).thenReturn(state);
         when(state.metaData()).thenReturn(MetaData.builder()
-                .put(new IndexMetaData.Builder(ShieldTemplateService.SECURITY_INDEX_NAME)
+                .put(new IndexMetaData.Builder(SecurityTemplateService.SECURITY_INDEX_NAME)
                         .settings(Settings.builder().put("index.version.created", Version.CURRENT).build())
                         .numberOfShards(1).numberOfReplicas(0).build(), true)
                 .build());
 
         List<Tuple<String, TransportRequest>> requests = new ArrayList<>();
-        requests.add(new Tuple<>(DeleteAction.NAME, new DeleteRequest(ShieldTemplateService.SECURITY_INDEX_NAME, "type", "id")));
-        requests.add(new Tuple<>(UpdateAction.NAME, new UpdateRequest(ShieldTemplateService.SECURITY_INDEX_NAME, "type", "id")));
-        requests.add(new Tuple<>(IndexAction.NAME, new IndexRequest(ShieldTemplateService.SECURITY_INDEX_NAME, "type", "id")));
-        requests.add(new Tuple<>(SearchAction.NAME, new SearchRequest(ShieldTemplateService.SECURITY_INDEX_NAME)));
-        requests.add(new Tuple<>(TermVectorsAction.NAME, new TermVectorsRequest(ShieldTemplateService.SECURITY_INDEX_NAME, "type", "id")));
-        requests.add(new Tuple<>(GetAction.NAME, new GetRequest(ShieldTemplateService.SECURITY_INDEX_NAME, "type", "id")));
-        requests.add(new Tuple<>(TermVectorsAction.NAME, new TermVectorsRequest(ShieldTemplateService.SECURITY_INDEX_NAME, "type", "id")));
-        requests.add(new Tuple<>(IndicesAliasesAction.NAME, new IndicesAliasesRequest().addAlias("shield_alias",
-                ShieldTemplateService.SECURITY_INDEX_NAME)));
+        requests.add(new Tuple<>(DeleteAction.NAME, new DeleteRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "type", "id")));
+        requests.add(new Tuple<>(UpdateAction.NAME, new UpdateRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "type", "id")));
+        requests.add(new Tuple<>(IndexAction.NAME, new IndexRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "type", "id")));
+        requests.add(new Tuple<>(SearchAction.NAME, new SearchRequest(SecurityTemplateService.SECURITY_INDEX_NAME)));
+        requests.add(new Tuple<>(TermVectorsAction.NAME,
+                new TermVectorsRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "type", "id")));
+        requests.add(new Tuple<>(GetAction.NAME, new GetRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "type", "id")));
+        requests.add(new Tuple<>(TermVectorsAction.NAME,
+                new TermVectorsRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "type", "id")));
+        requests.add(new Tuple<>(IndicesAliasesAction.NAME, new IndicesAliasesRequest().addAlias("security_alias",
+                SecurityTemplateService.SECURITY_INDEX_NAME)));
         requests.add(
-                new Tuple<>(UpdateSettingsAction.NAME, new UpdateSettingsRequest().indices(ShieldTemplateService.SECURITY_INDEX_NAME)));
+                new Tuple<>(UpdateSettingsAction.NAME, new UpdateSettingsRequest().indices(SecurityTemplateService.SECURITY_INDEX_NAME)));
 
         for (Tuple<String, TransportRequest> requestTuple : requests) {
             String action = requestTuple.v1();
@@ -546,12 +548,12 @@ public class InternalAuthorizationServiceTests extends ESTestCase {
         }
 
         // we should allow waiting for the health of the index or any index if the user has this permission
-        ClusterHealthRequest request = new ClusterHealthRequest(ShieldTemplateService.SECURITY_INDEX_NAME);
+        ClusterHealthRequest request = new ClusterHealthRequest(SecurityTemplateService.SECURITY_INDEX_NAME);
         internalAuthorizationService.authorize(createAuthentication(user), ClusterHealthAction.NAME, request);
         verify(auditTrail).accessGranted(user, ClusterHealthAction.NAME, request);
 
         // multiple indices
-        request = new ClusterHealthRequest(ShieldTemplateService.SECURITY_INDEX_NAME, "foo", "bar");
+        request = new ClusterHealthRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "foo", "bar");
         internalAuthorizationService.authorize(createAuthentication(user), ClusterHealthAction.NAME, request);
         verify(auditTrail).accessGranted(user, ClusterHealthAction.NAME, request);
     }
@@ -565,20 +567,21 @@ public class InternalAuthorizationServiceTests extends ESTestCase {
         ClusterState state = mock(ClusterState.class);
         when(clusterService.state()).thenReturn(state);
         when(state.metaData()).thenReturn(MetaData.builder()
-                .put(new IndexMetaData.Builder(ShieldTemplateService.SECURITY_INDEX_NAME)
+                .put(new IndexMetaData.Builder(SecurityTemplateService.SECURITY_INDEX_NAME)
                         .settings(Settings.builder().put("index.version.created", Version.CURRENT).build())
                         .numberOfShards(1).numberOfReplicas(0).build(), true)
                 .build());
 
         List<Tuple<String, ? extends TransportRequest>> requests = new ArrayList<>();
-        requests.add(new Tuple<>(IndicesStatsAction.NAME, new IndicesStatsRequest().indices(ShieldTemplateService.SECURITY_INDEX_NAME)));
-        requests.add(new Tuple<>(RecoveryAction.NAME, new RecoveryRequest().indices(ShieldTemplateService.SECURITY_INDEX_NAME)));
+        requests.add(new Tuple<>(IndicesStatsAction.NAME, new IndicesStatsRequest().indices(SecurityTemplateService.SECURITY_INDEX_NAME)));
+        requests.add(new Tuple<>(RecoveryAction.NAME, new RecoveryRequest().indices(SecurityTemplateService.SECURITY_INDEX_NAME)));
         requests.add(new Tuple<>(IndicesSegmentsAction.NAME,
-                new IndicesSegmentsRequest().indices(ShieldTemplateService.SECURITY_INDEX_NAME)));
-        requests.add(new Tuple<>(GetSettingsAction.NAME, new GetSettingsRequest().indices(ShieldTemplateService.SECURITY_INDEX_NAME)));
+                new IndicesSegmentsRequest().indices(SecurityTemplateService.SECURITY_INDEX_NAME)));
+        requests.add(new Tuple<>(GetSettingsAction.NAME, new GetSettingsRequest().indices(SecurityTemplateService.SECURITY_INDEX_NAME)));
         requests.add(new Tuple<>(IndicesShardStoresAction.NAME,
-                new IndicesShardStoresRequest().indices(ShieldTemplateService.SECURITY_INDEX_NAME)));
-        requests.add(new Tuple<>(UpgradeStatusAction.NAME, new UpgradeStatusRequest().indices(ShieldTemplateService.SECURITY_INDEX_NAME)));
+                new IndicesShardStoresRequest().indices(SecurityTemplateService.SECURITY_INDEX_NAME)));
+        requests.add(new Tuple<>(UpgradeStatusAction.NAME,
+                new UpgradeStatusRequest().indices(SecurityTemplateService.SECURITY_INDEX_NAME)));
 
         for (Tuple<String, ? extends TransportRequest> requestTuple : requests) {
             String action = requestTuple.v1();
@@ -588,29 +591,31 @@ public class InternalAuthorizationServiceTests extends ESTestCase {
         }
     }
 
-    public void testXPackUserCanExecuteOperationAgainstShieldIndex() {
+    public void testXPackUserCanExecuteOperationAgainstSecurityIndex() {
         when(rolesStore.role(SuperuserRole.NAME)).thenReturn(Role.builder(SuperuserRole.DESCRIPTOR).build());
         ClusterState state = mock(ClusterState.class);
         when(clusterService.state()).thenReturn(state);
         when(state.metaData()).thenReturn(MetaData.builder()
-                .put(new IndexMetaData.Builder(ShieldTemplateService.SECURITY_INDEX_NAME)
+                .put(new IndexMetaData.Builder(SecurityTemplateService.SECURITY_INDEX_NAME)
                         .settings(Settings.builder().put("index.version.created", Version.CURRENT).build())
                         .numberOfShards(1).numberOfReplicas(0).build(), true)
                 .build());
 
         List<Tuple<String, TransportRequest>> requests = new ArrayList<>();
-        requests.add(new Tuple<>(DeleteAction.NAME, new DeleteRequest(ShieldTemplateService.SECURITY_INDEX_NAME, "type", "id")));
-        requests.add(new Tuple<>(UpdateAction.NAME, new UpdateRequest(ShieldTemplateService.SECURITY_INDEX_NAME, "type", "id")));
-        requests.add(new Tuple<>(IndexAction.NAME, new IndexRequest(ShieldTemplateService.SECURITY_INDEX_NAME, "type", "id")));
-        requests.add(new Tuple<>(SearchAction.NAME, new SearchRequest(ShieldTemplateService.SECURITY_INDEX_NAME)));
-        requests.add(new Tuple<>(TermVectorsAction.NAME, new TermVectorsRequest(ShieldTemplateService.SECURITY_INDEX_NAME, "type", "id")));
-        requests.add(new Tuple<>(GetAction.NAME, new GetRequest(ShieldTemplateService.SECURITY_INDEX_NAME, "type", "id")));
-        requests.add(new Tuple<>(TermVectorsAction.NAME, new TermVectorsRequest(ShieldTemplateService.SECURITY_INDEX_NAME, "type", "id")));
-        requests.add(new Tuple<>(IndicesAliasesAction.NAME, new IndicesAliasesRequest().addAlias("shield_alias",
-                ShieldTemplateService.SECURITY_INDEX_NAME)));
-        requests.add(new Tuple<>(ClusterHealthAction.NAME, new ClusterHealthRequest(ShieldTemplateService.SECURITY_INDEX_NAME)));
+        requests.add(new Tuple<>(DeleteAction.NAME, new DeleteRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "type", "id")));
+        requests.add(new Tuple<>(UpdateAction.NAME, new UpdateRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "type", "id")));
+        requests.add(new Tuple<>(IndexAction.NAME, new IndexRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "type", "id")));
+        requests.add(new Tuple<>(SearchAction.NAME, new SearchRequest(SecurityTemplateService.SECURITY_INDEX_NAME)));
+        requests.add(new Tuple<>(TermVectorsAction.NAME,
+                new TermVectorsRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "type", "id")));
+        requests.add(new Tuple<>(GetAction.NAME, new GetRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "type", "id")));
+        requests.add(new Tuple<>(TermVectorsAction.NAME,
+                new TermVectorsRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "type", "id")));
+        requests.add(new Tuple<>(IndicesAliasesAction.NAME, new IndicesAliasesRequest().addAlias("security_alias",
+                SecurityTemplateService.SECURITY_INDEX_NAME)));
+        requests.add(new Tuple<>(ClusterHealthAction.NAME, new ClusterHealthRequest(SecurityTemplateService.SECURITY_INDEX_NAME)));
         requests.add(new Tuple<>(ClusterHealthAction.NAME,
-                new ClusterHealthRequest(ShieldTemplateService.SECURITY_INDEX_NAME, "foo", "bar")));
+                new ClusterHealthRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "foo", "bar")));
 
         for (Tuple<String, TransportRequest> requestTuple : requests) {
             String action = requestTuple.v1();
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/RoleDescriptorTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/RoleDescriptorTests.java
similarity index 99%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/RoleDescriptorTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/RoleDescriptorTests.java
index d7e157e3fe9..2022514b8e2 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/RoleDescriptorTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/RoleDescriptorTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz;
+package org.elasticsearch.xpack.security.authz;
 
 import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.bytes.BytesArray;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/DocumentSubsetReaderTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/accesscontrol/DocumentSubsetReaderTests.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/DocumentSubsetReaderTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/accesscontrol/DocumentSubsetReaderTests.java
index 34451dfbc89..cc8a4b2156c 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/DocumentSubsetReaderTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/accesscontrol/DocumentSubsetReaderTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.accesscontrol;
+package org.elasticsearch.xpack.security.authz.accesscontrol;
 
 import org.apache.lucene.analysis.standard.StandardAnalyzer;
 import org.apache.lucene.document.Document;
@@ -180,7 +180,7 @@ public class DocumentSubsetReaderTests extends ESTestCase {
             DocumentSubsetReader.wrap(directoryReader, bitsetFilterCache, new MatchAllDocsQuery());
             fail("shouldn't be able to wrap DocumentSubsetDirectoryReader twice");
         } catch (IllegalArgumentException e) {
-            assertThat(e.getMessage(), equalTo("Can't wrap [class org.elasticsearch.shield.authz.accesscontrol" +
+            assertThat(e.getMessage(), equalTo("Can't wrap [class org.elasticsearch.xpack.security.authz.accesscontrol" +
                     ".DocumentSubsetReader$DocumentSubsetDirectoryReader] twice"));
         }
 
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/FieldDataCacheWithFieldSubsetReaderTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/accesscontrol/FieldDataCacheWithFieldSubsetReaderTests.java
similarity index 99%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/FieldDataCacheWithFieldSubsetReaderTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/accesscontrol/FieldDataCacheWithFieldSubsetReaderTests.java
index 000b967979c..7ed7130950d 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/FieldDataCacheWithFieldSubsetReaderTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/accesscontrol/FieldDataCacheWithFieldSubsetReaderTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.accesscontrol;
+package org.elasticsearch.xpack.security.authz.accesscontrol;
 
 import org.apache.lucene.document.Document;
 import org.apache.lucene.document.Field;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/FieldSubsetReaderTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/accesscontrol/FieldSubsetReaderTests.java
similarity index 99%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/FieldSubsetReaderTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/accesscontrol/FieldSubsetReaderTests.java
index 88c8c124f50..58a015abc26 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/FieldSubsetReaderTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/accesscontrol/FieldSubsetReaderTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.accesscontrol;
+package org.elasticsearch.xpack.security.authz.accesscontrol;
 
 import org.apache.lucene.analysis.MockAnalyzer;
 import org.apache.lucene.document.BinaryDocValuesField;
@@ -893,7 +893,7 @@ public class FieldSubsetReaderTests extends ESTestCase {
             FieldSubsetReader.wrap(directoryReader, Collections.emptySet());
             fail("shouldn't be able to wrap FieldSubsetDirectoryReader twice");
         } catch (IllegalArgumentException e) {
-            assertThat(e.getMessage(), equalTo("Can't wrap [class org.elasticsearch.shield.authz.accesscontrol" +
+            assertThat(e.getMessage(), equalTo("Can't wrap [class org.elasticsearch.xpack.security.authz.accesscontrol" +
                     ".FieldSubsetReader$FieldSubsetDirectoryReader] twice"));
         }
         directoryReader.close();
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/IndicesAccessControlTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/accesscontrol/IndicesAccessControlTests.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/IndicesAccessControlTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/accesscontrol/IndicesAccessControlTests.java
index cd711595765..fd59933d456 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/IndicesAccessControlTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/accesscontrol/IndicesAccessControlTests.java
@@ -3,13 +3,13 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.accesscontrol;
+package org.elasticsearch.xpack.security.authz.accesscontrol;
 
 import org.elasticsearch.common.bytes.BytesArray;
 import org.elasticsearch.common.bytes.BytesReference;
 import org.elasticsearch.common.util.set.Sets;
 import org.elasticsearch.test.ESTestCase;
-import org.elasticsearch.shield.authz.accesscontrol.IndicesAccessControl.IndexAccessControl;
+import org.elasticsearch.xpack.security.authz.accesscontrol.IndicesAccessControl.IndexAccessControl;
 
 import java.util.Collections;
 import java.util.Set;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/IndicesPermissionTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/accesscontrol/IndicesPermissionTests.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/IndicesPermissionTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/accesscontrol/IndicesPermissionTests.java
index bdecc86d919..9c04e3f5d5c 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/IndicesPermissionTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/accesscontrol/IndicesPermissionTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.accesscontrol;
+package org.elasticsearch.xpack.security.authz.accesscontrol;
 
 import org.elasticsearch.Version;
 import org.elasticsearch.action.search.SearchAction;
@@ -14,8 +14,8 @@ import org.elasticsearch.common.bytes.BytesArray;
 import org.elasticsearch.common.bytes.BytesReference;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.set.Sets;
-import org.elasticsearch.shield.authz.permission.Role;
-import org.elasticsearch.shield.authz.privilege.IndexPrivilege;
+import org.elasticsearch.xpack.security.authz.permission.Role;
+import org.elasticsearch.xpack.security.authz.privilege.IndexPrivilege;
 import org.elasticsearch.test.ESTestCase;
 
 import java.util.Arrays;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/ShieldIndexSearcherWrapperIntegrationTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/accesscontrol/SecurityIndexSearcherWrapperIntegrationTests.java
similarity index 95%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/ShieldIndexSearcherWrapperIntegrationTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/accesscontrol/SecurityIndexSearcherWrapperIntegrationTests.java
index c65b4a2c0a6..7aad4e153ae 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/ShieldIndexSearcherWrapperIntegrationTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/accesscontrol/SecurityIndexSearcherWrapperIntegrationTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.accesscontrol;
+package org.elasticsearch.xpack.security.authz.accesscontrol;
 
 import org.apache.lucene.analysis.standard.StandardAnalyzer;
 import org.apache.lucene.document.Document;
@@ -34,7 +34,7 @@ import org.elasticsearch.index.query.QueryParseContext;
 import org.elasticsearch.index.query.QueryShardContext;
 import org.elasticsearch.index.query.TermQueryBuilder;
 import org.elasticsearch.index.shard.ShardId;
-import org.elasticsearch.shield.SecurityLicenseState;
+import org.elasticsearch.xpack.security.SecurityLicenseState;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.test.IndexSettingsModule;
 
@@ -50,7 +50,7 @@ import static org.mockito.Matchers.anyString;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
-public class ShieldIndexSearcherWrapperIntegrationTests extends ESTestCase {
+public class SecurityIndexSearcherWrapperIntegrationTests extends ESTestCase {
 
     public void testDLS() throws Exception {
         ShardId shardId = new ShardId("_index", "_na_", 0);
@@ -78,7 +78,7 @@ public class ShieldIndexSearcherWrapperIntegrationTests extends ESTestCase {
         });
         SecurityLicenseState licenseState = mock(SecurityLicenseState.class);
         when(licenseState.documentAndFieldLevelSecurityEnabled()).thenReturn(true);
-        ShieldIndexSearcherWrapper wrapper = new ShieldIndexSearcherWrapper(indexSettings, queryShardContext, mapperService,
+        SecurityIndexSearcherWrapper wrapper = new SecurityIndexSearcherWrapper(indexSettings, queryShardContext, mapperService,
                 bitsetFilterCache, threadContext, licenseState) {
 
             @Override
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/ShieldIndexSearcherWrapperUnitTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/accesscontrol/SecurityIndexSearcherWrapperUnitTests.java
similarity index 92%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/ShieldIndexSearcherWrapperUnitTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/accesscontrol/SecurityIndexSearcherWrapperUnitTests.java
index 50954e7b324..705dcbe9d5f 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/ShieldIndexSearcherWrapperUnitTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/accesscontrol/SecurityIndexSearcherWrapperUnitTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.accesscontrol;
+package org.elasticsearch.xpack.security.authz.accesscontrol;
 
 import org.apache.lucene.analysis.standard.StandardAnalyzer;
 import org.apache.lucene.document.Document;
@@ -52,8 +52,8 @@ import org.elasticsearch.index.shard.ShardId;
 import org.elasticsearch.index.similarity.SimilarityService;
 import org.elasticsearch.indices.IndicesModule;
 import org.elasticsearch.search.aggregations.LeafBucketCollector;
-import org.elasticsearch.shield.authz.accesscontrol.DocumentSubsetReader.DocumentSubsetDirectoryReader;
-import org.elasticsearch.shield.SecurityLicenseState;
+import org.elasticsearch.xpack.security.authz.accesscontrol.DocumentSubsetReader.DocumentSubsetDirectoryReader;
+import org.elasticsearch.xpack.security.SecurityLicenseState;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.test.IndexSettingsModule;
 import org.junit.After;
@@ -68,7 +68,7 @@ import static java.util.Collections.emptySet;
 import static java.util.Collections.singleton;
 import static java.util.Collections.singletonMap;
 import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
-import static org.elasticsearch.shield.authz.accesscontrol.ShieldIndexSearcherWrapper.intersectScorerAndRoleBits;
+import static org.elasticsearch.xpack.security.authz.accesscontrol.SecurityIndexSearcherWrapper.intersectScorerAndRoleBits;
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.instanceOf;
 import static org.hamcrest.Matchers.is;
@@ -77,11 +77,11 @@ import static org.hamcrest.Matchers.sameInstance;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
-public class ShieldIndexSearcherWrapperUnitTests extends ESTestCase {
+public class SecurityIndexSearcherWrapperUnitTests extends ESTestCase {
 
     private ThreadContext threadContext;
     private MapperService mapperService;
-    private ShieldIndexSearcherWrapper shieldIndexSearcherWrapper;
+    private SecurityIndexSearcherWrapper securityIndexSearcherWrapper;
     private ElasticsearchDirectoryReader esIn;
     private SecurityLicenseState licenseState;
     private IndexSettings indexSettings;
@@ -123,7 +123,8 @@ public class ShieldIndexSearcherWrapperUnitTests extends ESTestCase {
                 .endObject().endObject();
         mapperService.merge("type", new CompressedXContent(mappingSource.string()), MapperService.MergeReason.MAPPING_UPDATE, false);
 
-        shieldIndexSearcherWrapper = new ShieldIndexSearcherWrapper(indexSettings, null, mapperService, null, threadContext, licenseState) {
+        securityIndexSearcherWrapper =
+                new SecurityIndexSearcherWrapper(indexSettings, null, mapperService, null, threadContext, licenseState) {
             @Override
             protected IndicesAccessControl getIndicesAccessControl() {
                 IndicesAccessControl.IndexAccessControl indexAccessControl = new IndicesAccessControl.IndexAccessControl(true,
@@ -133,7 +134,7 @@ public class ShieldIndexSearcherWrapperUnitTests extends ESTestCase {
         };
 
         FieldSubsetReader.FieldSubsetDirectoryReader result =
-                (FieldSubsetReader.FieldSubsetDirectoryReader) shieldIndexSearcherWrapper.wrap(esIn);
+                (FieldSubsetReader.FieldSubsetDirectoryReader) securityIndexSearcherWrapper.wrap(esIn);
         assertThat(result.getFieldNames().size(), equalTo(12));
         assertThat(result.getFieldNames().contains("_uid"), is(true));
         assertThat(result.getFieldNames().contains("_id"), is(true));
@@ -153,15 +154,17 @@ public class ShieldIndexSearcherWrapperUnitTests extends ESTestCase {
 
     public void testWrapReaderWhenFeatureDisabled() throws Exception {
         when(licenseState.documentAndFieldLevelSecurityEnabled()).thenReturn(false);
-        shieldIndexSearcherWrapper = new ShieldIndexSearcherWrapper(indexSettings, null, mapperService, null, threadContext, licenseState);
-        DirectoryReader reader = shieldIndexSearcherWrapper.wrap(esIn);
+        securityIndexSearcherWrapper =
+                new SecurityIndexSearcherWrapper(indexSettings, null, mapperService, null, threadContext, licenseState);
+        DirectoryReader reader = securityIndexSearcherWrapper.wrap(esIn);
         assertThat(reader, sameInstance(esIn));
     }
 
     public void testWrapSearcherWhenFeatureDisabled() throws Exception {
-        shieldIndexSearcherWrapper = new ShieldIndexSearcherWrapper(indexSettings, null, mapperService, null, threadContext, licenseState);
+        securityIndexSearcherWrapper =
+                new SecurityIndexSearcherWrapper(indexSettings, null, mapperService, null, threadContext, licenseState);
         IndexSearcher indexSearcher = new IndexSearcher(esIn);
-        IndexSearcher result = shieldIndexSearcherWrapper.wrap(indexSearcher);
+        IndexSearcher result = securityIndexSearcherWrapper.wrap(indexSearcher);
         assertThat(result, sameInstance(indexSearcher));
     }
 
@@ -270,15 +273,17 @@ public class ShieldIndexSearcherWrapperUnitTests extends ESTestCase {
         });
         DirectoryReader directoryReader = DocumentSubsetReader.wrap(esIn, bitsetFilterCache, new MatchAllDocsQuery());
         IndexSearcher indexSearcher = new IndexSearcher(directoryReader);
-        shieldIndexSearcherWrapper = new ShieldIndexSearcherWrapper(indexSettings, null, mapperService, null, threadContext, licenseState);
-        IndexSearcher result = shieldIndexSearcherWrapper.wrap(indexSearcher);
+        securityIndexSearcherWrapper =
+                new SecurityIndexSearcherWrapper(indexSettings, null, mapperService, null, threadContext, licenseState);
+        IndexSearcher result = securityIndexSearcherWrapper.wrap(indexSearcher);
         assertThat(result, not(sameInstance(indexSearcher)));
         assertThat(result.getSimilarity(true), sameInstance(indexSearcher.getSimilarity(true)));
         bitsetFilterCache.close();
     }
 
     public void testIntersectScorerAndRoleBits() throws Exception {
-        shieldIndexSearcherWrapper = new ShieldIndexSearcherWrapper(indexSettings, null, mapperService, null, threadContext, licenseState);
+        securityIndexSearcherWrapper =
+                new SecurityIndexSearcherWrapper(indexSettings, null, mapperService, null, threadContext, licenseState);
         final Directory directory = newDirectory();
         IndexWriter iw = new IndexWriter(
                 directory,
@@ -366,7 +371,8 @@ public class ShieldIndexSearcherWrapperUnitTests extends ESTestCase {
     }
 
     private void assertResolvedFields(String expression, String... expectedFields) {
-        shieldIndexSearcherWrapper = new ShieldIndexSearcherWrapper(indexSettings, null, mapperService, null, threadContext, licenseState) {
+        securityIndexSearcherWrapper =
+                new SecurityIndexSearcherWrapper(indexSettings, null, mapperService, null, threadContext, licenseState) {
             @Override
             protected IndicesAccessControl getIndicesAccessControl() {
                 IndicesAccessControl.IndexAccessControl indexAccessControl = new IndicesAccessControl.IndexAccessControl(true,
@@ -375,9 +381,9 @@ public class ShieldIndexSearcherWrapperUnitTests extends ESTestCase {
             }
         };
         FieldSubsetReader.FieldSubsetDirectoryReader result =
-                (FieldSubsetReader.FieldSubsetDirectoryReader) shieldIndexSearcherWrapper.wrap(esIn);
+                (FieldSubsetReader.FieldSubsetDirectoryReader) securityIndexSearcherWrapper.wrap(esIn);
 
-        assertThat(result.getFieldNames().size() - shieldIndexSearcherWrapper.getAllowedMetaFields().size(),
+        assertThat(result.getFieldNames().size() - securityIndexSearcherWrapper.getAllowedMetaFields().size(),
                 equalTo(expectedFields.length));
         for (String expectedField : expectedFields) {
             assertThat(result.getFieldNames().contains(expectedField), is(true));
@@ -531,7 +537,7 @@ public class ShieldIndexSearcherWrapperUnitTests extends ESTestCase {
         }
 
         DocumentSubsetDirectoryReader filteredReader = DocumentSubsetReader.wrap(reader, cache, roleQuery);
-        IndexSearcher searcher = new ShieldIndexSearcherWrapper.IndexSearcherWrapper(filteredReader);
+        IndexSearcher searcher = new SecurityIndexSearcherWrapper.IndexSearcherWrapper(filteredReader);
 
         // Searching a non-existing term will trigger a null scorer
         assertEquals(0, searcher.count(new TermQuery(new Term("non_existing_field", "non_existing_value"))));
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/indicesresolver/DefaultIndicesResolverTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/indicesresolver/DefaultIndicesResolverTests.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/indicesresolver/DefaultIndicesResolverTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/indicesresolver/DefaultIndicesResolverTests.java
index 62680cce34f..82df1025e0c 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/indicesresolver/DefaultIndicesResolverTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/indicesresolver/DefaultIndicesResolverTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.indicesresolver;
+package org.elasticsearch.xpack.security.authz.indicesresolver;
 
 import org.elasticsearch.Version;
 import org.elasticsearch.action.admin.indices.alias.IndicesAliasesAction;
@@ -29,17 +29,17 @@ import org.elasticsearch.cluster.metadata.IndexMetaData;
 import org.elasticsearch.cluster.metadata.MetaData;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.index.IndexNotFoundException;
-import org.elasticsearch.shield.ShieldTemplateService;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.user.XPackUser;
-import org.elasticsearch.shield.audit.AuditTrail;
-import org.elasticsearch.shield.authc.DefaultAuthenticationFailureHandler;
-import org.elasticsearch.shield.authz.InternalAuthorizationService;
-import org.elasticsearch.shield.authz.permission.Role;
-import org.elasticsearch.shield.authz.permission.SuperuserRole;
-import org.elasticsearch.shield.authz.privilege.ClusterPrivilege;
-import org.elasticsearch.shield.authz.privilege.IndexPrivilege;
-import org.elasticsearch.shield.authz.store.RolesStore;
+import org.elasticsearch.xpack.security.SecurityTemplateService;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.user.XPackUser;
+import org.elasticsearch.xpack.security.audit.AuditTrail;
+import org.elasticsearch.xpack.security.authc.DefaultAuthenticationFailureHandler;
+import org.elasticsearch.xpack.security.authz.InternalAuthorizationService;
+import org.elasticsearch.xpack.security.authz.permission.Role;
+import org.elasticsearch.xpack.security.authz.permission.SuperuserRole;
+import org.elasticsearch.xpack.security.authz.privilege.ClusterPrivilege;
+import org.elasticsearch.xpack.security.authz.privilege.IndexPrivilege;
+import org.elasticsearch.xpack.security.authz.store.RolesStore;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.junit.Before;
@@ -86,7 +86,7 @@ public class DefaultIndicesResolverTests extends ESTestCase {
                 .put(indexBuilder("bar-closed").state(IndexMetaData.State.CLOSE).settings(settings))
                 .put(indexBuilder("bar2").settings(settings))
                 .put(indexBuilder(indexNameExpressionResolver.resolveDateMathExpression("<datetime-{now/M}>")).settings(settings))
-                .put(indexBuilder(ShieldTemplateService.SECURITY_INDEX_NAME).settings(settings));
+                .put(indexBuilder(SecurityTemplateService.SECURITY_INDEX_NAME).settings(settings));
         metaData = mdBuilder.build();
 
         user = new User("user", "role");
@@ -822,12 +822,12 @@ public class DefaultIndicesResolverTests extends ESTestCase {
     public void testXPackUserHasAccessToSecurityIndex() {
         SearchRequest request = new SearchRequest();
         Set<String> indices = defaultIndicesResolver.resolve(XPackUser.INSTANCE, SearchAction.NAME, request, metaData);
-        assertThat(indices, hasItem(ShieldTemplateService.SECURITY_INDEX_NAME));
+        assertThat(indices, hasItem(SecurityTemplateService.SECURITY_INDEX_NAME));
 
         IndicesAliasesRequest aliasesRequest = new IndicesAliasesRequest();
-        aliasesRequest.addAlias("shield_alias", "*");
+        aliasesRequest.addAlias("security_alias", "*");
         indices = defaultIndicesResolver.resolve(XPackUser.INSTANCE, IndicesAliasesAction.NAME, aliasesRequest, metaData);
-        assertThat(indices, hasItem(ShieldTemplateService.SECURITY_INDEX_NAME));
+        assertThat(indices, hasItem(SecurityTemplateService.SECURITY_INDEX_NAME));
     }
 
     public void testNonXPackUserAccessingSecurityIndex() {
@@ -837,12 +837,12 @@ public class DefaultIndicesResolverTests extends ESTestCase {
 
         SearchRequest request = new SearchRequest();
         Set<String> indices = defaultIndicesResolver.resolve(allAccessUser, SearchAction.NAME, request, metaData);
-        assertThat(indices, not(hasItem(ShieldTemplateService.SECURITY_INDEX_NAME)));
+        assertThat(indices, not(hasItem(SecurityTemplateService.SECURITY_INDEX_NAME)));
 
         IndicesAliasesRequest aliasesRequest = new IndicesAliasesRequest();
-        aliasesRequest.addAlias("shield_alias1", "*");
+        aliasesRequest.addAlias("security_alias1", "*");
         indices = defaultIndicesResolver.resolve(allAccessUser, IndicesAliasesAction.NAME, aliasesRequest, metaData);
-        assertThat(indices, not(hasItem(ShieldTemplateService.SECURITY_INDEX_NAME)));
+        assertThat(indices, not(hasItem(SecurityTemplateService.SECURITY_INDEX_NAME)));
     }
 
     public void testResolvingDateExpression() {
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/indicesresolver/IndicesAndAliasesResolverIntegrationTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/indicesresolver/IndicesAndAliasesResolverIntegrationTests.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/indicesresolver/IndicesAndAliasesResolverIntegrationTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/indicesresolver/IndicesAndAliasesResolverIntegrationTests.java
index c2de6613531..43326bfc33a 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/indicesresolver/IndicesAndAliasesResolverIntegrationTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/indicesresolver/IndicesAndAliasesResolverIntegrationTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.indicesresolver;
+package org.elasticsearch.xpack.security.authz.indicesresolver;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.action.ActionRequestBuilder;
@@ -14,22 +14,22 @@ import org.elasticsearch.action.support.IndicesOptions;
 import org.elasticsearch.client.Requests;
 import org.elasticsearch.index.IndexNotFoundException;
 import org.elasticsearch.search.SearchHit;
-import org.elasticsearch.test.ShieldIntegTestCase;
-import org.elasticsearch.test.ShieldSettingsSource;
+import org.elasticsearch.test.SecurityIntegTestCase;
+import org.elasticsearch.test.SecuritySettingsSource;
 
 import java.util.ArrayList;
 import java.util.List;
 
-import static org.elasticsearch.test.ShieldTestsUtils.assertAuthorizationException;
+import static org.elasticsearch.test.SecurityTestsUtils.assertAuthorizationException;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.hasItems;
 import static org.hamcrest.Matchers.is;
 
-public class IndicesAndAliasesResolverIntegrationTests extends ShieldIntegTestCase {
+public class IndicesAndAliasesResolverIntegrationTests extends SecurityIntegTestCase {
     @Override
     protected String configRoles() {
-        return ShieldSettingsSource.DEFAULT_ROLE + ":\n" +
+        return SecuritySettingsSource.DEFAULT_ROLE + ":\n" +
                 "  cluster: [ ALL ]\n" +
                 "  indices:\n" +
                 "    - names: '*'\n" +
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/permission/DefaultRoleTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/permission/DefaultRoleTests.java
similarity index 88%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/permission/DefaultRoleTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/permission/DefaultRoleTests.java
index fad804c08aa..1261a3c49c8 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/permission/DefaultRoleTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/permission/DefaultRoleTests.java
@@ -3,31 +3,31 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.permission;
+package org.elasticsearch.xpack.security.authz.permission;
 
 import org.elasticsearch.action.admin.cluster.health.ClusterHealthAction;
 import org.elasticsearch.action.admin.cluster.state.ClusterStateAction;
 import org.elasticsearch.action.admin.cluster.stats.ClusterStatsAction;
 import org.elasticsearch.client.Client;
 import org.elasticsearch.license.plugin.action.get.GetLicenseAction;
-import org.elasticsearch.shield.action.user.AuthenticateRequestBuilder;
-import org.elasticsearch.shield.action.user.ChangePasswordRequestBuilder;
-import org.elasticsearch.shield.authc.Authentication;
-import org.elasticsearch.shield.authc.Authentication.RealmRef;
-import org.elasticsearch.shield.authc.activedirectory.ActiveDirectoryRealm;
-import org.elasticsearch.shield.authc.esnative.NativeRealm;
-import org.elasticsearch.shield.authc.esnative.ReservedRealm;
-import org.elasticsearch.shield.authc.file.FileRealm;
-import org.elasticsearch.shield.authc.ldap.LdapRealm;
-import org.elasticsearch.shield.authc.pki.PkiRealm;
-import org.elasticsearch.shield.user.User;
-import org.elasticsearch.shield.action.user.AuthenticateAction;
-import org.elasticsearch.shield.action.user.AuthenticateRequest;
-import org.elasticsearch.shield.action.user.ChangePasswordAction;
-import org.elasticsearch.shield.action.user.ChangePasswordRequest;
-import org.elasticsearch.shield.action.user.DeleteUserAction;
-import org.elasticsearch.shield.action.user.PutUserAction;
-import org.elasticsearch.shield.action.user.UserRequest;
+import org.elasticsearch.xpack.security.action.user.AuthenticateRequestBuilder;
+import org.elasticsearch.xpack.security.action.user.ChangePasswordRequestBuilder;
+import org.elasticsearch.xpack.security.authc.Authentication;
+import org.elasticsearch.xpack.security.authc.Authentication.RealmRef;
+import org.elasticsearch.xpack.security.authc.activedirectory.ActiveDirectoryRealm;
+import org.elasticsearch.xpack.security.authc.esnative.NativeRealm;
+import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm;
+import org.elasticsearch.xpack.security.authc.file.FileRealm;
+import org.elasticsearch.xpack.security.authc.ldap.LdapRealm;
+import org.elasticsearch.xpack.security.authc.pki.PkiRealm;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.action.user.AuthenticateAction;
+import org.elasticsearch.xpack.security.action.user.AuthenticateRequest;
+import org.elasticsearch.xpack.security.action.user.ChangePasswordAction;
+import org.elasticsearch.xpack.security.action.user.ChangePasswordRequest;
+import org.elasticsearch.xpack.security.action.user.DeleteUserAction;
+import org.elasticsearch.xpack.security.action.user.PutUserAction;
+import org.elasticsearch.xpack.security.action.user.UserRequest;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.transport.TransportRequest;
 
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/permission/KibanaRoleTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/permission/KibanaRoleTests.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/permission/KibanaRoleTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/permission/KibanaRoleTests.java
index f199c3008b7..30b8b0b62a8 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/permission/KibanaRoleTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/permission/KibanaRoleTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.permission;
+package org.elasticsearch.xpack.security.authz.permission;
 
 import org.elasticsearch.action.admin.cluster.health.ClusterHealthAction;
 import org.elasticsearch.action.admin.cluster.reroute.ClusterRerouteAction;
@@ -17,7 +17,7 @@ import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateActio
 import org.elasticsearch.action.delete.DeleteAction;
 import org.elasticsearch.action.index.IndexAction;
 import org.elasticsearch.marvel.action.MonitoringBulkAction;
-import org.elasticsearch.shield.authc.Authentication;
+import org.elasticsearch.xpack.security.authc.Authentication;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.transport.TransportRequest;
 
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/permission/KibanaUserRoleTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/permission/KibanaUserRoleTests.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/permission/KibanaUserRoleTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/permission/KibanaUserRoleTests.java
index 89021551d05..994ebbbf723 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/permission/KibanaUserRoleTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/permission/KibanaUserRoleTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.permission;
+package org.elasticsearch.xpack.security.authz.permission;
 
 import org.elasticsearch.action.admin.cluster.health.ClusterHealthAction;
 import org.elasticsearch.action.admin.cluster.reroute.ClusterRerouteAction;
@@ -19,7 +19,7 @@ import org.elasticsearch.action.index.IndexAction;
 import org.elasticsearch.action.search.MultiSearchAction;
 import org.elasticsearch.action.search.SearchAction;
 import org.elasticsearch.marvel.action.MonitoringBulkAction;
-import org.elasticsearch.shield.authc.Authentication;
+import org.elasticsearch.xpack.security.authc.Authentication;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.transport.TransportRequest;
 
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/permission/PermissionTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/permission/PermissionTests.java
similarity index 88%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/permission/PermissionTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/permission/PermissionTests.java
index b3ae5bb80df..4a53b30854c 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/permission/PermissionTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/permission/PermissionTests.java
@@ -3,11 +3,11 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.permission;
+package org.elasticsearch.xpack.security.authz.permission;
 
 import org.elasticsearch.action.get.GetAction;
-import org.elasticsearch.shield.authz.privilege.ClusterPrivilege;
-import org.elasticsearch.shield.authz.privilege.GeneralPrivilege;
+import org.elasticsearch.xpack.security.authz.privilege.ClusterPrivilege;
+import org.elasticsearch.xpack.security.authz.privilege.GeneralPrivilege;
 import org.elasticsearch.test.ESTestCase;
 import org.junit.Before;
 
@@ -16,9 +16,9 @@ import java.util.Collections;
 import java.util.Iterator;
 import java.util.function.Predicate;
 
-import static org.elasticsearch.shield.authz.privilege.IndexPrivilege.MONITOR;
-import static org.elasticsearch.shield.authz.privilege.IndexPrivilege.READ;
-import static org.elasticsearch.shield.authz.privilege.IndexPrivilege.union;
+import static org.elasticsearch.xpack.security.authz.privilege.IndexPrivilege.MONITOR;
+import static org.elasticsearch.xpack.security.authz.privilege.IndexPrivilege.READ;
+import static org.elasticsearch.xpack.security.authz.privilege.IndexPrivilege.union;
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.notNullValue;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/permission/SuperuserRoleTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/permission/SuperuserRoleTests.java
similarity index 92%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/permission/SuperuserRoleTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/permission/SuperuserRoleTests.java
index cd47c9e1bee..cabd1c68ec8 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/permission/SuperuserRoleTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/permission/SuperuserRoleTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.permission;
+package org.elasticsearch.xpack.security.authz.permission;
 
 import org.elasticsearch.Version;
 import org.elasticsearch.action.admin.cluster.health.ClusterHealthAction;
@@ -18,11 +18,11 @@ import org.elasticsearch.cluster.metadata.IndexMetaData;
 import org.elasticsearch.cluster.metadata.MetaData;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.set.Sets;
-import org.elasticsearch.shield.action.role.PutRoleAction;
-import org.elasticsearch.shield.action.user.PutUserAction;
-import org.elasticsearch.shield.authc.Authentication;
-import org.elasticsearch.shield.authz.accesscontrol.IndicesAccessControl.IndexAccessControl;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.action.role.PutRoleAction;
+import org.elasticsearch.xpack.security.action.user.PutUserAction;
+import org.elasticsearch.xpack.security.authc.Authentication;
+import org.elasticsearch.xpack.security.authz.accesscontrol.IndicesAccessControl.IndexAccessControl;
+import org.elasticsearch.xpack.security.user.User;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.transport.TransportRequest;
 
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/privilege/PrivilegeTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/privilege/PrivilegeTests.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/privilege/PrivilegeTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/privilege/PrivilegeTests.java
index 65f5a4e796f..176e522eb7f 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/privilege/PrivilegeTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/privilege/PrivilegeTests.java
@@ -3,14 +3,14 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.privilege;
+package org.elasticsearch.xpack.security.authz.privilege;
 
 import org.elasticsearch.action.ingest.DeletePipelineAction;
 import org.elasticsearch.action.ingest.GetPipelineAction;
 import org.elasticsearch.action.ingest.PutPipelineAction;
 import org.elasticsearch.action.ingest.SimulatePipelineAction;
-import org.elasticsearch.shield.support.AutomatonPredicate;
-import org.elasticsearch.shield.support.Automatons;
+import org.elasticsearch.xpack.security.support.AutomatonPredicate;
+import org.elasticsearch.xpack.security.support.Automatons;
 import org.elasticsearch.test.ESTestCase;
 import org.junit.Rule;
 import org.junit.rules.ExpectedException;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/store/FileRolesStoreTests.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/store/FileRolesStoreTests.java
index 0a0ccfd206c..4df6f1a8566 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/store/FileRolesStoreTests.java
@@ -3,19 +3,19 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.store;
+package org.elasticsearch.xpack.security.authz.store;
 
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.audit.logfile.CapturingLogger;
-import org.elasticsearch.shield.authc.support.RefreshListener;
-import org.elasticsearch.shield.authz.permission.ClusterPermission;
-import org.elasticsearch.shield.authz.permission.IndicesPermission;
-import org.elasticsearch.shield.authz.permission.Role;
-import org.elasticsearch.shield.authz.permission.RunAsPermission;
-import org.elasticsearch.shield.authz.privilege.ClusterPrivilege;
-import org.elasticsearch.shield.authz.privilege.IndexPrivilege;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.audit.logfile.CapturingLogger;
+import org.elasticsearch.xpack.security.authc.support.RefreshListener;
+import org.elasticsearch.xpack.security.authz.permission.ClusterPermission;
+import org.elasticsearch.xpack.security.authz.permission.IndicesPermission;
+import org.elasticsearch.xpack.security.authz.permission.Role;
+import org.elasticsearch.xpack.security.authz.permission.RunAsPermission;
+import org.elasticsearch.xpack.security.authz.privilege.ClusterPrivilege;
+import org.elasticsearch.xpack.security.authz.privilege.IndexPrivilege;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.threadpool.TestThreadPool;
 import org.elasticsearch.threadpool.ThreadPool;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/ReservedRolesStoreTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/store/ReservedRolesStoreTests.java
similarity index 86%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/ReservedRolesStoreTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/store/ReservedRolesStoreTests.java
index 7de3c6c32c0..c3b10a84f9a 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/ReservedRolesStoreTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/store/ReservedRolesStoreTests.java
@@ -3,17 +3,17 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.authz.store;
+package org.elasticsearch.xpack.security.authz.store;
 
-import org.elasticsearch.shield.SecurityContext;
-import org.elasticsearch.shield.authz.permission.KibanaRole;
-import org.elasticsearch.shield.authz.permission.KibanaUserRole;
-import org.elasticsearch.shield.authz.permission.SuperuserRole;
-import org.elasticsearch.shield.authz.permission.TransportClientRole;
-import org.elasticsearch.shield.user.ElasticUser;
-import org.elasticsearch.shield.user.KibanaUser;
-import org.elasticsearch.shield.user.SystemUser;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.SecurityContext;
+import org.elasticsearch.xpack.security.authz.permission.KibanaRole;
+import org.elasticsearch.xpack.security.authz.permission.KibanaUserRole;
+import org.elasticsearch.xpack.security.authz.permission.SuperuserRole;
+import org.elasticsearch.xpack.security.authz.permission.TransportClientRole;
+import org.elasticsearch.xpack.security.user.ElasticUser;
+import org.elasticsearch.xpack.security.user.KibanaUser;
+import org.elasticsearch.xpack.security.user.SystemUser;
+import org.elasticsearch.xpack.security.user.User;
 import org.elasticsearch.test.ESTestCase;
 import org.junit.Before;
 
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/crypto/InternalCryptoServiceTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/crypto/InternalCryptoServiceTests.java
similarity index 99%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/crypto/InternalCryptoServiceTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/crypto/InternalCryptoServiceTests.java
index ef6d5cc9404..9a02c4fdb10 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/crypto/InternalCryptoServiceTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/crypto/InternalCryptoServiceTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.crypto;
+package org.elasticsearch.xpack.security.crypto;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.common.io.Streams;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/crypto/tool/SystemKeyToolTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/crypto/tool/SystemKeyToolTests.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/crypto/tool/SystemKeyToolTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/crypto/tool/SystemKeyToolTests.java
index 636605c18fd..d8e3f3e7e6b 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/crypto/tool/SystemKeyToolTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/crypto/tool/SystemKeyToolTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.crypto.tool;
+package org.elasticsearch.xpack.security.crypto.tool;
 
 import com.google.common.jimfs.Configuration;
 import com.google.common.jimfs.Jimfs;
@@ -11,7 +11,7 @@ import org.apache.lucene.util.IOUtils;
 import org.elasticsearch.cli.Command;
 import org.elasticsearch.cli.CommandTestCase;
 import org.elasticsearch.common.io.PathUtilsForTesting;
-import org.elasticsearch.shield.crypto.InternalCryptoService;
+import org.elasticsearch.xpack.security.crypto.InternalCryptoService;
 import org.junit.After;
 
 import java.nio.file.FileSystem;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/rest/ShieldRestFilterTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/rest/SecurityRestFilterTests.java
similarity index 86%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/rest/ShieldRestFilterTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/rest/SecurityRestFilterTests.java
index fac9f00da77..77d445bbbc4 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/rest/ShieldRestFilterTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/rest/SecurityRestFilterTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.rest;
+package org.elasticsearch.xpack.security.rest;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.common.settings.Settings;
@@ -12,14 +12,14 @@ import org.elasticsearch.rest.RestChannel;
 import org.elasticsearch.rest.RestController;
 import org.elasticsearch.rest.RestFilterChain;
 import org.elasticsearch.rest.RestRequest;
-import org.elasticsearch.shield.authc.Authentication;
-import org.elasticsearch.shield.authc.AuthenticationService;
-import org.elasticsearch.shield.SecurityLicenseState;
+import org.elasticsearch.xpack.security.authc.Authentication;
+import org.elasticsearch.xpack.security.authc.AuthenticationService;
+import org.elasticsearch.xpack.security.SecurityLicenseState;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.junit.Before;
 
-import static org.elasticsearch.shield.support.Exceptions.authenticationError;
+import static org.elasticsearch.xpack.security.support.Exceptions.authenticationError;
 import static org.hamcrest.Matchers.equalTo;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
@@ -29,11 +29,11 @@ import static org.mockito.Mockito.when;
 /**
  *
  */
-public class ShieldRestFilterTests extends ESTestCase {
+public class SecurityRestFilterTests extends ESTestCase {
     private AuthenticationService authcService;
     private RestChannel channel;
     private RestFilterChain chain;
-    private ShieldRestFilter filter;
+    private SecurityRestFilter filter;
     private SecurityLicenseState licenseState;
 
     @Before
@@ -46,7 +46,7 @@ public class ShieldRestFilterTests extends ESTestCase {
         when(licenseState.authenticationAndAuthorizationEnabled()).thenReturn(true);
         ThreadPool threadPool = mock(ThreadPool.class);
         when(threadPool.getThreadContext()).thenReturn(new ThreadContext(Settings.EMPTY));
-        filter = new ShieldRestFilter(authcService, restController, Settings.EMPTY, threadPool, licenseState);
+        filter = new SecurityRestFilter(authcService, restController, Settings.EMPTY, threadPool, licenseState);
         verify(restController).registerFilter(filter);
     }
 
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/rest/action/RestAuthenticateActionTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/rest/action/RestAuthenticateActionTests.java
similarity index 73%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/rest/action/RestAuthenticateActionTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/rest/action/RestAuthenticateActionTests.java
index 23cdaf239be..52e94e51cae 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/rest/action/RestAuthenticateActionTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/rest/action/RestAuthenticateActionTests.java
@@ -3,27 +3,27 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.rest.action;
+package org.elasticsearch.xpack.security.rest.action;
 
 import org.elasticsearch.common.network.NetworkModule;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authz.InternalAuthorizationService;
-import org.elasticsearch.shield.user.AnonymousUser;
-import org.elasticsearch.test.ShieldIntegTestCase;
-import org.elasticsearch.test.ShieldSettingsSource;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authz.InternalAuthorizationService;
+import org.elasticsearch.xpack.security.user.AnonymousUser;
+import org.elasticsearch.test.SecurityIntegTestCase;
+import org.elasticsearch.test.SecuritySettingsSource;
 import org.elasticsearch.test.rest.client.http.HttpResponse;
 import org.elasticsearch.test.rest.json.JsonPath;
 import org.junit.BeforeClass;
 
 import java.util.List;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 import static org.hamcrest.Matchers.contains;
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.is;
 
-public class RestAuthenticateActionTests extends ShieldIntegTestCase {
+public class RestAuthenticateActionTests extends SecurityIntegTestCase {
 
     private static boolean anonymousEnabled;
 
@@ -40,7 +40,7 @@ public class RestAuthenticateActionTests extends ShieldIntegTestCase {
 
         if (anonymousEnabled) {
             builder.put(AnonymousUser.USERNAME_SETTING.getKey(), "anon")
-                   .putArray(AnonymousUser.ROLES_SETTING.getKey(), ShieldSettingsSource.DEFAULT_ROLE, "foo")
+                   .putArray(AnonymousUser.ROLES_SETTING.getKey(), SecuritySettingsSource.DEFAULT_ROLE, "foo")
                    .put(InternalAuthorizationService.ANONYMOUS_AUTHORIZATION_EXCEPTION_SETTING.getKey(), false);
         }
         return builder.build();
@@ -48,16 +48,16 @@ public class RestAuthenticateActionTests extends ShieldIntegTestCase {
 
     public void testAuthenticateApi() throws Exception {
         HttpResponse response = httpClient().method("GET").path("/_xpack/security/_authenticate")
-                .addHeader("Authorization", basicAuthHeaderValue(ShieldSettingsSource.DEFAULT_USER_NAME,
-                        new SecuredString(ShieldSettingsSource.DEFAULT_PASSWORD.toCharArray())))
+                .addHeader("Authorization", basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
+                        new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())))
                 .execute();
 
         assertThat(response.getStatusCode(), is(200));
         JsonPath jsonPath = new JsonPath(response.getBody());
-        assertThat(jsonPath.evaluate("username").toString(), equalTo(ShieldSettingsSource.DEFAULT_USER_NAME));
+        assertThat(jsonPath.evaluate("username").toString(), equalTo(SecuritySettingsSource.DEFAULT_USER_NAME));
         List<String> roles = (List<String>) jsonPath.evaluate("roles");
         assertThat(roles.size(), is(1));
-        assertThat(roles, contains(ShieldSettingsSource.DEFAULT_ROLE));
+        assertThat(roles, contains(SecuritySettingsSource.DEFAULT_ROLE));
     }
 
     public void testAuthenticateApiWithoutAuthentication() throws Exception {
@@ -70,7 +70,7 @@ public class RestAuthenticateActionTests extends ShieldIntegTestCase {
             assertThat(jsonPath.evaluate("username").toString(), equalTo("anon"));
             List<String> roles = (List<String>) jsonPath.evaluate("roles");
             assertThat(roles.size(), is(2));
-            assertThat(roles, contains(ShieldSettingsSource.DEFAULT_ROLE, "foo"));
+            assertThat(roles, contains(SecuritySettingsSource.DEFAULT_ROLE, "foo"));
         } else {
             assertThat(response.getStatusCode(), is(401));
         }
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ssl/CertUtilsTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/CertUtilsTests.java
similarity index 90%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ssl/CertUtilsTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/CertUtilsTests.java
index ca6d3e09ae5..e36a0f108af 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ssl/CertUtilsTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/CertUtilsTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.ssl;
+package org.elasticsearch.xpack.security.ssl;
 
 import org.bouncycastle.asn1.x509.GeneralName;
 import org.bouncycastle.asn1.x509.GeneralNames;
@@ -63,7 +63,7 @@ public class CertUtilsTests extends ESTestCase {
 
     public void testReadKeysCorrectly() throws Exception {
         // read in keystore version
-        Path keystorePath = getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks");
+        Path keystorePath = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks");
         Key key;
         try (InputStream in = Files.newInputStream(keystorePath)) {
             KeyStore keyStore = KeyStore.getInstance("jks");
@@ -74,7 +74,8 @@ public class CertUtilsTests extends ESTestCase {
         assertThat(key, instanceOf(PrivateKey.class));
 
         PrivateKey privateKey;
-        try (Reader reader = Files.newBufferedReader(getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.pem"),
+        try (Reader reader =
+                     Files.newBufferedReader(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.pem"),
                              StandardCharsets.UTF_8)) {
             privateKey = CertUtils.readPrivateKey(reader, "testnode".toCharArray());
         }
@@ -84,7 +85,7 @@ public class CertUtilsTests extends ESTestCase {
 
     public void testReadCertsCorrectly() throws Exception {
         // read in keystore version
-        Path keystorePath = getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks");
+        Path keystorePath = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks");
         Certificate certificate;
         try (InputStream in = Files.newInputStream(keystorePath)) {
             KeyStore keyStore = KeyStore.getInstance("jks");
@@ -95,8 +96,9 @@ public class CertUtilsTests extends ESTestCase {
         assertThat(certificate, instanceOf(X509Certificate.class));
 
         Certificate pemCert;
-        try (Reader reader = Files.newBufferedReader(getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.crt"),
-                StandardCharsets.UTF_8)) {
+        try (Reader reader =
+                     Files.newBufferedReader(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"),
+                             StandardCharsets.UTF_8)) {
             List<Certificate> certificateList = new ArrayList<>(1);
             CertUtils.readCertificates(reader, certificateList, CertificateFactory.getInstance("X.509"));
             assertThat(certificateList.size(), is(1));
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ssl/ClientSSLServiceTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/ClientSSLServiceTests.java
similarity index 95%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ssl/ClientSSLServiceTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/ClientSSLServiceTests.java
index 71563acfc02..e6626571b08 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ssl/ClientSSLServiceTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/ClientSSLServiceTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.ssl;
+package org.elasticsearch.xpack.security.ssl;
 
 import org.apache.http.client.methods.HttpGet;
 import org.apache.http.impl.client.CloseableHttpClient;
@@ -12,7 +12,7 @@ import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.unit.TimeValue;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.shield.ssl.SSLConfiguration.Global;
+import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.test.junit.annotations.Network;
 import org.junit.Before;
@@ -46,7 +46,7 @@ public class ClientSSLServiceTests extends ESTestCase {
 
     @Before
     public void setup() throws Exception {
-        testclientStore = getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.jks");
+        testclientStore = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.jks");
         env = randomBoolean() ? new Environment(Settings.builder().put("path.home", createTempDir()).build()) : null;
     }
 
@@ -68,7 +68,7 @@ public class ClientSSLServiceTests extends ESTestCase {
     }
 
     public void testThatCustomTruststoreCanBeSpecified() throws Exception {
-        Path testnodeStore = getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks");
+        Path testnodeStore = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks");
 
         ClientSSLService sslService = createClientSSLService(Settings.builder()
                 .put("xpack.security.ssl.keystore.path", testclientStore)
@@ -99,7 +99,8 @@ public class ClientSSLServiceTests extends ESTestCase {
     }
 
     public void testThatKeyStoreAndKeyCanHaveDifferentPasswords() throws Exception {
-        Path differentPasswordsStore = getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-different-passwords.jks");
+        Path differentPasswordsStore =
+                getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-different-passwords.jks");
         createClientSSLService(Settings.builder()
                 .put("xpack.security.ssl.keystore.path", differentPasswordsStore)
                 .put("xpack.security.ssl.keystore.password", "testnode")
@@ -108,7 +109,8 @@ public class ClientSSLServiceTests extends ESTestCase {
     }
 
     public void testIncorrectKeyPasswordThrowsException() throws Exception {
-        Path differentPasswordsStore = getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-different-passwords.jks");
+        Path differentPasswordsStore =
+                getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-different-passwords.jks");
         try {
             createClientSSLService(Settings.builder()
                     .put("xpack.security.ssl.keystore.path", differentPasswordsStore)
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ssl/SSLConfigurationTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/SSLConfigurationTests.java
similarity index 93%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ssl/SSLConfigurationTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/SSLConfigurationTests.java
index 9d0f4a76807..be9912b330e 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ssl/SSLConfigurationTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/SSLConfigurationTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.ssl;
+package org.elasticsearch.xpack.security.ssl;
 
 import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
 import org.bouncycastle.openssl.jcajce.JcePEMEncryptorBuilder;
@@ -11,9 +11,9 @@ import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.unit.TimeValue;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.shield.ssl.SSLConfiguration.Custom;
-import org.elasticsearch.shield.ssl.SSLConfiguration.Global;
-import org.elasticsearch.shield.ssl.TrustConfig.Reloadable.Listener;
+import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Custom;
+import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global;
+import org.elasticsearch.xpack.security.ssl.TrustConfig.Reloadable.Listener;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.threadpool.TestThreadPool;
 import org.elasticsearch.threadpool.ThreadPool;
@@ -264,9 +264,10 @@ public class SSLConfigurationTests extends ESTestCase {
         Environment env = randomBoolean() ? null :
                 new Environment(Settings.builder().put("path.home", createTempDir()).build());
         Settings settings = Settings.builder()
-                .put("xpack.security.ssl.key.path", getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.pem"))
+                .put("xpack.security.ssl.key.path",
+                        getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.pem"))
                 .put("xpack.security.ssl.key.password", "testnode")
-                .put("xpack.security.ssl.cert", getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.crt"))
+                .put("xpack.security.ssl.cert", getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"))
                 .build();
 
         SSLConfiguration config = new Global(settings);
@@ -283,12 +284,13 @@ public class SSLConfigurationTests extends ESTestCase {
         Environment env = randomBoolean() ? null :
                 new Environment(Settings.builder().put("path.home", createTempDir()).build());
         Settings settings = Settings.builder()
-                .put("xpack.security.ssl.key.path", getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.pem"))
+                .put("xpack.security.ssl.key.path",
+                        getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.pem"))
                 .put("xpack.security.ssl.key.password", "testnode")
-                .put("xpack.security.ssl.cert", getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.crt"))
+                .put("xpack.security.ssl.cert", getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"))
                 .putArray("xpack.security.ssl.ca",
-                        getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.crt").toString(),
-                        getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.crt").toString())
+                        getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt").toString(),
+                        getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.crt").toString())
                 .build();
 
         SSLConfiguration config = new Global(settings);
@@ -307,7 +309,7 @@ public class SSLConfigurationTests extends ESTestCase {
                 new Environment(Settings.builder().put("path.home", createTempDir()).build());
         Path tempDir = createTempDir();
         Path keystorePath = tempDir.resolve("testnode.jks");
-        Files.copy(getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks"), keystorePath);
+        Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"), keystorePath);
         Settings settings = Settings.builder()
                 .put("xpack.security.ssl.keystore.path", keystorePath)
                 .put("xpack.security.ssl.keystore.password", "testnode")
@@ -367,9 +369,9 @@ public class SSLConfigurationTests extends ESTestCase {
         Path keyPath = tempDir.resolve("testnode.pem");
         Path certPath = tempDir.resolve("testnode.crt");
         Path clientCertPath = tempDir.resolve("testclient.crt");
-        Files.copy(getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.pem"), keyPath);
-        Files.copy(getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.crt"), certPath);
-        Files.copy(getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.crt"), clientCertPath);
+        Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.pem"), keyPath);
+        Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"), certPath);
+        Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.crt"), clientCertPath);
         Settings settings = Settings.builder()
                 .put("xpack.security.ssl.key.path", keyPath)
                 .put("xpack.security.ssl.key.password", "testnode")
@@ -446,7 +448,7 @@ public class SSLConfigurationTests extends ESTestCase {
                 new Environment(Settings.builder().put("path.home", createTempDir()).build());
         Path tempDir = createTempDir();
         Path trustStorePath = tempDir.resolve("testnode.jks");
-        Files.copy(getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks"), trustStorePath);
+        Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"), trustStorePath);
         Settings settings = Settings.builder()
                 .put("xpack.security.ssl.truststore.path", trustStorePath)
                 .put("xpack.security.ssl.truststore.password", "testnode")
@@ -495,7 +497,7 @@ public class SSLConfigurationTests extends ESTestCase {
                 new Environment(Settings.builder().put("path.home", createTempDir()).build());
         Path tempDir = createTempDir();
         Path clientCertPath = tempDir.resolve("testclient.crt");
-        Files.copy(getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.crt"), clientCertPath);
+        Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.crt"), clientCertPath);
         Settings settings = Settings.builder()
                 .putArray("xpack.security.ssl.ca", clientCertPath.toString())
                 .put(Global.INCLUDE_JDK_CERTS_SETTING.getKey(), false)
@@ -521,7 +523,7 @@ public class SSLConfigurationTests extends ESTestCase {
             assertThat(latch.getCount(), is(1L));
 
             Path updatedCert = tempDir.resolve("updated.crt");
-            Files.copy(getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.crt"), updatedCert,
+            Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"), updatedCert,
                     StandardCopyOption.REPLACE_EXISTING);
             atomicMoveIfPossible(updatedCert, clientCertPath);
             latch.await();
@@ -540,7 +542,7 @@ public class SSLConfigurationTests extends ESTestCase {
                 new Environment(Settings.builder().put("path.home", createTempDir()).build());
         Path tempDir = createTempDir();
         Path keystorePath = tempDir.resolve("testnode.jks");
-        Files.copy(getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks"), keystorePath);
+        Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"), keystorePath);
         Settings settings = Settings.builder()
                 .put("xpack.security.ssl.keystore.path", keystorePath)
                 .put("xpack.security.ssl.keystore.password", "testnode")
@@ -586,9 +588,9 @@ public class SSLConfigurationTests extends ESTestCase {
         Path keyPath = tempDir.resolve("testnode.pem");
         Path certPath = tempDir.resolve("testnode.crt");
         Path clientCertPath = tempDir.resolve("testclient.crt");
-        Files.copy(getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.pem"), keyPath);
-        Files.copy(getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.crt"), certPath);
-        Files.copy(getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.crt"), clientCertPath);
+        Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.pem"), keyPath);
+        Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"), certPath);
+        Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.crt"), clientCertPath);
         Settings settings = Settings.builder()
                 .put("xpack.security.ssl.key.path", keyPath)
                 .put("xpack.security.ssl.key.password", "testnode")
@@ -640,7 +642,7 @@ public class SSLConfigurationTests extends ESTestCase {
                 new Environment(Settings.builder().put("path.home", createTempDir()).build());
         Path tempDir = createTempDir();
         Path trustStorePath = tempDir.resolve("testnode.jks");
-        Files.copy(getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks"), trustStorePath);
+        Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"), trustStorePath);
         Settings settings = Settings.builder()
                 .put("xpack.security.ssl.truststore.path", trustStorePath)
                 .put("xpack.security.ssl.truststore.password", "testnode")
@@ -682,7 +684,7 @@ public class SSLConfigurationTests extends ESTestCase {
                 new Environment(Settings.builder().put("path.home", createTempDir()).build());
         Path tempDir = createTempDir();
         Path clientCertPath = tempDir.resolve("testclient.crt");
-        Files.copy(getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.crt"), clientCertPath);
+        Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.crt"), clientCertPath);
         Settings settings = Settings.builder()
                 .putArray("xpack.security.ssl.ca", clientCertPath.toString())
                 .put(Global.INCLUDE_JDK_CERTS_SETTING.getKey(), false)
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ssl/SSLReloadIntegTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/SSLReloadIntegTests.java
similarity index 93%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ssl/SSLReloadIntegTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/SSLReloadIntegTests.java
index cfacfa0ba72..db304be05bd 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ssl/SSLReloadIntegTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/SSLReloadIntegTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.ssl;
+package org.elasticsearch.xpack.security.ssl;
 
 import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.asn1.x509.Extension;
@@ -19,9 +19,9 @@ import org.elasticsearch.common.network.InetAddressHelper;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.transport.InetSocketTransportAddress;
 import org.elasticsearch.common.util.set.Sets;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.test.ShieldIntegTestCase;
-import org.elasticsearch.test.ShieldSettingsSource;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.test.SecurityIntegTestCase;
+import org.elasticsearch.test.SecuritySettingsSource;
 import org.elasticsearch.transport.Transport;
 import org.joda.time.DateTime;
 import org.joda.time.DateTimeZone;
@@ -51,14 +51,14 @@ import static org.hamcrest.Matchers.is;
 /**
  * Integration tests for SSL reloading support
  */
-public class SSLReloadIntegTests extends ShieldIntegTestCase {
+public class SSLReloadIntegTests extends SecurityIntegTestCase {
 
     private Path nodeStorePath;
 
     @Override
     public Settings nodeSettings(int nodeOrdinal) {
         if (nodeStorePath == null) {
-            Path origPath = getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks");
+            Path origPath = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks");
             Path tempDir = createTempDir();
             nodeStorePath = tempDir.resolve("testnode.jks");
             try {
@@ -76,8 +76,8 @@ public class SSLReloadIntegTests extends ShieldIntegTestCase {
         }
 
         builder.put("resource.reload.interval.high", "1s")
-                .put(ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks",
-                        "testnode"))
+                .put(SecuritySettingsSource.getSSLSettingsForStore(
+                        "/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks", "testnode"))
                 .put("xpack.security.ssl.keystore.path", nodeStorePath);
 
         if (builder.get("xpack.security.ssl.truststore.path") != null) {
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ssl/ServerSSLServiceTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/ServerSSLServiceTests.java
similarity index 94%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ssl/ServerSSLServiceTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/ServerSSLServiceTests.java
index ce9541f4153..682d2e9ff22 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ssl/ServerSSLServiceTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/ServerSSLServiceTests.java
@@ -3,13 +3,13 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.ssl;
+package org.elasticsearch.xpack.security.ssl;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.unit.TimeValue;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.shield.ssl.SSLConfiguration.Global;
+import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global;
 import org.elasticsearch.test.ESTestCase;
 import org.junit.Before;
 
@@ -40,7 +40,7 @@ public class ServerSSLServiceTests extends ESTestCase {
 
     @Before
     public void setup() throws Exception {
-        testnodeStore = getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks");
+        testnodeStore = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks");
         env = new Environment(Settings.builder().put("path.home", createTempDir()).build());
     }
 
@@ -61,7 +61,7 @@ public class ServerSSLServiceTests extends ESTestCase {
     }
 
     public void testThatCustomTruststoreCanBeSpecified() throws Exception {
-        Path testClientStore = getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.jks");
+        Path testClientStore = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.jks");
 
         Settings settings = Settings.builder()
                 .put("xpack.security.ssl.keystore.path", testnodeStore)
@@ -94,7 +94,8 @@ public class ServerSSLServiceTests extends ESTestCase {
     }
 
     public void testThatKeyStoreAndKeyCanHaveDifferentPasswords() throws Exception {
-        Path differentPasswordsStore = getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-different-passwords.jks");
+        Path differentPasswordsStore =
+                getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-different-passwords.jks");
         Settings settings = Settings.builder()
                 .put("xpack.security.ssl.keystore.path", differentPasswordsStore)
                 .put("xpack.security.ssl.keystore.password", "testnode")
@@ -104,7 +105,8 @@ public class ServerSSLServiceTests extends ESTestCase {
     }
 
     public void testIncorrectKeyPasswordThrowsException() throws Exception {
-        Path differentPasswordsStore = getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-different-passwords.jks");
+        Path differentPasswordsStore =
+                getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-different-passwords.jks");
         try {
             Settings settings = Settings.builder()
                     .put("xpack.security.ssl.keystore.path", differentPasswordsStore)
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/support/AutomatonsTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/support/AutomatonsTests.java
similarity index 90%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/support/AutomatonsTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/support/AutomatonsTests.java
index cac275a686d..d34c8c002c5 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/support/AutomatonsTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/support/AutomatonsTests.java
@@ -3,15 +3,15 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.support;
+package org.elasticsearch.xpack.security.support;
 
 import dk.brics.automaton.Automaton;
 import dk.brics.automaton.RunAutomaton;
 import org.elasticsearch.test.ESTestCase;
 
-import static org.elasticsearch.shield.support.Automatons.pattern;
-import static org.elasticsearch.shield.support.Automatons.patterns;
-import static org.elasticsearch.shield.support.Automatons.wildcard;
+import static org.elasticsearch.xpack.security.support.Automatons.pattern;
+import static org.elasticsearch.xpack.security.support.Automatons.patterns;
+import static org.elasticsearch.xpack.security.support.Automatons.wildcard;
 import static org.hamcrest.Matchers.is;
 
 /**
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/support/FileAttributesCheckerTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/support/FileAttributesCheckerTests.java
similarity index 99%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/support/FileAttributesCheckerTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/support/FileAttributesCheckerTests.java
index 65f0e0b5388..12ae440e8f7 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/support/FileAttributesCheckerTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/support/FileAttributesCheckerTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.support;
+package org.elasticsearch.xpack.security.support;
 
 import java.nio.file.FileSystem;
 import java.nio.file.Files;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/support/ShieldFilesTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/support/SecurityFilesTests.java
similarity index 93%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/support/ShieldFilesTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/support/SecurityFilesTests.java
index a75a2acb907..f8284209a83 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/support/ShieldFilesTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/support/SecurityFilesTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.support;
+package org.elasticsearch.xpack.security.support;
 
 import com.google.common.jimfs.Configuration;
 import com.google.common.jimfs.Jimfs;
@@ -26,12 +26,12 @@ import static java.nio.file.attribute.PosixFilePermission.OTHERS_EXECUTE;
 import static java.nio.file.attribute.PosixFilePermission.OWNER_EXECUTE;
 import static java.nio.file.attribute.PosixFilePermission.OWNER_READ;
 import static java.nio.file.attribute.PosixFilePermission.OWNER_WRITE;
-import static org.elasticsearch.shield.support.ShieldFiles.openAtomicMoveWriter;
+import static org.elasticsearch.xpack.security.support.SecurityFiles.openAtomicMoveWriter;
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.not;
 
-public class ShieldFilesTests extends ESTestCase {
+public class SecurityFilesTests extends ESTestCase {
     public void testThatOriginalPermissionsAreKept() throws Exception {
         assumeTrue("test cannot run with security manager enabled", System.getSecurityManager() == null);
         Path path = createTempFile();
@@ -73,7 +73,7 @@ public class ShieldFilesTests extends ESTestCase {
             assertThat(tempPathView.getOwner(), not(equalTo(view.getOwner())));
             assertThat(tempPathView.readAttributes().group(), not(equalTo(view.readAttributes().group())));
 
-            ShieldFiles.setPosixAttributesOnTempFile(path, tempPath);
+            SecurityFiles.setPosixAttributesOnTempFile(path, tempPath);
 
             assertThat(tempPathView.getOwner(), equalTo(view.getOwner()));
             assertThat(tempPathView.readAttributes().group(), equalTo(view.readAttributes().group()));
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/support/SelfReschedulingRunnableTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/support/SelfReschedulingRunnableTests.java
similarity index 99%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/support/SelfReschedulingRunnableTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/support/SelfReschedulingRunnableTests.java
index d3d7cd21553..b81b879e09f 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/support/SelfReschedulingRunnableTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/support/SelfReschedulingRunnableTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.support;
+package org.elasticsearch.xpack.security.support;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.common.logging.ESLogger;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/support/ValidationTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/support/ValidationTests.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/support/ValidationTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/support/ValidationTests.java
index 6c501e1b966..f82b779bfbd 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/support/ValidationTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/support/ValidationTests.java
@@ -3,9 +3,9 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.support;
+package org.elasticsearch.xpack.security.support;
 
-import org.elasticsearch.shield.support.Validation.Users;
+import org.elasticsearch.xpack.security.support.Validation.Users;
 import org.elasticsearch.test.ESTestCase;
 
 import java.util.Arrays;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/test/ShieldAssertions.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/test/SecurityAssertions.java
similarity index 88%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/test/ShieldAssertions.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/test/SecurityAssertions.java
index e2018815c6c..174f0486bad 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/test/ShieldAssertions.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/test/SecurityAssertions.java
@@ -3,11 +3,11 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.test;
+package org.elasticsearch.xpack.security.test;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.rest.RestStatus;
-import org.elasticsearch.shield.Security;
+import org.elasticsearch.xpack.security.Security;
 
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.contains;
@@ -15,7 +15,7 @@ import static org.hamcrest.Matchers.hasSize;
 import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.notNullValue;
 
-public class ShieldAssertions {
+public class SecurityAssertions {
 
     public static void assertContainsWWWAuthenticateHeader(ElasticsearchSecurityException e) {
         assertThat(e.status(), is(RestStatus.UNAUTHORIZED));
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/test/ShieldTestUtils.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/test/SecurityTestUtils.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/test/ShieldTestUtils.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/test/SecurityTestUtils.java
index 363132e0833..c8a3d86b34e 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/test/ShieldTestUtils.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/test/SecurityTestUtils.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.test;
+package org.elasticsearch.xpack.security.test;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.common.io.FileSystemUtils;
@@ -15,7 +15,7 @@ import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Path;
 
-public class ShieldTestUtils {
+public class SecurityTestUtils {
 
     public static Path createFolder(Path parent, String name) {
         Path createdFolder = parent.resolve(name);
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/ClientTransportFilterTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ClientTransportFilterTests.java
similarity index 85%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/ClientTransportFilterTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ClientTransportFilterTests.java
index 89e8fe15e5c..9d2f78e6af8 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/ClientTransportFilterTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ClientTransportFilterTests.java
@@ -3,10 +3,10 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport;
+package org.elasticsearch.xpack.security.transport;
 
-import org.elasticsearch.shield.user.SystemUser;
-import org.elasticsearch.shield.authc.AuthenticationService;
+import org.elasticsearch.xpack.security.user.SystemUser;
+import org.elasticsearch.xpack.security.authc.AuthenticationService;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.transport.TransportRequest;
 import org.junit.Before;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/ServerTransportFilterIntegrationTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ServerTransportFilterIntegrationTests.java
similarity index 80%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/ServerTransportFilterIntegrationTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ServerTransportFilterIntegrationTests.java
index d1ac3901b2c..891392aa162 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/ServerTransportFilterIntegrationTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ServerTransportFilterIntegrationTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport;
+package org.elasticsearch.xpack.security.transport;
 
 import org.elasticsearch.common.network.NetworkAddress;
 import org.elasticsearch.common.network.NetworkModule;
@@ -14,12 +14,12 @@ import org.elasticsearch.common.unit.TimeValue;
 import org.elasticsearch.discovery.MasterNotDiscoveredException;
 import org.elasticsearch.node.MockNode;
 import org.elasticsearch.node.Node;
-import org.elasticsearch.shield.authc.file.FileRealm;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.authz.store.FileRolesStore;
-import org.elasticsearch.shield.crypto.InternalCryptoService;
-import org.elasticsearch.shield.transport.netty.ShieldNettyTransport;
-import org.elasticsearch.test.ShieldIntegTestCase;
+import org.elasticsearch.xpack.security.authc.file.FileRealm;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.authz.store.FileRolesStore;
+import org.elasticsearch.xpack.security.crypto.InternalCryptoService;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
+import org.elasticsearch.test.SecurityIntegTestCase;
 import org.elasticsearch.transport.Transport;
 import org.elasticsearch.xpack.XPackPlugin;
 import org.junit.BeforeClass;
@@ -31,13 +31,13 @@ import java.nio.file.Path;
 import java.util.Collections;
 
 import static java.util.Collections.singletonMap;
-import static org.elasticsearch.shield.test.ShieldTestUtils.createFolder;
-import static org.elasticsearch.shield.test.ShieldTestUtils.writeFile;
-import static org.elasticsearch.test.ShieldSettingsSource.getSSLSettingsForStore;
+import static org.elasticsearch.xpack.security.test.SecurityTestUtils.createFolder;
+import static org.elasticsearch.xpack.security.test.SecurityTestUtils.writeFile;
+import static org.elasticsearch.test.SecuritySettingsSource.getSSLSettingsForStore;
 import static org.hamcrest.CoreMatchers.instanceOf;
 import static org.hamcrest.CoreMatchers.is;
 
-public class ServerTransportFilterIntegrationTests extends ShieldIntegTestCase {
+public class ServerTransportFilterIntegrationTests extends SecurityIntegTestCase {
     private static int randomClientPort;
 
     @BeforeClass
@@ -57,22 +57,22 @@ public class ServerTransportFilterIntegrationTests extends ShieldIntegTestCase {
 
         Path store;
         try {
-            store = getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks");
+            store = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks");
             assertThat(Files.exists(store), is(true));
         } catch (Exception e) {
             throw new RuntimeException(e);
         }
 
         if (sslTransportEnabled()) {
-            settingsBuilder.put("transport.profiles.client.shield.truststore.path", store) // settings for client truststore
-                           .put("transport.profiles.client.shield.truststore.password", "testnode")
-                           .put(ShieldNettyTransport.SSL_SETTING.getKey(), true);
+            settingsBuilder.put("transport.profiles.client.xpack.security.truststore.path", store) // settings for client truststore
+                           .put("transport.profiles.client.xpack.security.truststore.password", "testnode")
+                           .put(SecurityNettyTransport.SSL_SETTING.getKey(), true);
         }
 
         return settingsBuilder
                 .put(super.nodeSettings(nodeOrdinal))
-                .put("transport.profiles.default.shield.type", "node")
-                .put("transport.profiles.client.shield.type", "client")
+                .put("transport.profiles.default.xpack.security.type", "node")
+                .put("transport.profiles.client.xpack.security.type", "client")
                 .put("transport.profiles.client.port", randomClientPortRange)
                 // make sure this is "localhost", no matter if ipv4 or ipv6, but be consistent
                 .put("transport.profiles.client.bind_host", "localhost")
@@ -92,13 +92,13 @@ public class ServerTransportFilterIntegrationTests extends ShieldIntegTestCase {
 
         // test that starting up a node works
         Settings nodeSettings = Settings.builder()
-                .put(getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks", "testnode"))
+                .put(getSSLSettingsForStore("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks", "testnode"))
                 .put("node.mode", "network")
                 .put("node.name", "my-test-node")
                 .put("network.host", "localhost")
                 .put("cluster.name", internalCluster().getClusterName())
                 .put("discovery.zen.ping.unicast.hosts", unicastHost)
-                .put(ShieldNettyTransport.SSL_SETTING.getKey(), sslTransportEnabled())
+                .put(SecurityNettyTransport.SSL_SETTING.getKey(), sslTransportEnabled())
                 .put("xpack.security.audit.enabled", false)
                 .put("path.home", createTempDir())
                 .put(NetworkModule.HTTP_ENABLED.getKey(), false)
@@ -123,13 +123,13 @@ public class ServerTransportFilterIntegrationTests extends ShieldIntegTestCase {
                 .put("xpack.security.authc.realms.file.files.users", writeFile(folder, "users", configUsers()))
                 .put("xpack.security.authc.realms.file.files.users_roles", writeFile(folder, "users_roles", configUsersRoles()))
                 .put(FileRolesStore.ROLES_FILE_SETTING.getKey(), writeFile(folder, "roles.yml", configRoles()))
-                .put(getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks", "testnode"))
+                .put(getSSLSettingsForStore("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks", "testnode"))
                 .put("node.mode", "network")
                 .put("node.name", "my-test-node")
                 .put(Security.USER_SETTING.getKey(), "test_user:changeme")
                 .put("cluster.name", internalCluster().getClusterName())
                 .put("discovery.zen.ping.unicast.hosts", "localhost:" + randomClientPort)
-                .put(ShieldNettyTransport.SSL_SETTING.getKey(), sslTransportEnabled())
+                .put(SecurityNettyTransport.SSL_SETTING.getKey(), sslTransportEnabled())
                 .put("xpack.security.audit.enabled", false)
                 .put(NetworkModule.HTTP_ENABLED.getKey(), false)
                 .put(InternalCryptoService.FILE_SETTING.getKey(), systemKeyFile)
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/ServerTransportFilterTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ServerTransportFilterTests.java
similarity index 86%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/ServerTransportFilterTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ServerTransportFilterTests.java
index 9cd88467b32..3c9d7bfe588 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/ServerTransportFilterTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ServerTransportFilterTests.java
@@ -3,23 +3,23 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport;
+package org.elasticsearch.xpack.security.transport;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.authc.Authentication;
-import org.elasticsearch.shield.action.ShieldActionMapper;
-import org.elasticsearch.shield.authc.AuthenticationService;
-import org.elasticsearch.shield.authz.AuthorizationService;
+import org.elasticsearch.xpack.security.authc.Authentication;
+import org.elasticsearch.xpack.security.action.SecurityActionMapper;
+import org.elasticsearch.xpack.security.authc.AuthenticationService;
+import org.elasticsearch.xpack.security.authz.AuthorizationService;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.transport.TransportRequest;
 import org.elasticsearch.transport.TransportSettings;
 import org.elasticsearch.transport.netty.NettyTransportChannel;
 import org.junit.Before;
 
-import static org.elasticsearch.shield.support.Exceptions.authenticationError;
-import static org.elasticsearch.shield.support.Exceptions.authorizationError;
+import static org.elasticsearch.xpack.security.support.Exceptions.authenticationError;
+import static org.elasticsearch.xpack.security.support.Exceptions.authorizationError;
 import static org.hamcrest.Matchers.equalTo;
 import static org.mockito.Mockito.doThrow;
 import static org.mockito.Mockito.mock;
@@ -42,7 +42,7 @@ public class ServerTransportFilterTests extends ESTestCase {
         authzService = mock(AuthorizationService.class);
         channel = mock(NettyTransportChannel.class);
         when(channel.getProfileName()).thenReturn(TransportSettings.DEFAULT_PROFILE);
-        filter = new ServerTransportFilter.NodeProfile(authcService, authzService, new ShieldActionMapper(),
+        filter = new ServerTransportFilter.NodeProfile(authcService, authzService, new SecurityActionMapper(),
                 new ThreadContext(Settings.EMPTY), false);
     }
 
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/TransportFilterTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/TransportFilterTests.java
similarity index 93%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/TransportFilterTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/TransportFilterTests.java
index e711500990f..8e1b1ab3829 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/TransportFilterTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/TransportFilterTests.java
@@ -3,10 +3,9 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport;
+package org.elasticsearch.xpack.security.transport;
 
 import org.elasticsearch.cluster.service.ClusterService;
-import org.elasticsearch.cluster.ClusterName;
 import org.elasticsearch.cluster.node.DiscoveryNode;
 import org.elasticsearch.common.inject.AbstractModule;
 import org.elasticsearch.common.inject.Inject;
@@ -16,10 +15,10 @@ import org.elasticsearch.common.io.stream.StreamOutput;
 import org.elasticsearch.common.network.NetworkModule;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.plugins.Plugin;
-import org.elasticsearch.shield.action.ShieldActionMapper;
-import org.elasticsearch.shield.authc.AuthenticationService;
-import org.elasticsearch.shield.authz.AuthorizationService;
-import org.elasticsearch.shield.SecurityLicenseState;
+import org.elasticsearch.xpack.security.action.SecurityActionMapper;
+import org.elasticsearch.xpack.security.authc.AuthenticationService;
+import org.elasticsearch.xpack.security.authz.AuthorizationService;
+import org.elasticsearch.xpack.security.SecurityLicenseState;
 import org.elasticsearch.test.ESIntegTestCase;
 import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
 import org.elasticsearch.threadpool.ThreadPool;
@@ -276,8 +275,8 @@ public class TransportFilterTests extends ESIntegTestCase {
         }
     }
 
-    // Sub class the Shield transport to always inject a mock for testing
-    public static class InternalPluginServerTransportService extends ShieldServerTransportService {
+    // Sub class the security transport to always inject a mock for testing
+    public static class InternalPluginServerTransportService extends SecurityServerTransportService {
         public static class TestPlugin extends Plugin {
             public void onModule(NetworkModule module) {
                 module.registerTransportService("filter-mock", InternalPluginServerTransportService.class);
@@ -290,8 +289,8 @@ public class TransportFilterTests extends ESIntegTestCase {
 
         @Inject
         public InternalPluginServerTransportService(Settings settings, Transport transport, ThreadPool threadPool,
-                AuthenticationService authcService, AuthorizationService authzService,
-                ShieldActionMapper actionMapper, ClientTransportFilter clientTransportFilter) {
+                                                    AuthenticationService authcService, AuthorizationService authzService,
+                                                    SecurityActionMapper actionMapper, ClientTransportFilter clientTransportFilter) {
             super(settings, transport, threadPool, authcService, authzService, actionMapper, clientTransportFilter,
                     mock(SecurityLicenseState.class));
             when(licenseState.authenticationAndAuthorizationEnabled()).thenReturn(true);
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/filter/IPFilterTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/filter/IPFilterTests.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/filter/IPFilterTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/filter/IPFilterTests.java
index a429cbd7b41..dc06a12ce4e 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/filter/IPFilterTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/filter/IPFilterTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport.filter;
+package org.elasticsearch.xpack.security.transport.filter;
 
 import org.elasticsearch.common.component.Lifecycle;
 import org.elasticsearch.common.network.InetAddresses;
@@ -14,8 +14,8 @@ import org.elasticsearch.common.transport.BoundTransportAddress;
 import org.elasticsearch.common.transport.InetSocketTransportAddress;
 import org.elasticsearch.common.transport.TransportAddress;
 import org.elasticsearch.http.HttpServerTransport;
-import org.elasticsearch.shield.audit.AuditTrail;
-import org.elasticsearch.shield.SecurityLicenseState;
+import org.elasticsearch.xpack.security.audit.AuditTrail;
+import org.elasticsearch.xpack.security.SecurityLicenseState;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.test.junit.annotations.Network;
 import org.elasticsearch.transport.Transport;
@@ -240,7 +240,7 @@ public class IPFilterTests extends ESTestCase {
             String message = String.format(Locale.ROOT, "Expected address %s to be allowed", inetAddress);
             InetAddress address = InetAddresses.forString(inetAddress);
             assertThat(message, ipFilter.accept(profile, address), is(true));
-            ArgumentCaptor<ShieldIpFilterRule> ruleCaptor = ArgumentCaptor.forClass(ShieldIpFilterRule.class);
+            ArgumentCaptor<SecurityIpFilterRule> ruleCaptor = ArgumentCaptor.forClass(SecurityIpFilterRule.class);
             verify(auditTrail).connectionGranted(eq(address), eq(profile), ruleCaptor.capture());
             assertNotNull(ruleCaptor.getValue());
         }
@@ -255,7 +255,7 @@ public class IPFilterTests extends ESTestCase {
             String message = String.format(Locale.ROOT, "Expected address %s to be denied", inetAddress);
             InetAddress address = InetAddresses.forString(inetAddress);
             assertThat(message, ipFilter.accept(profile, address), is(false));
-            ArgumentCaptor<ShieldIpFilterRule> ruleCaptor = ArgumentCaptor.forClass(ShieldIpFilterRule.class);
+            ArgumentCaptor<SecurityIpFilterRule> ruleCaptor = ArgumentCaptor.forClass(SecurityIpFilterRule.class);
             verify(auditTrail).connectionDenied(eq(address), eq(profile), ruleCaptor.capture());
             assertNotNull(ruleCaptor.getValue());
         }
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/filter/IpFilteringIntegrationTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/filter/IpFilteringIntegrationTests.java
similarity index 95%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/filter/IpFilteringIntegrationTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/filter/IpFilteringIntegrationTests.java
index 4ea9bb7d3f5..12ba2e646c9 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/filter/IpFilteringIntegrationTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/filter/IpFilteringIntegrationTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport.filter;
+package org.elasticsearch.xpack.security.transport.filter;
 
 import org.elasticsearch.client.Client;
 import org.elasticsearch.common.network.NetworkModule;
@@ -13,7 +13,7 @@ import org.elasticsearch.common.transport.TransportAddress;
 import org.elasticsearch.http.HttpServerTransport;
 import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
 import org.elasticsearch.test.ESIntegTestCase.Scope;
-import org.elasticsearch.test.ShieldIntegTestCase;
+import org.elasticsearch.test.SecurityIntegTestCase;
 import org.elasticsearch.transport.Transport;
 import org.junit.BeforeClass;
 
@@ -29,7 +29,7 @@ import static org.hamcrest.Matchers.is;
 
 // no client nodes, no transport clients, as they all get rejected on network connections
 @ClusterScope(scope = Scope.SUITE, numDataNodes = 0, numClientNodes = 0, transportClientRatio = 0.0)
-public class IpFilteringIntegrationTests extends ShieldIntegTestCase {
+public class IpFilteringIntegrationTests extends SecurityIntegTestCase {
     private static int randomClientPort;
 
     @BeforeClass
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/filter/IpFilteringUpdateTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/filter/IpFilteringUpdateTests.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/filter/IpFilteringUpdateTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/filter/IpFilteringUpdateTests.java
index c0da74d8ba8..2d095e55c8d 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/filter/IpFilteringUpdateTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/filter/IpFilteringUpdateTests.java
@@ -3,13 +3,13 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport.filter;
+package org.elasticsearch.xpack.security.transport.filter;
 
 import org.elasticsearch.cluster.ClusterState;
 import org.elasticsearch.common.network.NetworkModule;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
-import org.elasticsearch.test.ShieldIntegTestCase;
+import org.elasticsearch.test.SecurityIntegTestCase;
 import org.junit.BeforeClass;
 
 import java.net.InetAddress;
@@ -21,7 +21,7 @@ import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcke
 import static org.hamcrest.Matchers.is;
 
 @ClusterScope(scope = TEST, supportsDedicatedMasters = false, numDataNodes = 1)
-public class IpFilteringUpdateTests extends ShieldIntegTestCase {
+public class IpFilteringUpdateTests extends SecurityIntegTestCase {
 
     private static int randomClientPort;
 
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/filter/ShieldIpFilterRuleTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/filter/SecurityIpFilterRuleTests.java
similarity index 83%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/filter/ShieldIpFilterRuleTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/filter/SecurityIpFilterRuleTests.java
index dc71f017583..485de7e3afd 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/filter/ShieldIpFilterRuleTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/filter/SecurityIpFilterRuleTests.java
@@ -3,24 +3,24 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport.filter;
+package org.elasticsearch.xpack.security.transport.filter;
 
 import org.elasticsearch.test.ESTestCase;
 import org.jboss.netty.handler.ipfilter.IpFilterRule;
 import org.jboss.netty.handler.ipfilter.IpSubnetFilterRule;
 import org.jboss.netty.handler.ipfilter.PatternRule;
 
-import static org.elasticsearch.shield.transport.filter.ShieldIpFilterRule.ACCEPT_ALL;
-import static org.elasticsearch.shield.transport.filter.ShieldIpFilterRule.DENY_ALL;
-import static org.elasticsearch.shield.transport.filter.ShieldIpFilterRule.getRule;
+import static org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule.ACCEPT_ALL;
+import static org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule.DENY_ALL;
+import static org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule.getRule;
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.instanceOf;
 import static org.hamcrest.Matchers.sameInstance;
 
 /**
- * Unit tests for the {@link ShieldIpFilterRule}
+ * Unit tests for the {@link SecurityIpFilterRule}
  */
-public class ShieldIpFilterRuleTests extends ESTestCase {
+public class SecurityIpFilterRuleTests extends ESTestCase {
     public void testParseAllRules() {
         IpFilterRule rule = getRule(true, "_all");
         assertThat(rule, sameInstance(ACCEPT_ALL));
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/HandshakeWaitingHandlerTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty/HandshakeWaitingHandlerTests.java
similarity index 96%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/HandshakeWaitingHandlerTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty/HandshakeWaitingHandlerTests.java
index f5cb5f7b9dc..f54934556d9 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/HandshakeWaitingHandlerTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty/HandshakeWaitingHandlerTests.java
@@ -3,13 +3,13 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport.netty;
+package org.elasticsearch.xpack.security.transport.netty;
 
 import org.elasticsearch.common.logging.Loggers;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.shield.ssl.SSLConfiguration.Global;
-import org.elasticsearch.shield.ssl.ServerSSLService;
+import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global;
+import org.elasticsearch.xpack.security.ssl.ServerSSLService;
 import org.elasticsearch.test.ESTestCase;
 import org.jboss.netty.bootstrap.ClientBootstrap;
 import org.jboss.netty.bootstrap.ServerBootstrap;
@@ -71,7 +71,8 @@ public class HandshakeWaitingHandlerTests extends ESTestCase {
         iterations = randomIntBetween(10, 100);
 
         Settings settings = Settings.builder()
-                .put("xpack.security.ssl.keystore.path", getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks"))
+                .put("xpack.security.ssl.keystore.path",
+                        getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"))
                 .put("xpack.security.ssl.keystore.password", "testnode")
                 .build();
         Environment env = new Environment(Settings.builder().put("path.home", createTempDir()).build());
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/IPFilterNettyUpstreamHandlerTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty/IPFilterNettyUpstreamHandlerTests.java
similarity index 97%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/IPFilterNettyUpstreamHandlerTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty/IPFilterNettyUpstreamHandlerTests.java
index f2103f8f5ff..5518fc959f1 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/IPFilterNettyUpstreamHandlerTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty/IPFilterNettyUpstreamHandlerTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport.netty;
+package org.elasticsearch.xpack.security.transport.netty;
 
 import org.elasticsearch.common.component.Lifecycle;
 import org.elasticsearch.common.network.InetAddresses;
@@ -13,9 +13,9 @@ import org.elasticsearch.common.transport.BoundTransportAddress;
 import org.elasticsearch.common.transport.InetSocketTransportAddress;
 import org.elasticsearch.common.transport.TransportAddress;
 import org.elasticsearch.http.HttpServerTransport;
-import org.elasticsearch.shield.audit.AuditTrail;
-import org.elasticsearch.shield.SecurityLicenseState;
-import org.elasticsearch.shield.transport.filter.IPFilter;
+import org.elasticsearch.xpack.security.audit.AuditTrail;
+import org.elasticsearch.xpack.security.SecurityLicenseState;
+import org.elasticsearch.xpack.security.transport.filter.IPFilter;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.transport.Transport;
 import org.elasticsearch.transport.TransportSettings;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/IPHostnameVerificationTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty/IPHostnameVerificationTests.java
similarity index 84%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/IPHostnameVerificationTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty/IPHostnameVerificationTests.java
index b34271d594f..007a2dd08dc 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/IPHostnameVerificationTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty/IPHostnameVerificationTests.java
@@ -3,11 +3,11 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport.netty;
+package org.elasticsearch.xpack.security.transport.netty;
 
 import org.elasticsearch.client.Client;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.test.ShieldIntegTestCase;
+import org.elasticsearch.test.SecurityIntegTestCase;
 import org.elasticsearch.transport.TransportSettings;
 
 import java.nio.file.Files;
@@ -16,7 +16,7 @@ import java.util.Map.Entry;
 
 import static org.hamcrest.CoreMatchers.is;
 
-public class IPHostnameVerificationTests extends ShieldIntegTestCase {
+public class IPHostnameVerificationTests extends SecurityIntegTestCase {
     Path keystore;
 
     @Override
@@ -48,7 +48,7 @@ public class IPHostnameVerificationTests extends ShieldIntegTestCase {
 
         try {
             //This keystore uses a cert with a CN of "Elasticsearch Test Node" and IPv4+IPv6 ip addresses as SubjectAlternativeNames
-            keystore = getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-ip-only.jks");
+            keystore = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-ip-only.jks");
             assertThat(Files.exists(keystore), is(true));
         } catch (Exception e) {
             throw new RuntimeException(e);
@@ -61,8 +61,8 @@ public class IPHostnameVerificationTests extends ShieldIntegTestCase {
                 .put(TransportSettings.BIND_HOST.getKey(), "127.0.0.1")
                 .put("network.host", "127.0.0.1")
                 .put("xpack.security.ssl.client.auth", "false")
-                .put(ShieldNettyTransport.HOSTNAME_VERIFICATION_SETTING.getKey(), true)
-                .put(ShieldNettyTransport.HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING.getKey(), false)
+                .put(SecurityNettyTransport.HOSTNAME_VERIFICATION_SETTING.getKey(), true)
+                .put(SecurityNettyTransport.HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING.getKey(), false)
                 .build();
     }
 
@@ -78,8 +78,8 @@ public class IPHostnameVerificationTests extends ShieldIntegTestCase {
         clientSettings = builder.build();
 
         return Settings.builder().put(clientSettings)
-                .put(ShieldNettyTransport.HOSTNAME_VERIFICATION_SETTING.getKey(), true)
-                .put(ShieldNettyTransport.HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING.getKey(), false)
+                .put(SecurityNettyTransport.HOSTNAME_VERIFICATION_SETTING.getKey(), true)
+                .put(SecurityNettyTransport.HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING.getKey(), false)
                 .put("xpack.security.ssl.keystore.path", keystore.toAbsolutePath())
                 .put("xpack.security.ssl.keystore.password", "testnode-ip-only")
                 .put("xpack.security.ssl.truststore.path", keystore.toAbsolutePath())
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransportTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty/SecurityNettyHttpServerTransportTests.java
similarity index 70%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransportTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty/SecurityNettyHttpServerTransportTests.java
index 538c532574b..c714964b5b3 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransportTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty/SecurityNettyHttpServerTransportTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport.netty;
+package org.elasticsearch.xpack.security.transport.netty;
 
 import org.elasticsearch.common.network.NetworkService;
 import org.elasticsearch.common.settings.Settings;
@@ -11,10 +11,10 @@ import org.elasticsearch.common.util.BigArrays;
 import org.elasticsearch.env.Environment;
 import org.elasticsearch.http.HttpTransportSettings;
 import org.elasticsearch.http.netty.NettyHttpMockUtil;
-import org.elasticsearch.shield.ssl.SSLConfiguration.Global;
-import org.elasticsearch.shield.ssl.ServerSSLService;
-import org.elasticsearch.shield.transport.SSLClientAuth;
-import org.elasticsearch.shield.transport.filter.IPFilter;
+import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global;
+import org.elasticsearch.xpack.security.ssl.ServerSSLService;
+import org.elasticsearch.xpack.security.transport.SSLClientAuth;
+import org.elasticsearch.xpack.security.transport.filter.IPFilter;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.jboss.netty.channel.ChannelPipelineFactory;
@@ -31,13 +31,13 @@ import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.not;
 import static org.mockito.Mockito.mock;
 
-public class ShieldNettyHttpServerTransportTests extends ESTestCase {
+public class SecurityNettyHttpServerTransportTests extends ESTestCase {
 
     private ServerSSLService serverSSLService;
 
     @Before
     public void createSSLService() throws Exception {
-        Path testnodeStore = getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks");
+        Path testnodeStore = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks");
         Settings settings = Settings.builder()
                 .put("xpack.security.ssl.keystore.path", testnodeStore)
                 .put("xpack.security.ssl.keystore.password", "testnode")
@@ -47,8 +47,8 @@ public class ShieldNettyHttpServerTransportTests extends ESTestCase {
     }
 
     public void testDefaultClientAuth() throws Exception {
-        Settings settings = Settings.builder().put(ShieldNettyHttpServerTransport.SSL_SETTING.getKey(), true).build();
-        ShieldNettyHttpServerTransport transport = new ShieldNettyHttpServerTransport(settings, mock(NetworkService.class),
+        Settings settings = Settings.builder().put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), true).build();
+        SecurityNettyHttpServerTransport transport = new SecurityNettyHttpServerTransport(settings, mock(NetworkService.class),
                 mock(BigArrays.class), mock(IPFilter.class), serverSSLService, mock(ThreadPool.class));
         NettyHttpMockUtil.setOpenChannelsHandlerToMock(transport);
         ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory();
@@ -59,9 +59,9 @@ public class ShieldNettyHttpServerTransportTests extends ESTestCase {
     public void testOptionalClientAuth() throws Exception {
         String value = randomFrom(SSLClientAuth.OPTIONAL.name(), SSLClientAuth.OPTIONAL.name().toLowerCase(Locale.ROOT));
         Settings settings = Settings.builder()
-                .put(ShieldNettyHttpServerTransport.SSL_SETTING.getKey(), true)
-                .put(ShieldNettyHttpServerTransport.CLIENT_AUTH_SETTING.getKey(), value).build();
-        ShieldNettyHttpServerTransport transport = new ShieldNettyHttpServerTransport(settings, mock(NetworkService.class),
+                .put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), true)
+                .put(SecurityNettyHttpServerTransport.CLIENT_AUTH_SETTING.getKey(), value).build();
+        SecurityNettyHttpServerTransport transport = new SecurityNettyHttpServerTransport(settings, mock(NetworkService.class),
                 mock(BigArrays.class), mock(IPFilter.class), serverSSLService, mock(ThreadPool.class));
         NettyHttpMockUtil.setOpenChannelsHandlerToMock(transport);
         ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory();
@@ -72,9 +72,9 @@ public class ShieldNettyHttpServerTransportTests extends ESTestCase {
     public void testRequiredClientAuth() throws Exception {
         String value = randomFrom(SSLClientAuth.REQUIRED.name(), SSLClientAuth.REQUIRED.name().toLowerCase(Locale.ROOT), "true", "TRUE");
         Settings settings = Settings.builder()
-                .put(ShieldNettyHttpServerTransport.SSL_SETTING.getKey(), true)
-                .put(ShieldNettyHttpServerTransport.CLIENT_AUTH_SETTING.getKey(), value).build();
-        ShieldNettyHttpServerTransport transport = new ShieldNettyHttpServerTransport(settings, mock(NetworkService.class),
+                .put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), true)
+                .put(SecurityNettyHttpServerTransport.CLIENT_AUTH_SETTING.getKey(), value).build();
+        SecurityNettyHttpServerTransport transport = new SecurityNettyHttpServerTransport(settings, mock(NetworkService.class),
                 mock(BigArrays.class), mock(IPFilter.class), serverSSLService, mock(ThreadPool.class));
         NettyHttpMockUtil.setOpenChannelsHandlerToMock(transport);
         ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory();
@@ -85,9 +85,9 @@ public class ShieldNettyHttpServerTransportTests extends ESTestCase {
     public void testNoClientAuth() throws Exception {
         String value = randomFrom(SSLClientAuth.NO.name(), SSLClientAuth.NO.name().toLowerCase(Locale.ROOT), "false", "FALSE");
         Settings settings = Settings.builder()
-                .put(ShieldNettyHttpServerTransport.SSL_SETTING.getKey(), true)
-                .put(ShieldNettyHttpServerTransport.CLIENT_AUTH_SETTING.getKey(), value).build();
-        ShieldNettyHttpServerTransport transport = new ShieldNettyHttpServerTransport(settings, mock(NetworkService.class),
+                .put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), true)
+                .put(SecurityNettyHttpServerTransport.CLIENT_AUTH_SETTING.getKey(), value).build();
+        SecurityNettyHttpServerTransport transport = new SecurityNettyHttpServerTransport(settings, mock(NetworkService.class),
                 mock(BigArrays.class), mock(IPFilter.class), serverSSLService, mock(ThreadPool.class));
         NettyHttpMockUtil.setOpenChannelsHandlerToMock(transport);
         ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory();
@@ -97,18 +97,18 @@ public class ShieldNettyHttpServerTransportTests extends ESTestCase {
 
     public void testCustomSSLConfiguration() throws Exception {
         Settings settings = Settings.builder()
-                .put(ShieldNettyHttpServerTransport.SSL_SETTING.getKey(), true).build();
-        ShieldNettyHttpServerTransport transport = new ShieldNettyHttpServerTransport(settings, mock(NetworkService.class),
+                .put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), true).build();
+        SecurityNettyHttpServerTransport transport = new SecurityNettyHttpServerTransport(settings, mock(NetworkService.class),
                 mock(BigArrays.class), mock(IPFilter.class), serverSSLService, mock(ThreadPool.class));
         NettyHttpMockUtil.setOpenChannelsHandlerToMock(transport);
         ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory();
         SSLEngine defaultEngine = factory.getPipeline().get(SslHandler.class).getEngine();
 
         settings = Settings.builder()
-                .put(ShieldNettyHttpServerTransport.SSL_SETTING.getKey(), true)
+                .put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), true)
                 .put("xpack.security.http.ssl.supported_protocols", "TLSv1.2")
                 .build();
-        transport = new ShieldNettyHttpServerTransport(settings, mock(NetworkService.class),
+        transport = new SecurityNettyHttpServerTransport(settings, mock(NetworkService.class),
                 mock(BigArrays.class), mock(IPFilter.class), serverSSLService, mock(ThreadPool.class));
         NettyHttpMockUtil.setOpenChannelsHandlerToMock(transport);
         factory = transport.configureServerChannelPipelineFactory();
@@ -119,29 +119,29 @@ public class ShieldNettyHttpServerTransportTests extends ESTestCase {
 
     public void testDisablesCompressionByDefaultForSsl() throws Exception {
         Settings settings = Settings.builder()
-                .put(ShieldNettyHttpServerTransport.SSL_SETTING.getKey(), true).build();
+                .put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), true).build();
 
         Settings.Builder pluginSettingsBuilder = Settings.builder();
-        ShieldNettyHttpServerTransport.overrideSettings(pluginSettingsBuilder, settings);
+        SecurityNettyHttpServerTransport.overrideSettings(pluginSettingsBuilder, settings);
         assertThat(HttpTransportSettings.SETTING_HTTP_COMPRESSION.get(pluginSettingsBuilder.build()), is(false));
     }
 
     public void testLeavesCompressionOnIfNotSsl() throws Exception {
         Settings settings = Settings.builder()
-                .put(ShieldNettyHttpServerTransport.SSL_SETTING.getKey(), false).build();
+                .put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), false).build();
         Settings.Builder pluginSettingsBuilder = Settings.builder();
-        ShieldNettyHttpServerTransport.overrideSettings(pluginSettingsBuilder, settings);
+        SecurityNettyHttpServerTransport.overrideSettings(pluginSettingsBuilder, settings);
         assertThat(pluginSettingsBuilder.build().isEmpty(), is(true));
     }
 
     public void testDoesNotChangeExplicitlySetCompression() throws Exception {
         Settings settings = Settings.builder()
-                .put(ShieldNettyHttpServerTransport.SSL_SETTING.getKey(), true)
+                .put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), true)
                 .put(HttpTransportSettings.SETTING_HTTP_COMPRESSION.getKey(), true)
                 .build();
 
         Settings.Builder pluginSettingsBuilder = Settings.builder();
-        ShieldNettyHttpServerTransport.overrideSettings(pluginSettingsBuilder, settings);
+        SecurityNettyHttpServerTransport.overrideSettings(pluginSettingsBuilder, settings);
         assertThat(pluginSettingsBuilder.build().isEmpty(), is(true));
     }
 }
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransportTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty/SecurityNettyTransportTests.java
similarity index 71%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransportTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty/SecurityNettyTransportTests.java
index 95d48f2170b..570ffadf16c 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransportTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty/SecurityNettyTransportTests.java
@@ -3,19 +3,18 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport.netty;
+package org.elasticsearch.xpack.security.transport.netty;
 
-import org.elasticsearch.Version;
 import org.elasticsearch.common.io.stream.NamedWriteableRegistry;
 import org.elasticsearch.common.network.NetworkService;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.BigArrays;
 import org.elasticsearch.env.Environment;
 import org.elasticsearch.indices.breaker.CircuitBreakerService;
-import org.elasticsearch.shield.ssl.ClientSSLService;
-import org.elasticsearch.shield.ssl.SSLConfiguration.Global;
-import org.elasticsearch.shield.ssl.ServerSSLService;
-import org.elasticsearch.shield.transport.SSLClientAuth;
+import org.elasticsearch.xpack.security.ssl.ClientSSLService;
+import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global;
+import org.elasticsearch.xpack.security.ssl.ServerSSLService;
+import org.elasticsearch.xpack.security.transport.SSLClientAuth;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.netty.NettyMockUtil;
@@ -31,13 +30,13 @@ import static org.hamcrest.Matchers.notNullValue;
 import static org.hamcrest.Matchers.nullValue;
 import static org.mockito.Mockito.mock;
 
-public class ShieldNettyTransportTests extends ESTestCase {
+public class SecurityNettyTransportTests extends ESTestCase {
     private ServerSSLService serverSSLService;
     private ClientSSLService clientSSLService;
 
     @Before
     public void createSSLService() throws Exception {
-        Path testnodeStore = getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks");
+        Path testnodeStore = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks");
         Settings settings = Settings.builder()
                 .put("xpack.security.ssl.keystore.path", testnodeStore)
                 .put("xpack.security.ssl.keystore.password", "testnode")
@@ -50,8 +49,8 @@ public class ShieldNettyTransportTests extends ESTestCase {
     }
 
     public void testThatSSLCanBeDisabledByProfile() throws Exception {
-        Settings settings = Settings.builder().put(ShieldNettyTransport.SSL_SETTING.getKey(), true).build();
-        ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class),
+        Settings settings = Settings.builder().put(SecurityNettyTransport.SSL_SETTING.getKey(), true).build();
+        SecurityNettyTransport transport = new SecurityNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class),
                 mock(BigArrays.class), null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class),
                 mock(CircuitBreakerService.class));
         NettyMockUtil.setOpenChannelsHandlerToMock(transport);
@@ -61,8 +60,8 @@ public class ShieldNettyTransportTests extends ESTestCase {
     }
 
     public void testThatSSLCanBeEnabledByProfile() throws Exception {
-        Settings settings = Settings.builder().put(ShieldNettyTransport.SSL_SETTING.getKey(), false).build();
-        ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class),
+        Settings settings = Settings.builder().put(SecurityNettyTransport.SSL_SETTING.getKey(), false).build();
+        SecurityNettyTransport transport = new SecurityNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class),
                 mock(BigArrays.class), null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class),
                 mock(CircuitBreakerService.class));
         NettyMockUtil.setOpenChannelsHandlerToMock(transport);
@@ -72,8 +71,8 @@ public class ShieldNettyTransportTests extends ESTestCase {
     }
 
     public void testThatProfileTakesDefaultSSLSetting() throws Exception {
-        Settings settings = Settings.builder().put(ShieldNettyTransport.SSL_SETTING.getKey(), true).build();
-        ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class),
+        Settings settings = Settings.builder().put(SecurityNettyTransport.SSL_SETTING.getKey(), true).build();
+        SecurityNettyTransport transport = new SecurityNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class),
                 mock(BigArrays.class), null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class),
                 mock(CircuitBreakerService.class));
         NettyMockUtil.setOpenChannelsHandlerToMock(transport);
@@ -82,8 +81,8 @@ public class ShieldNettyTransportTests extends ESTestCase {
     }
 
     public void testDefaultClientAuth() throws Exception {
-        Settings settings = Settings.builder().put(ShieldNettyTransport.SSL_SETTING.getKey(), true).build();
-        ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class),
+        Settings settings = Settings.builder().put(SecurityNettyTransport.SSL_SETTING.getKey(), true).build();
+        SecurityNettyTransport transport = new SecurityNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class),
                 mock(BigArrays.class), null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class),
                 mock(CircuitBreakerService.class));
         NettyMockUtil.setOpenChannelsHandlerToMock(transport);
@@ -95,9 +94,9 @@ public class ShieldNettyTransportTests extends ESTestCase {
     public void testRequiredClientAuth() throws Exception {
         String value = randomFrom(SSLClientAuth.REQUIRED.name(), SSLClientAuth.REQUIRED.name().toLowerCase(Locale.ROOT), "true");
         Settings settings = Settings.builder()
-                .put(ShieldNettyTransport.SSL_SETTING.getKey(), true)
-                .put(ShieldNettyTransport.CLIENT_AUTH_SETTING.getKey(), value).build();
-        ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class),
+                .put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
+                .put(SecurityNettyTransport.CLIENT_AUTH_SETTING.getKey(), value).build();
+        SecurityNettyTransport transport = new SecurityNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class),
                 mock(BigArrays.class), null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class),
                 mock(CircuitBreakerService.class));
         NettyMockUtil.setOpenChannelsHandlerToMock(transport);
@@ -109,9 +108,9 @@ public class ShieldNettyTransportTests extends ESTestCase {
     public void testNoClientAuth() throws Exception {
         String value = randomFrom(SSLClientAuth.NO.name(), "false", "FALSE", SSLClientAuth.NO.name().toLowerCase(Locale.ROOT));
         Settings settings = Settings.builder()
-                .put(ShieldNettyTransport.SSL_SETTING.getKey(), true)
-                .put(ShieldNettyTransport.CLIENT_AUTH_SETTING.getKey(), value).build();
-        ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class),
+                .put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
+                .put(SecurityNettyTransport.CLIENT_AUTH_SETTING.getKey(), value).build();
+        SecurityNettyTransport transport = new SecurityNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class),
                 mock(BigArrays.class), null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class),
                 mock(CircuitBreakerService.class));
         NettyMockUtil.setOpenChannelsHandlerToMock(transport);
@@ -123,11 +122,11 @@ public class ShieldNettyTransportTests extends ESTestCase {
     public void testOptionalClientAuth() throws Exception {
         String value = randomFrom(SSLClientAuth.OPTIONAL.name(), SSLClientAuth.OPTIONAL.name().toLowerCase(Locale.ROOT));
         Settings settings = Settings.builder()
-                .put(ShieldNettyTransport.SSL_SETTING.getKey(), true)
-                .put(ShieldNettyTransport.CLIENT_AUTH_SETTING.getKey(), value).build();
-        ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class),
+                .put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
+                .put(SecurityNettyTransport.CLIENT_AUTH_SETTING.getKey(), value).build();
+        SecurityNettyTransport transport = new SecurityNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class),
                 mock(BigArrays.class), null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class),
-                mock(CircuitBreakerService.class));
+               mock(CircuitBreakerService.class));
         NettyMockUtil.setOpenChannelsHandlerToMock(transport);
         ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.EMPTY);
         assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(false));
@@ -136,39 +135,39 @@ public class ShieldNettyTransportTests extends ESTestCase {
 
     public void testProfileRequiredClientAuth() throws Exception {
         String value = randomFrom(SSLClientAuth.REQUIRED.name(), SSLClientAuth.REQUIRED.name().toLowerCase(Locale.ROOT), "true", "TRUE");
-        Settings settings = Settings.builder().put(ShieldNettyTransport.SSL_SETTING.getKey(), true).build();
-        ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class),
+        Settings settings = Settings.builder().put(SecurityNettyTransport.SSL_SETTING.getKey(), true).build();
+        SecurityNettyTransport transport = new SecurityNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class),
                 mock(BigArrays.class), null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class),
                 mock(CircuitBreakerService.class));
         NettyMockUtil.setOpenChannelsHandlerToMock(transport);
         ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client",
-                Settings.builder().put(ShieldNettyTransport.PROFILE_CLIENT_AUTH_SETTING, value).build());
+                Settings.builder().put(SecurityNettyTransport.PROFILE_CLIENT_AUTH_SETTING, value).build());
         assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(true));
         assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getWantClientAuth(), is(false));
     }
 
     public void testProfileNoClientAuth() throws Exception {
         String value = randomFrom(SSLClientAuth.NO.name(), "false", "FALSE", SSLClientAuth.NO.name().toLowerCase(Locale.ROOT));
-        Settings settings = Settings.builder().put(ShieldNettyTransport.SSL_SETTING.getKey(), true).build();
-        ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class),
+        Settings settings = Settings.builder().put(SecurityNettyTransport.SSL_SETTING.getKey(), true).build();
+        SecurityNettyTransport transport = new SecurityNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class),
                 mock(BigArrays.class), null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class),
                 mock(CircuitBreakerService.class));
         NettyMockUtil.setOpenChannelsHandlerToMock(transport);
         ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client",
-                Settings.builder().put(ShieldNettyTransport.PROFILE_CLIENT_AUTH_SETTING.getKey(), value).build());
+                Settings.builder().put(SecurityNettyTransport.PROFILE_CLIENT_AUTH_SETTING.getKey(), value).build());
         assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(false));
         assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getWantClientAuth(), is(false));
     }
 
     public void testProfileOptionalClientAuth() throws Exception {
         String value = randomFrom(SSLClientAuth.OPTIONAL.name(), SSLClientAuth.OPTIONAL.name().toLowerCase(Locale.ROOT));
-        Settings settings = Settings.builder().put(ShieldNettyTransport.SSL_SETTING.getKey(), true).build();
-        ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class),
+        Settings settings = Settings.builder().put(SecurityNettyTransport.SSL_SETTING.getKey(), true).build();
+        SecurityNettyTransport transport = new SecurityNettyTransport(settings, mock(ThreadPool.class),
                 mock(NetworkService.class), mock(BigArrays.class), null, serverSSLService, clientSSLService,
                 mock(NamedWriteableRegistry.class), mock(CircuitBreakerService.class));
         NettyMockUtil.setOpenChannelsHandlerToMock(transport);
         ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client",
-                Settings.builder().put(ShieldNettyTransport.PROFILE_CLIENT_AUTH_SETTING.getKey(), value).build());
+                Settings.builder().put(SecurityNettyTransport.PROFILE_CLIENT_AUTH_SETTING.getKey(), value).build());
         assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(false));
         assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getWantClientAuth(), is(true));
     }
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/SslHostnameVerificationTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty/SslHostnameVerificationTests.java
similarity index 86%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/SslHostnameVerificationTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty/SslHostnameVerificationTests.java
index 26e9a353a22..ebf874d37f9 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/SslHostnameVerificationTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty/SslHostnameVerificationTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport.netty;
+package org.elasticsearch.xpack.security.transport.netty;
 
 import org.elasticsearch.client.Client;
 import org.elasticsearch.client.transport.NoNodeAvailableException;
@@ -11,8 +11,8 @@ import org.elasticsearch.client.transport.TransportClient;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.transport.InetSocketTransportAddress;
 import org.elasticsearch.common.transport.TransportAddress;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.test.ShieldIntegTestCase;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.test.SecurityIntegTestCase;
 import org.elasticsearch.transport.Transport;
 import org.elasticsearch.xpack.XPackPlugin;
 
@@ -25,7 +25,7 @@ import static org.hamcrest.CoreMatchers.instanceOf;
 import static org.hamcrest.CoreMatchers.is;
 import static org.hamcrest.Matchers.containsString;
 
-public class SslHostnameVerificationTests extends ShieldIntegTestCase {
+public class SslHostnameVerificationTests extends SecurityIntegTestCase {
 
     @Override
     protected boolean sslTransportEnabled() {
@@ -47,7 +47,7 @@ public class SslHostnameVerificationTests extends ShieldIntegTestCase {
              * This keystore uses a cert without any subject alternative names and a CN of "Elasticsearch Test Node No SAN"
              * that will not resolve to a DNS name and will always cause hostname verification failures
              */
-            keystore = getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-no-subjaltname.jks");
+            keystore = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-no-subjaltname.jks");
             assert keystore != null;
             assertThat(Files.exists(keystore), is(true));
         } catch (Exception e) {
@@ -59,13 +59,13 @@ public class SslHostnameVerificationTests extends ShieldIntegTestCase {
                 .put("xpack.security.ssl.truststore.path", keystore.toAbsolutePath())
                 .put("xpack.security.ssl.truststore.password", "testnode-no-subjaltname")
                 // disable hostname verification as this test uses non-localhost addresses
-                .put(ShieldNettyTransport.HOSTNAME_VERIFICATION_SETTING.getKey(), false)
+                .put(SecurityNettyTransport.HOSTNAME_VERIFICATION_SETTING.getKey(), false)
                 .build();
     }
 
     @Override
     protected Settings transportClientSettings() {
-        Path keystore = getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-no-subjaltname.jks");
+        Path keystore = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-no-subjaltname.jks");
         assert keystore != null;
         Settings settings = super.transportClientSettings();
         // remove all ssl settings
@@ -77,7 +77,7 @@ public class SslHostnameVerificationTests extends ShieldIntegTestCase {
             }
         }
 
-        builder.put(ShieldNettyTransport.HOSTNAME_VERIFICATION_SETTING.getKey(), false)
+        builder.put(SecurityNettyTransport.HOSTNAME_VERIFICATION_SETTING.getKey(), false)
                 .put("xpack.security.ssl.keystore.path", keystore.toAbsolutePath()) // settings for client keystore
                 .put("xpack.security.ssl.keystore.password", "testnode-no-subjaltname");
 
@@ -96,7 +96,7 @@ public class SslHostnameVerificationTests extends ShieldIntegTestCase {
         InetSocketAddress inetSocketAddress = ((InetSocketTransportAddress) transportAddress).address();
 
         Settings settings = Settings.builder().put(transportClientSettings())
-                .put(ShieldNettyTransport.HOSTNAME_VERIFICATION_SETTING.getKey(), true)
+                .put(SecurityNettyTransport.HOSTNAME_VERIFICATION_SETTING.getKey(), true)
                 .build();
 
         try (TransportClient client = TransportClient.builder().addPlugin(XPackPlugin.class).settings(settings).build()) {
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/ssl/SslClientAuthTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslClientAuthTests.java
similarity index 79%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/ssl/SslClientAuthTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslClientAuthTests.java
index 1948175177d..ccdfa853aa0 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/ssl/SslClientAuthTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslClientAuthTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport.ssl;
+package org.elasticsearch.xpack.security.transport.ssl;
 
 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.conn.ssl.SSLContexts;
@@ -15,12 +15,12 @@ import org.elasticsearch.common.network.NetworkModule;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.transport.TransportAddress;
 import org.elasticsearch.http.HttpServerTransport;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.ssl.ClientSSLService;
-import org.elasticsearch.shield.ssl.SSLConfiguration.Global;
-import org.elasticsearch.shield.transport.netty.ShieldNettyHttpServerTransport;
-import org.elasticsearch.shield.transport.netty.ShieldNettyTransport;
-import org.elasticsearch.test.ShieldIntegTestCase;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.ssl.ClientSSLService;
+import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
+import org.elasticsearch.test.SecurityIntegTestCase;
 import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
 import org.elasticsearch.test.rest.client.http.HttpResponse;
 import org.elasticsearch.transport.Transport;
@@ -31,19 +31,19 @@ import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
-import static org.elasticsearch.test.ShieldSettingsSource.getSSLSettingsForStore;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.test.SecuritySettingsSource.getSSLSettingsForStore;
 import static org.hamcrest.Matchers.containsString;
 
-public class SslClientAuthTests extends ShieldIntegTestCase {
+public class SslClientAuthTests extends SecurityIntegTestCase {
     @Override
     protected Settings nodeSettings(int nodeOrdinal) {
         return Settings.builder()
                 .put(super.nodeSettings(nodeOrdinal))
                 // invert the require auth settings
-                .put(ShieldNettyTransport.SSL_SETTING.getKey(), true)
-                .put(ShieldNettyHttpServerTransport.SSL_SETTING.getKey(), true)
-                .put(ShieldNettyHttpServerTransport.CLIENT_AUTH_SETTING.getKey(), true)
+                .put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
+                .put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), true)
+                .put(SecurityNettyHttpServerTransport.CLIENT_AUTH_SETTING.getKey(), true)
                 .put("transport.profiles.default.xpack.security.ssl.client.auth", false)
                 .put(NetworkModule.HTTP_ENABLED.getKey(), true)
                 .build();
@@ -75,7 +75,7 @@ public class SslClientAuthTests extends ShieldIntegTestCase {
 
     public void testThatHttpWorksWithSslClientAuth() throws IOException {
         Settings settings = Settings.builder()
-                .put(getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.jks", "testclient"))
+                .put(getSSLSettingsForStore("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.jks", "testclient"))
                 .build();
         ClientSSLService sslService = new ClientSSLService(settings, new Global(settings));
 
@@ -96,14 +96,14 @@ public class SslClientAuthTests extends ShieldIntegTestCase {
 
     public void testThatTransportWorksWithoutSslClientAuth() throws Exception {
         // specify an arbitrary keystore, that does not include the certs needed to connect to the transport protocol
-        Path store = getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks");
+        Path store = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient-client-profile.jks");
 
         if (Files.notExists(store)) {
             throw new ElasticsearchException("store path doesn't exist");
         }
 
         Settings settings = Settings.builder()
-                .put(ShieldNettyTransport.SSL_SETTING.getKey(), true)
+                .put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
                 .put("xpack.security.ssl.keystore.path", store)
                 .put("xpack.security.ssl.keystore.password", "testclient-client-profile")
                 .put("cluster.name", internalCluster().getClusterName())
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/ssl/SslIntegrationTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslIntegrationTests.java
similarity index 91%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/ssl/SslIntegrationTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslIntegrationTests.java
index 351897b35f5..184becaaf1b 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/ssl/SslIntegrationTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslIntegrationTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport.ssl;
+package org.elasticsearch.xpack.security.transport.ssl;
 
 import org.apache.http.auth.AuthScope;
 import org.apache.http.auth.UsernamePasswordCredentials;
@@ -22,10 +22,10 @@ import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.transport.InetSocketTransportAddress;
 import org.elasticsearch.common.transport.TransportAddress;
 import org.elasticsearch.http.HttpServerTransport;
-import org.elasticsearch.shield.ssl.ClientSSLService;
-import org.elasticsearch.shield.ssl.SSLConfiguration.Global;
-import org.elasticsearch.shield.transport.netty.ShieldNettyHttpServerTransport;
-import org.elasticsearch.test.ShieldIntegTestCase;
+import org.elasticsearch.xpack.security.ssl.ClientSSLService;
+import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
+import org.elasticsearch.test.SecurityIntegTestCase;
 import org.elasticsearch.transport.Transport;
 import org.elasticsearch.xpack.XPackPlugin;
 
@@ -38,17 +38,17 @@ import java.security.KeyStore;
 import java.security.SecureRandom;
 import java.util.Locale;
 
-import static org.elasticsearch.test.ShieldSettingsSource.getSSLSettingsForStore;
+import static org.elasticsearch.test.SecuritySettingsSource.getSSLSettingsForStore;
 import static org.hamcrest.CoreMatchers.is;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.instanceOf;
 
-public class SslIntegrationTests extends ShieldIntegTestCase {
+public class SslIntegrationTests extends SecurityIntegTestCase {
     @Override
     protected Settings nodeSettings(int nodeOrdinal) {
         return Settings.builder().put(super.nodeSettings(nodeOrdinal))
                 .put(NetworkModule.HTTP_ENABLED.getKey(), true)
-                .put(ShieldNettyHttpServerTransport.SSL_SETTING.getKey(), true).build();
+                .put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), true).build();
     }
 
     @Override
@@ -96,7 +96,7 @@ public class SslIntegrationTests extends ShieldIntegTestCase {
 
     public void testThatConnectionToHTTPWorks() throws Exception {
         Settings settings = Settings.builder()
-                .put(getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.jks", "testclient"))
+                .put(getSSLSettingsForStore("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.jks", "testclient"))
                 .build();
         ClientSSLService service = new ClientSSLService(settings, new Global(settings));
 
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/ssl/SslMultiPortTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslMultiPortTests.java
similarity index 91%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/ssl/SslMultiPortTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslMultiPortTests.java
index 7137b9598b1..658316d98de 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/ssl/SslMultiPortTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslMultiPortTests.java
@@ -3,16 +3,16 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.transport.ssl;
+package org.elasticsearch.xpack.security.transport.ssl;
 
 import org.elasticsearch.client.transport.NoNodeAvailableException;
 import org.elasticsearch.client.transport.TransportClient;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.transport.InetSocketTransportAddress;
 import org.elasticsearch.common.transport.TransportAddress;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.transport.netty.ShieldNettyTransport;
-import org.elasticsearch.test.ShieldIntegTestCase;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
+import org.elasticsearch.test.SecurityIntegTestCase;
 import org.elasticsearch.transport.Transport;
 import org.elasticsearch.xpack.XPackPlugin;
 import org.junit.BeforeClass;
@@ -22,13 +22,13 @@ import java.nio.file.Files;
 import java.nio.file.Path;
 import java.util.Map.Entry;
 
-import static org.elasticsearch.test.ShieldSettingsSource.DEFAULT_PASSWORD;
-import static org.elasticsearch.test.ShieldSettingsSource.DEFAULT_USER_NAME;
-import static org.elasticsearch.test.ShieldSettingsSource.getSSLSettingsForStore;
+import static org.elasticsearch.test.SecuritySettingsSource.DEFAULT_PASSWORD;
+import static org.elasticsearch.test.SecuritySettingsSource.DEFAULT_USER_NAME;
+import static org.elasticsearch.test.SecuritySettingsSource.getSSLSettingsForStore;
 import static org.hamcrest.CoreMatchers.is;
 import static org.hamcrest.Matchers.containsString;
 
-public class SslMultiPortTests extends ShieldIntegTestCase {
+public class SslMultiPortTests extends SecurityIntegTestCase {
 
     private static int randomClientPort;
     private static int randomNonSslPort;
@@ -58,7 +58,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
 
         Path store;
         try {
-            store = getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-client-profile.jks");
+            store = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-client-profile.jks");
             assertThat(Files.exists(store), is(true));
         } catch (Exception e) {
             throw new RuntimeException(e);
@@ -170,8 +170,8 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
      * set to trust the testclient-client-profile certificate so the connection should always succeed
      */
     public void testThatProfileTransportClientCanConnectToClientProfile() throws Exception {
-        Settings settings = getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks",
-                "testclient-client-profile");
+        Settings settings = getSSLSettingsForStore(
+                "/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient-client-profile.jks", "testclient-client-profile");
         try (TransportClient transportClient = createTransportClient(settings)) {
             transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("client")));
             assertGreenClusterState(transportClient);
@@ -185,8 +185,8 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
      * authentication
      */
     public void testThatProfileTransportClientCanConnectToNoClientAuthProfile() throws Exception {
-        Settings settings = getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks",
-                "testclient-client-profile");
+        Settings settings = getSSLSettingsForStore(
+                "/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient-client-profile.jks", "testclient-client-profile");
         try (TransportClient transportClient = createTransportClient(settings)) {
             transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(),
                     getProfilePort("no_client_auth")));
@@ -201,8 +201,8 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
      * so the connection should always fail
      */
     public void testThatProfileTransportClientCannotConnectToDefaultProfile() throws Exception {
-        Settings settings = getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks",
-                "testclient-client-profile");
+        Settings settings = getSSLSettingsForStore(
+                "/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient-client-profile.jks", "testclient-client-profile");
         try (TransportClient transportClient = createTransportClient(settings)) {
             TransportAddress transportAddress = randomFrom(internalCluster().getInstance(Transport.class).boundAddress().boundAddresses());
             transportClient.addTransportAddress(transportAddress);
@@ -219,8 +219,8 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
      * use SSL so the connection will never work
      */
     public void testThatProfileTransportClientCannotConnectToNoSslProfile() throws Exception {
-        Settings settings = getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks",
-                "testclient-client-profile");
+        Settings settings = getSSLSettingsForStore(
+                "/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient-client-profile.jks", "testclient-client-profile");
         try (TransportClient transportClient = createTransportClient(settings)) {
             transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("no_ssl")));
             transportClient.admin().cluster().prepareHealth().get();
@@ -236,7 +236,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
     public void testThatTransportClientCanConnectToNoSslProfile() throws Exception {
         Settings settings = Settings.builder()
                 .put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
-                .put(ShieldNettyTransport.SSL_SETTING.getKey(), false)
+                .put(SecurityNettyTransport.SSL_SETTING.getKey(), false)
                 .put("cluster.name", internalCluster().getClusterName())
                 .build();
         try (TransportClient transportClient = TransportClient.builder().settings(settings).addPlugin(XPackPlugin.class).build()) {
@@ -309,9 +309,9 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
         Settings settings = Settings.builder()
                 .put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
                 .put("cluster.name", internalCluster().getClusterName())
-                .put(ShieldNettyTransport.SSL_SETTING.getKey(), true)
+                .put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
                 .put("xpack.security.ssl.truststore.path",
-                        getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/truststore-testnode-only.jks"))
+                        getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/truststore-testnode-only.jks"))
                 .put("xpack.security.ssl.truststore.password", "truststore-testnode-only")
                 .build();
         try (TransportClient transportClient = TransportClient.builder().settings(settings).addPlugin(XPackPlugin.class).build()) {
@@ -331,9 +331,9 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
         Settings settings = Settings.builder()
                 .put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
                 .put("cluster.name", internalCluster().getClusterName())
-                .put(ShieldNettyTransport.SSL_SETTING.getKey(), true)
+                .put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
                 .put("xpack.security.ssl.truststore.path",
-                        getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/truststore-testnode-only.jks"))
+                        getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/truststore-testnode-only.jks"))
                 .put("xpack.security.ssl.truststore.password", "truststore-testnode-only")
                 .build();
         try (TransportClient transportClient = TransportClient.builder().addPlugin(XPackPlugin.class).settings(settings).build()) {
@@ -355,9 +355,9 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
         Settings settings = Settings.builder()
                 .put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
                 .put("cluster.name", internalCluster().getClusterName())
-                .put(ShieldNettyTransport.SSL_SETTING.getKey(), true)
+                .put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
                 .put("xpack.security.ssl.truststore.path",
-                        getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/truststore-testnode-only.jks"))
+                        getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/truststore-testnode-only.jks"))
                 .put("xpack.security.ssl.truststore.password", "truststore-testnode-only")
                 .build();
         try (TransportClient transportClient = TransportClient.builder().addPlugin(XPackPlugin.class).settings(settings).build()) {
@@ -378,9 +378,9 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
         Settings settings = Settings.builder()
                 .put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
                 .put("cluster.name", internalCluster().getClusterName())
-                .put(ShieldNettyTransport.SSL_SETTING.getKey(), true)
+                .put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
                 .put("xpack.security.ssl.truststore.path",
-                        getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/truststore-testnode-only.jks"))
+                        getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/truststore-testnode-only.jks"))
                 .put("xpack.security.ssl.truststore.password", "truststore-testnode-only")
                 .build();
         try (TransportClient transportClient = TransportClient.builder().addPlugin(XPackPlugin.class).settings(settings).build()) {
@@ -401,7 +401,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
         Settings settings = Settings.builder()
                 .put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
                 .put("cluster.name", internalCluster().getClusterName())
-                .put(ShieldNettyTransport.SSL_SETTING.getKey(), true)
+                .put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
                 .build();
         try (TransportClient transportClient = TransportClient.builder().addPlugin(XPackPlugin.class).settings(settings).build()) {
             transportClient.addTransportAddress(randomFrom(internalCluster().getInstance(Transport.class).boundAddress().boundAddresses()));
@@ -421,7 +421,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
         Settings settings = Settings.builder()
                 .put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
                 .put("cluster.name", internalCluster().getClusterName())
-                .put(ShieldNettyTransport.SSL_SETTING.getKey(), true)
+                .put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
                 .build();
         try (TransportClient transportClient = TransportClient.builder().addPlugin(XPackPlugin.class).settings(settings).build()) {
             transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("client")));
@@ -441,7 +441,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
         Settings settings = Settings.builder()
                 .put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
                 .put("cluster.name", internalCluster().getClusterName())
-                .put(ShieldNettyTransport.SSL_SETTING.getKey(), true)
+                .put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
                 .build();
         try (TransportClient transportClient = TransportClient.builder().addPlugin(XPackPlugin.class).settings(settings).build()) {
             transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(),
@@ -462,7 +462,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
         Settings settings = Settings.builder()
                 .put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
                 .put("cluster.name", internalCluster().getClusterName())
-                .put(ShieldNettyTransport.SSL_SETTING.getKey(), true)
+                .put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
                 .build();
         try (TransportClient transportClient = TransportClient.builder().addPlugin(XPackPlugin.class).settings(settings).build()) {
             transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("no_ssl")));
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/user/AnonymousUserIntegTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/user/AnonymousUserIntegTests.java
similarity index 93%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/user/AnonymousUserIntegTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/user/AnonymousUserIntegTests.java
index db701be1b1f..2458033d328 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/user/AnonymousUserIntegTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/user/AnonymousUserIntegTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.user;
+package org.elasticsearch.xpack.security.user;
 
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpGet;
@@ -15,8 +15,8 @@ import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.transport.InetSocketTransportAddress;
 import org.elasticsearch.common.transport.TransportAddress;
 import org.elasticsearch.http.HttpServerTransport;
-import org.elasticsearch.shield.authz.InternalAuthorizationService;
-import org.elasticsearch.test.ShieldIntegTestCase;
+import org.elasticsearch.xpack.security.authz.InternalAuthorizationService;
+import org.elasticsearch.test.SecurityIntegTestCase;
 
 import java.io.InputStreamReader;
 import java.nio.charset.StandardCharsets;
@@ -28,7 +28,7 @@ import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.notNullValue;
 import static org.hamcrest.Matchers.nullValue;
 
-public class AnonymousUserIntegTests extends ShieldIntegTestCase {
+public class AnonymousUserIntegTests extends SecurityIntegTestCase {
     private boolean authorizationExceptionsEnabled = randomBoolean();
 
     @Override
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/user/AnonymousUserTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/user/AnonymousUserTests.java
similarity index 98%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/user/AnonymousUserTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/user/AnonymousUserTests.java
index 84d2a608d3e..837e195e6f8 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/user/AnonymousUserTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/user/AnonymousUserTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.user;
+package org.elasticsearch.xpack.security.user;
 
 import org.elasticsearch.common.io.stream.ByteBufferStreamInput;
 import org.elasticsearch.common.io.stream.BytesStreamOutput;
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/user/SystemUserTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/user/SystemUserTests.java
similarity index 95%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/user/SystemUserTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/user/SystemUserTests.java
index 27500bdd149..bdd5660789f 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/user/SystemUserTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/user/SystemUserTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.user;
+package org.elasticsearch.xpack.security.user;
 
 import org.elasticsearch.test.ESTestCase;
 
diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/user/UserTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/user/UserTests.java
similarity index 99%
rename from elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/user/UserTests.java
rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/user/UserTests.java
index 24eee718dbe..c2c5448f42b 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/user/UserTests.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/user/UserTests.java
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.user;
+package org.elasticsearch.xpack.security.user;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.common.Strings;
diff --git a/elasticsearch/x-pack/shield/src/test/resources/log4j.properties b/elasticsearch/x-pack/security/src/test/resources/log4j.properties
similarity index 87%
rename from elasticsearch/x-pack/shield/src/test/resources/log4j.properties
rename to elasticsearch/x-pack/security/src/test/resources/log4j.properties
index 40c6d476edb..0075e168728 100644
--- a/elasticsearch/x-pack/shield/src/test/resources/log4j.properties
+++ b/elasticsearch/x-pack/security/src/test/resources/log4j.properties
@@ -8,7 +8,7 @@ log4j.appender.out=org.apache.log4j.ConsoleAppender
 log4j.appender.out.layout=org.apache.log4j.PatternLayout
 log4j.appender.out.layout.conversionPattern=[%d{ISO8601}][%-5p][%-25c] %m%n
 
-log4j.logger.shield.audit.logfile=${es.logger.level}, access_log
+log4j.logger.xpack.security.audit.logfile=${es.logger.level}, access_log
 
 log4j.appender.access_log=org.apache.log4j.ConsoleAppender
 log4j.appender.access_log.layout=org.apache.log4j.PatternLayout
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/actions b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/transport/actions
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/actions
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/transport/actions
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/handlers b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/transport/handlers
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/handlers
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/transport/handlers
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/activedirectory/ad-schema.ldif b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authc/activedirectory/ad-schema.ldif
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/activedirectory/ad-schema.ldif
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authc/activedirectory/ad-schema.ldif
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/activedirectory/ad.ldif b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authc/activedirectory/ad.ldif
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/activedirectory/ad.ldif
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authc/activedirectory/ad.ldif
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/activedirectory/role_mapping.yml b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authc/activedirectory/role_mapping.yml
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/activedirectory/role_mapping.yml
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authc/activedirectory/role_mapping.yml
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/file/users b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authc/file/users
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/file/users
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authc/file/users
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/file/users_roles b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authc/file/users_roles
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/file/users_roles
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authc/file/users_roles
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/ldap/support/ldapWithGroupSearch.yaml b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authc/ldap/support/ldapWithGroupSearch.yaml
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/ldap/support/ldapWithGroupSearch.yaml
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authc/ldap/support/ldapWithGroupSearch.yaml
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/ldap/support/ldapWithRoleMapping.yaml b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authc/ldap/support/ldapWithRoleMapping.yaml
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/ldap/support/ldapWithRoleMapping.yaml
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authc/ldap/support/ldapWithRoleMapping.yaml
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/ldap/support/ldaptrust.jks b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authc/ldap/support/ldaptrust.jks
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/ldap/support/ldaptrust.jks
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authc/ldap/support/ldaptrust.jks
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/ldap/support/seven-seas.ldif b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authc/ldap/support/seven-seas.ldif
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/ldap/support/seven-seas.ldif
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authc/ldap/support/seven-seas.ldif
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/pki/role_mapping.yml b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authc/pki/role_mapping.yml
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/pki/role_mapping.yml
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authc/pki/role_mapping.yml
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/support/role_mapping.yml b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authc/support/role_mapping.yml
similarity index 94%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/support/role_mapping.yml
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authc/support/role_mapping.yml
index 04db9c5a41d..51807aadab6 100644
--- a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/support/role_mapping.yml
+++ b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authc/support/role_mapping.yml
@@ -1,4 +1,4 @@
-shield:
+security:
   - "cn=avengers,ou=marvel,o=superheros"
   - "cn=shield,ou=marvel,o=superheros"
 avenger:
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authz/store/default_roles.yml b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authz/store/default_roles.yml
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authz/store/default_roles.yml
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authz/store/default_roles.yml
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authz/store/invalid_roles.yml b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authz/store/invalid_roles.yml
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authz/store/invalid_roles.yml
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authz/store/invalid_roles.yml
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authz/store/reserved_roles.yml b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authz/store/reserved_roles.yml
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authz/store/reserved_roles.yml
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authz/store/reserved_roles.yml
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authz/store/roles.yml b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authz/store/roles.yml
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authz/store/roles.yml
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/authz/store/roles.yml
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/plugin/roles.yml b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/plugin/roles.yml
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/plugin/roles.yml
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/plugin/roles.yml
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/plugin/users b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/plugin/users
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/plugin/users
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/plugin/users
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/plugin/users_roles b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/plugin/users_roles
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/plugin/users_roles
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/plugin/users_roles
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/README.asciidoc b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/README.asciidoc
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/README.asciidoc
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/README.asciidoc
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/active-directory-ca.crt b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/active-directory-ca.crt
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/active-directory-ca.crt
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/active-directory-ca.crt
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/openldap.crt b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/openldap.crt
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/openldap.crt
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/openldap.crt
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/openldap.der b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/openldap.der
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/openldap.der
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/openldap.der
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/openssl_config.cnf b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/openssl_config.cnf
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/openssl_config.cnf
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/openssl_config.cnf
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.crt b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient-client-profile.crt
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.crt
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient-client-profile.crt
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient-client-profile.jks
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient-client-profile.jks
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.p12 b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient-client-profile.p12
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.p12
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient-client-profile.p12
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.pem b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient-client-profile.pem
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.pem
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient-client-profile.pem
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.crt b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.crt
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.crt
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.crt
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.jks b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.jks
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.jks
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.jks
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.p12 b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.p12
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.p12
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.p12
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.pem b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.pem
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.pem
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.pem
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-client-profile.crt b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-client-profile.crt
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-client-profile.crt
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-client-profile.crt
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-client-profile.jks b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-client-profile.jks
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-client-profile.jks
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-client-profile.jks
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-client-profile.p12 b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-client-profile.p12
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-client-profile.p12
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-client-profile.p12
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-client-profile.pem b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-client-profile.pem
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-client-profile.pem
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-client-profile.pem
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-different-passwords.jks b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-different-passwords.jks
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-different-passwords.jks
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-different-passwords.jks
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-ip-only.crt b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-ip-only.crt
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-ip-only.crt
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-ip-only.crt
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-ip-only.jks b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-ip-only.jks
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-ip-only.jks
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-ip-only.jks
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-no-subjaltname.cert b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-no-subjaltname.cert
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-no-subjaltname.cert
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-no-subjaltname.cert
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-no-subjaltname.jks b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-no-subjaltname.jks
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-no-subjaltname.jks
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-no-subjaltname.jks
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.crt b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.crt
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.p12 b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.p12
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.p12
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.p12
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.pem b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.pem
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.pem
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.pem
diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/truststore-testnode-only.jks b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/truststore-testnode-only.jks
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/truststore-testnode-only.jks
rename to elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/truststore-testnode-only.jks
diff --git a/elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/api/xpack.security.authenticate.json b/elasticsearch/x-pack/security/src/test/resources/rest-api-spec/api/xpack.security.authenticate.json
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/api/xpack.security.authenticate.json
rename to elasticsearch/x-pack/security/src/test/resources/rest-api-spec/api/xpack.security.authenticate.json
diff --git a/elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/api/xpack.security.change_password.json b/elasticsearch/x-pack/security/src/test/resources/rest-api-spec/api/xpack.security.change_password.json
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/api/xpack.security.change_password.json
rename to elasticsearch/x-pack/security/src/test/resources/rest-api-spec/api/xpack.security.change_password.json
diff --git a/elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/api/xpack.security.clear_cached_realms.json b/elasticsearch/x-pack/security/src/test/resources/rest-api-spec/api/xpack.security.clear_cached_realms.json
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/api/xpack.security.clear_cached_realms.json
rename to elasticsearch/x-pack/security/src/test/resources/rest-api-spec/api/xpack.security.clear_cached_realms.json
diff --git a/elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/api/xpack.security.clear_cached_roles.json b/elasticsearch/x-pack/security/src/test/resources/rest-api-spec/api/xpack.security.clear_cached_roles.json
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/api/xpack.security.clear_cached_roles.json
rename to elasticsearch/x-pack/security/src/test/resources/rest-api-spec/api/xpack.security.clear_cached_roles.json
diff --git a/elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/api/xpack.security.delete_role.json b/elasticsearch/x-pack/security/src/test/resources/rest-api-spec/api/xpack.security.delete_role.json
similarity index 88%
rename from elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/api/xpack.security.delete_role.json
rename to elasticsearch/x-pack/security/src/test/resources/rest-api-spec/api/xpack.security.delete_role.json
index afb0ea086b0..63fe1612a73 100644
--- a/elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/api/xpack.security.delete_role.json
+++ b/elasticsearch/x-pack/security/src/test/resources/rest-api-spec/api/xpack.security.delete_role.json
@@ -1,6 +1,6 @@
 {
   "xpack.security.delete_role": {
-    "documentation": "Remove a role from the native shield realm",
+    "documentation": "Remove a role from the native realm",
     "methods": [ "DELETE" ],
     "url": {
       "path": "/_xpack/security/role/{name}",
diff --git a/elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/api/xpack.security.delete_user.json b/elasticsearch/x-pack/security/src/test/resources/rest-api-spec/api/xpack.security.delete_user.json
similarity index 88%
rename from elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/api/xpack.security.delete_user.json
rename to elasticsearch/x-pack/security/src/test/resources/rest-api-spec/api/xpack.security.delete_user.json
index e021ff0a286..144b40d83fa 100644
--- a/elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/api/xpack.security.delete_user.json
+++ b/elasticsearch/x-pack/security/src/test/resources/rest-api-spec/api/xpack.security.delete_user.json
@@ -1,6 +1,6 @@
 {
   "xpack.security.delete_user": {
-    "documentation": "Remove a user from the native shield realm",
+    "documentation": "Remove a user from the native realm",
     "methods": [ "DELETE" ],
     "url": {
       "path": "/_xpack/security/user/{username}",
diff --git a/elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/api/xpack.security.get_role.json b/elasticsearch/x-pack/security/src/test/resources/rest-api-spec/api/xpack.security.get_role.json
similarity index 96%
rename from elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/api/xpack.security.get_role.json
rename to elasticsearch/x-pack/security/src/test/resources/rest-api-spec/api/xpack.security.get_role.json
index 79664dd2609..89b2176fb2a 100644
--- a/elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/api/xpack.security.get_role.json
+++ b/elasticsearch/x-pack/security/src/test/resources/rest-api-spec/api/xpack.security.get_role.json
@@ -1,6 +1,6 @@
 {
   "xpack.security.get_role": {
-    "documentation": "Retrieve one or more roles from the native shield realm",
+    "documentation": "Retrieve one or more roles from the native realm",
     "methods": [ "GET" ],
     "url": {
       "path": "/_xpack/security/role/{name}",
diff --git a/elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/api/xpack.security.get_user.json b/elasticsearch/x-pack/security/src/test/resources/rest-api-spec/api/xpack.security.get_user.json
similarity index 96%
rename from elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/api/xpack.security.get_user.json
rename to elasticsearch/x-pack/security/src/test/resources/rest-api-spec/api/xpack.security.get_user.json
index 90ac12b9fad..98e6bef2784 100644
--- a/elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/api/xpack.security.get_user.json
+++ b/elasticsearch/x-pack/security/src/test/resources/rest-api-spec/api/xpack.security.get_user.json
@@ -1,6 +1,6 @@
 {
   "xpack.security.get_user": {
-    "documentation": "Retrieve one or more users from the native shield realm",
+    "documentation": "Retrieve one or more users from the native realm",
     "methods": [ "GET" ],
     "url": {
       "path": "/_xpack/security/user/{username}",
diff --git a/elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/api/xpack.security.put_role.json b/elasticsearch/x-pack/security/src/test/resources/rest-api-spec/api/xpack.security.put_role.json
similarity index 88%
rename from elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/api/xpack.security.put_role.json
rename to elasticsearch/x-pack/security/src/test/resources/rest-api-spec/api/xpack.security.put_role.json
index f69887c083b..137819f9a46 100644
--- a/elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/api/xpack.security.put_role.json
+++ b/elasticsearch/x-pack/security/src/test/resources/rest-api-spec/api/xpack.security.put_role.json
@@ -1,6 +1,6 @@
 {
   "xpack.security.put_role": {
-    "documentation": "Update or create a role for the native shield realm",
+    "documentation": "Update or create a role for the native realm",
     "methods": [ "PUT", "POST" ],
     "url": {
       "path": "/_xpack/security/role/{name}",
diff --git a/elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/api/xpack.security.put_user.json b/elasticsearch/x-pack/security/src/test/resources/rest-api-spec/api/xpack.security.put_user.json
similarity index 89%
rename from elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/api/xpack.security.put_user.json
rename to elasticsearch/x-pack/security/src/test/resources/rest-api-spec/api/xpack.security.put_user.json
index e79123db9d0..8e0b6a14ad6 100644
--- a/elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/api/xpack.security.put_user.json
+++ b/elasticsearch/x-pack/security/src/test/resources/rest-api-spec/api/xpack.security.put_user.json
@@ -1,6 +1,6 @@
 {
   "xpack.security.put_user": {
-    "documentation": "Update or create a user for the native shield realm",
+    "documentation": "Update or create a user for the native realm",
     "methods": [ "PUT", "POST" ],
     "url": {
       "path": "/_xpack/security/user/{username}",
diff --git a/elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/test/authenticate/10_basic.yaml b/elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/authenticate/10_basic.yaml
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/test/authenticate/10_basic.yaml
rename to elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/authenticate/10_basic.yaml
diff --git a/elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/test/change_password/10_basic.yaml b/elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/change_password/10_basic.yaml
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/test/change_password/10_basic.yaml
rename to elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/change_password/10_basic.yaml
diff --git a/elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/test/roles/10_basic.yaml b/elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/roles/10_basic.yaml
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/test/roles/10_basic.yaml
rename to elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/roles/10_basic.yaml
diff --git a/elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/test/roles/11_idx_arrays.yaml b/elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/roles/11_idx_arrays.yaml
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/test/roles/11_idx_arrays.yaml
rename to elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/roles/11_idx_arrays.yaml
diff --git a/elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/test/roles/20_get_missing.yaml b/elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/roles/20_get_missing.yaml
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/test/roles/20_get_missing.yaml
rename to elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/roles/20_get_missing.yaml
diff --git a/elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/test/users/10_basic.yaml b/elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/users/10_basic.yaml
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/test/users/10_basic.yaml
rename to elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/users/10_basic.yaml
diff --git a/elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/test/users/15_overwrite_user.yaml b/elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/users/15_overwrite_user.yaml
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/test/users/15_overwrite_user.yaml
rename to elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/users/15_overwrite_user.yaml
diff --git a/elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/test/users/16_update_user.yaml b/elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/users/16_update_user.yaml
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/test/users/16_update_user.yaml
rename to elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/users/16_update_user.yaml
diff --git a/elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/test/users/20_get_missing.yaml b/elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/users/20_get_missing.yaml
similarity index 100%
rename from elasticsearch/x-pack/shield/src/test/resources/rest-api-spec/test/users/20_get_missing.yaml
rename to elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/users/20_get_missing.yaml
diff --git a/elasticsearch/x-pack/shield/test-signatures.txt b/elasticsearch/x-pack/security/test-signatures.txt
similarity index 100%
rename from elasticsearch/x-pack/shield/test-signatures.txt
rename to elasticsearch/x-pack/security/test-signatures.txt
diff --git a/elasticsearch/x-pack/shield/dev-tools/esvm/.esvm-shield-config/role_mapping.yml b/elasticsearch/x-pack/shield/dev-tools/esvm/.esvm-shield-config/role_mapping.yml
deleted file mode 100644
index 2dade9023d6..00000000000
--- a/elasticsearch/x-pack/shield/dev-tools/esvm/.esvm-shield-config/role_mapping.yml
+++ /dev/null
@@ -1,3 +0,0 @@
-admin:
-   - "CN=SHIELD,CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com"
-   - "cn=SHIELD,ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com"
diff --git a/elasticsearch/x-pack/shield/dev-tools/esvm/.esvm-shield-config/roles.yml b/elasticsearch/x-pack/shield/dev-tools/esvm/.esvm-shield-config/roles.yml
deleted file mode 100644
index ba085a30932..00000000000
--- a/elasticsearch/x-pack/shield/dev-tools/esvm/.esvm-shield-config/roles.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-admin:
-  cluster: all
-  indices:
-    '*': all
-
-power_user:
-  cluster: monitor
-  indices:
-    '*': all
-
-user:
-  indices:
-    '*': read
diff --git a/elasticsearch/x-pack/shield/dev-tools/esvm/.esvm-shield-config/system_key b/elasticsearch/x-pack/shield/dev-tools/esvm/.esvm-shield-config/system_key
deleted file mode 100644
index e606d9e8c8a..00000000000
--- a/elasticsearch/x-pack/shield/dev-tools/esvm/.esvm-shield-config/system_key
+++ /dev/null
@@ -1 +0,0 @@
-*43QåÆ]Ûùð/÷ô�
>eû.²¾g^lçH¶ûgu«•±Ê ’O/Gaoƒ˜	Ⱥâ•rr³
ø´èk_ËÐ2û*¹–©m•?>Æд,”]‡�ÆUž’¤å¦p¶I婳ò¼£¸sOYwu†¹äŸK’•¨°‘+_¹0
\ No newline at end of file
diff --git a/elasticsearch/x-pack/shield/dev-tools/esvm/.esvm-shield-config/users b/elasticsearch/x-pack/shield/dev-tools/esvm/.esvm-shield-config/users
deleted file mode 100644
index 785313aa101..00000000000
--- a/elasticsearch/x-pack/shield/dev-tools/esvm/.esvm-shield-config/users
+++ /dev/null
@@ -1,5 +0,0 @@
-admin-bcrypt:$2a$10$5uCJHPn3p0ZPQp6rIIgcDO0VZ3urZZmA.egHiy/WknxIkAyZXPGpy
-admin-plain:{plain}changeme
-admin-sha:{SHA}+pvrmeQCmtWmYVOZ57uuITVghrM=
-admin-apr:$apr1$fCQ4kkwA$ETvNx37ooOcdau5a61S/s.
-admin-sha2:$5$mw0LEbLr$s57Rbo0wfH8Z690Dc0..VgC1qn/a5h73bbpt8kql8B4
diff --git a/elasticsearch/x-pack/shield/dev-tools/esvm/.esvm-shield-config/users_roles b/elasticsearch/x-pack/shield/dev-tools/esvm/.esvm-shield-config/users_roles
deleted file mode 100644
index cf9ed6a2f86..00000000000
--- a/elasticsearch/x-pack/shield/dev-tools/esvm/.esvm-shield-config/users_roles
+++ /dev/null
@@ -1 +0,0 @@
-admin:admin-bcrypt,admin-sha,admin-plain,admin-apr,admin-sha2
diff --git a/elasticsearch/x-pack/shield/dev-tools/esvm/.esvmrc b/elasticsearch/x-pack/shield/dev-tools/esvm/.esvmrc
deleted file mode 100644
index cdead6d9d28..00000000000
--- a/elasticsearch/x-pack/shield/dev-tools/esvm/.esvmrc
+++ /dev/null
@@ -1,88 +0,0 @@
-{
-  "defaults": {
-    "plugins": [
-      "lmenezes/elasticsearch-kopf",
-      "elasticsearch/license/latest",
-      "elasticsearch/marvel/latest",
-      { "name": "shield", "path" : "file:../../target/releases/elasticsearch-shield-1.0.0-SNAPSHOT.zip" }
-    ],
-    "config" : {
-      "cluster.name": "shield",
-      "indices.store.throttle.max_bytes_per_sec": "100mb",
-      "discovery": {
-        "type": "zen",
-        "zen.ping" : {
-          "unicast.hosts": [ "127.0.0.1:9300", "127.0.0.1:9301" ]
-        }
-      },
-      "network": {
-        "bind_host": "127.0.0.1",
-        "publish_host": "127.0.0.1"
-      },
-      "xpack.monitoring.agent.exporters.es.hosts": [ "https://admin-plain:changeme@127.0.0.1:9200"],
-      "xpack.monitoring.agent.exporters.es.ssl.truststore.path": "../../src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks",
-      "xpack.monitoring.agent.exporters.es.ssl.truststore.password": "testnode",
-      "http.cors": {
-        "enabled": true,
-        "allow-origin": "/http:\/\/www.elasticsearch.(org|com)/"
-      },
-      "shield": {
-        "enabled": true,
-        "system_key.file": ".esvm-shield-config/system_key",
-        "audit.enabled": true,
-        "transport.ssl": true,
-        "http.ssl": true,
-        "ssl.hostname_verification": true,
-        "ssl.keystore": {
-          "path": "../../src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks",
-          "password": "testnode"
-        },
-        "authc.realms" : {
-          "esusers": {
-            "type" : "esusers",
-            "order" : 0,
-            "files" : {
-              "users" : ".esvm-shield-config/users",
-              "users_roles" : ".esvm-shield-config/users_roles"
-            }
-          }
-        },
-        "authz.store.files.roles" : ".esvm-shield-config/roles.yml"
-      }
-    }
-  },
-  "clusters": {
-    "shield": {
-      "version": "1.4"
-    },
-    "oldap": {
-      "version": "1.4",
-      "config": {
-        "shield.authc.realms.oldap": {
-          "type": "ldap",
-          "order": 1,
-          "url": "ldaps://54.200.235.244:636",
-          "user_dn_templates": ["uid={0},ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com"],
-          "group_search.base_dn": "ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com",
-          "unmapped_groups_as_roles": false,
-          "hostname_verification": false,
-          "files.role_mapping": ".esvm-shield-config/role_mapping.yml"
-        }
-      }
-    },
-    "ad": {
-      "version": "1.4",
-      "config": {
-        "shield.authc.realms.ad": {
-          "type": "active_directory",
-          "order": 1,
-          "domain_name": "ad.test.elasticsearch.com",
-          "url": "ldaps://ad.test.elasticsearch.com:636",
-          "unmapped_groups_as_roles": false,
-          "hostname_verification": false,
-          "files.role_mapping": ".esvm-shield-config/role_mapping.yml"
-        }
-      }
-    }
-  }
-}
diff --git a/elasticsearch/x-pack/shield/dev-tools/esvm/readme.txt b/elasticsearch/x-pack/shield/dev-tools/esvm/readme.txt
deleted file mode 100644
index 12f95891899..00000000000
--- a/elasticsearch/x-pack/shield/dev-tools/esvm/readme.txt
+++ /dev/null
@@ -1,26 +0,0 @@
-Running ESVM with Shield
-
-Upgrade/Install:
-npm install esvm -g
-
-Running:
-1) cd to elasticsearch-shield/dev-tools/esvm
-2) run esvm
-a) For native users
-esvm
-b) For openldap users
-esvm oldap
-c) For active directory users
-esvm ad
-
-Users and roles are stored in .esvm-shield-config
-
-Troubleshooting:
-- elasticsearch is installed under ~/.esvm/<version>
-- turn on debug in ~/.esvm/1.4.1/config/logging.yml
-- esvm --fresh will reinstall ES
-- plugins will not re-install, you can remove them manually by ~/.esvm/1.4.1/bin/elasticsearch-plugin remove shield
-- errors during startup will not show up.  If esvm fails startup look in ~/.esvm/1.4.1/logs/*
-
-
-
diff --git a/elasticsearch/x-pack/shield/dev-tools/randomization.yml b/elasticsearch/x-pack/shield/dev-tools/randomization.yml
deleted file mode 100644
index 92ae2edf766..00000000000
--- a/elasticsearch/x-pack/shield/dev-tools/randomization.yml
+++ /dev/null
@@ -1,22 +0,0 @@
-randomization:
-  elasticsearch:
-    es150:
-      version: 1.5.0
-      branch: tags/v1.5.0
-      lucene.version: 4.10.4
-    es151:
-      version: 1.5.1
-      branch: tags/v1.5.1
-      lucene.version: 4.10.4
-    es152:
-      version: 1.5.2
-      branch: tags/v1.5.2
-      lucene.version: 4.10.4
-    es153:
-      version: 1.5.3-SNAPSHOT
-      branch: origin/1.5
-      lucene.version: 4.10.4
-    es160:
-      version: 1.6.0-SNAPSHOT
-      branch: origin/1.x
-      lucene.version: 4.10.4
diff --git a/elasticsearch/x-pack/shield/src/test/resources/logstash-shield.conf b/elasticsearch/x-pack/shield/src/test/resources/logstash-shield.conf
deleted file mode 100644
index ef241289adb..00000000000
--- a/elasticsearch/x-pack/shield/src/test/resources/logstash-shield.conf
+++ /dev/null
@@ -1,82 +0,0 @@
-##############
-## Logstash configuration for shield load testing
-##
-## This configuration makes performance testing against SHIELD a lot easier
-## The generator input creates 1000000 very small documents
-## The elasticsearch outputs (you should choose only one!) then can be configured to use
-## one of the configured setups (shield enabled/disabled, ssl enabled/disabled, HTTP or transport)
-## to find out, what kind of overhead the plugin has
-##
-## Note: Please make sure you are using a logstash instance, that supports shield (as of 10-2014, this resided in its own branch)
-##
-#############
-## Running the tests
-## 1. Start an elasticsearch cluster using esvm (this one only starts one node): esvm shield -n 1
-## 2. Start logstash against it: ../logstash-output-es-shield/build/tarball/logstash-1.4.2/bin/logstash -p ~/.esvm/1.4.0.Beta1/plugins/ agent -f src/test/resources/logstash-shield.conf
-#############
-
-input {
-  generator {
-    count => 1000000
-  }
-}
-
-output {
-
-  ##########
-  ## HTTP
-  ##########
-
-  # Use this when shield is disabled
-#  elasticsearch {
-#    protocol => 'http'
-#  }
-
-  # Shield enabled, SSL disabled
-  elasticsearch {
-    protocol => 'http'
-    # can be one of admin-plain, admin-bcrypt, admin-sha, admin-apr, admin-sha2
-    user => 'admin-plain'
-    password => 'changeme'
-  }
-
-  # Shield enabled, SSL enabled
-#  elasticsearch {
-#    protocol => 'http'
-#    user => 'admin'
-#    password => 'changeme'
-#    ssl => 'true'
-#    ssl_verify => false
-#  }
-
-
-
-  ##########
-  ## Transport Client
-  ##########
-
-  # Use this when shield is disabled
-#  elasticsearch {
-#    protocol => 'transport'
-#  }
-
-  # Shield enabled, SSL disabled
-#  elasticsearch {
-#    protocol => 'transport'
-#    user => 'admin'
-#    password => 'changeme'
-#  }
-
-  # Shield enabled, SSL enabled
-#  elasticsearch {
-#    protocol => 'transport'
-#    user => 'admin'
-#    password => 'changeme'
-#    ssl => 'true'
-#    keystore => 'src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.jks'
-#    keystore_password => 'testclient'
-#    truststore => 'src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.jks'
-#    truststore_password => 'testclient'
-#  }
-}
-
diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackClient.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackClient.java
index 2625b0b4291..4f54624f516 100644
--- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackClient.java
+++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackClient.java
@@ -9,8 +9,8 @@ import org.elasticsearch.action.ActionListener;
 import org.elasticsearch.client.Client;
 import org.elasticsearch.license.plugin.LicensingClient;
 import org.elasticsearch.marvel.client.MonitoringClient;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.client.SecurityClient;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.client.SecurityClient;
 import org.elasticsearch.xpack.watcher.client.WatcherClient;
 import org.elasticsearch.xpack.action.XPackInfoAction;
 import org.elasticsearch.xpack.action.XPackInfoRequest;
@@ -20,8 +20,8 @@ import org.elasticsearch.xpack.action.XPackInfoResponse;
 import java.util.Collections;
 import java.util.Map;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 
 /**
  *
diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackPlugin.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackPlugin.java
index 3c8909fb110..968df5ddd7c 100644
--- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackPlugin.java
+++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackPlugin.java
@@ -26,8 +26,8 @@ import org.elasticsearch.plugins.Plugin;
 import org.elasticsearch.plugins.ScriptPlugin;
 import org.elasticsearch.script.ScriptContext;
 import org.elasticsearch.script.ScriptModule;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.authc.AuthenticationModule;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.authc.AuthenticationModule;
 import org.elasticsearch.threadpool.ExecutorBuilder;
 import org.elasticsearch.xpack.action.TransportXPackInfoAction;
 import org.elasticsearch.xpack.action.TransportXPackUsageAction;
@@ -84,7 +84,7 @@ public class XPackPlugin extends Plugin implements ScriptPlugin {
                     return null;
                 }
             });
-            // TODO: fix gradle to add all shield resources (plugin metadata) to test classpath
+            // TODO: fix gradle to add all security resources (plugin metadata) to test classpath
             // of watcher plugin, which depends on it directly. This prevents these plugins
             // from being initialized correctly by the test framework, and means we have to
             // have this leniency.
diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/ScriptServiceProxy.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/ScriptServiceProxy.java
index d8aaa66e818..acd4b8939d7 100644
--- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/ScriptServiceProxy.java
+++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/ScriptServiceProxy.java
@@ -11,8 +11,8 @@ import org.elasticsearch.script.CompiledScript;
 import org.elasticsearch.script.ExecutableScript;
 import org.elasticsearch.script.ScriptContext;
 import org.elasticsearch.script.ScriptService;
-import org.elasticsearch.shield.SecurityContext;
-import org.elasticsearch.shield.user.XPackUser;
+import org.elasticsearch.xpack.security.SecurityContext;
+import org.elasticsearch.xpack.security.user.XPackUser;
 import org.elasticsearch.xpack.watcher.support.Script;
 
 import java.util.Map;
diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/http/HttpClient.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/http/HttpClient.java
index 3c92ec6c7f3..7ea26a7ba57 100644
--- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/http/HttpClient.java
+++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/http/HttpClient.java
@@ -50,24 +50,24 @@ public class HttpClient extends AbstractLifecycleComponent<HttpClient> {
 
     static final String SETTINGS_SSL_PREFIX = "xpack.http.ssl.";
     static final String SETTINGS_PROXY_PREFIX = "xpack.http.proxy.";
-    static final String SETTINGS_SSL_SHIELD_PREFIX = "xpack.security.ssl.";
+    static final String SETTINGS_SSL_SECURITY_PREFIX = "xpack.security.ssl.";
 
     public static final String SETTINGS_SSL_PROTOCOL = SETTINGS_SSL_PREFIX + "protocol";
-    static final String SETTINGS_SSL_SHIELD_PROTOCOL = SETTINGS_SSL_SHIELD_PREFIX + "protocol";
+    static final String SETTINGS_SSL_SECURITY_PROTOCOL = SETTINGS_SSL_SECURITY_PREFIX + "protocol";
     public static final String SETTINGS_SSL_KEYSTORE = SETTINGS_SSL_PREFIX + "keystore.path";
-    static final String SETTINGS_SSL_SHIELD_KEYSTORE = SETTINGS_SSL_SHIELD_PREFIX + "keystore.path";
+    static final String SETTINGS_SSL_SECURITY_KEYSTORE = SETTINGS_SSL_SECURITY_PREFIX + "keystore.path";
     public static final String SETTINGS_SSL_KEYSTORE_PASSWORD = SETTINGS_SSL_PREFIX + "keystore.password";
-    static final String SETTINGS_SSL_SHIELD_KEYSTORE_PASSWORD = SETTINGS_SSL_SHIELD_PREFIX + "keystore.password";
+    static final String SETTINGS_SSL_SECURITY_KEYSTORE_PASSWORD = SETTINGS_SSL_SECURITY_PREFIX + "keystore.password";
     public static final String SETTINGS_SSL_KEYSTORE_KEY_PASSWORD = SETTINGS_SSL_PREFIX + "keystore.key_password";
-    static final String SETTINGS_SSL_SHIELD_KEYSTORE_KEY_PASSWORD = SETTINGS_SSL_SHIELD_PREFIX + "keystore.key_password";
+    static final String SETTINGS_SSL_SECURITY_KEYSTORE_KEY_PASSWORD = SETTINGS_SSL_SECURITY_PREFIX + "keystore.key_password";
     public static final String SETTINGS_SSL_KEYSTORE_ALGORITHM = SETTINGS_SSL_PREFIX + "keystore.algorithm";
-    static final String SETTINGS_SSL_SHIELD_KEYSTORE_ALGORITHM = SETTINGS_SSL_SHIELD_PREFIX + "keystore.algorithm";
+    static final String SETTINGS_SSL_SECURITY_KEYSTORE_ALGORITHM = SETTINGS_SSL_SECURITY_PREFIX + "keystore.algorithm";
     public static final String SETTINGS_SSL_TRUSTSTORE = SETTINGS_SSL_PREFIX + "truststore.path";
-    static final String SETTINGS_SSL_SHIELD_TRUSTSTORE = SETTINGS_SSL_SHIELD_PREFIX + "truststore.path";
+    static final String SETTINGS_SSL_SECURITY_TRUSTSTORE = SETTINGS_SSL_SECURITY_PREFIX + "truststore.path";
     public static final String SETTINGS_SSL_TRUSTSTORE_PASSWORD = SETTINGS_SSL_PREFIX + "truststore.password";
-    static final String SETTINGS_SSL_SHIELD_TRUSTSTORE_PASSWORD = SETTINGS_SSL_SHIELD_PREFIX + "truststore.password";
+    static final String SETTINGS_SSL_SECURITY_TRUSTSTORE_PASSWORD = SETTINGS_SSL_SECURITY_PREFIX + "truststore.password";
     public static final String SETTINGS_SSL_TRUSTSTORE_ALGORITHM = SETTINGS_SSL_PREFIX + "truststore.algorithm";
-    static final String SETTINGS_SSL_SHIELD_TRUSTSTORE_ALGORITHM = SETTINGS_SSL_SHIELD_PREFIX + "truststore.algorithm";
+    static final String SETTINGS_SSL_SECURITY_TRUSTSTORE_ALGORITHM = SETTINGS_SSL_SECURITY_PREFIX + "truststore.algorithm";
     public static final String SETTINGS_PROXY_HOST = SETTINGS_PROXY_PREFIX + "host";
     public static final String SETTINGS_PROXY_PORT = SETTINGS_PROXY_PREFIX + "post";
 
@@ -102,7 +102,7 @@ public class HttpClient extends AbstractLifecycleComponent<HttpClient> {
         }
 
         if (!settings.getByPrefix(SETTINGS_SSL_PREFIX).getAsMap().isEmpty() ||
-                !settings.getByPrefix(SETTINGS_SSL_SHIELD_PREFIX).getAsMap().isEmpty()) {
+                !settings.getByPrefix(SETTINGS_SSL_SECURITY_PREFIX).getAsMap().isEmpty()) {
             sslSocketFactory = createSSLSocketFactory(settings);
         } else {
             logger.trace("no ssl context configured");
@@ -228,21 +228,21 @@ public class HttpClient extends AbstractLifecycleComponent<HttpClient> {
     /** SSL Initialization **/
     private SSLSocketFactory createSSLSocketFactory(Settings settings) {
         try {
-            String sslContextProtocol = settings.get(SETTINGS_SSL_PROTOCOL, settings.get(SETTINGS_SSL_SHIELD_PROTOCOL, "TLS"));
-            String keyStore = settings.get(SETTINGS_SSL_KEYSTORE, settings.get(SETTINGS_SSL_SHIELD_KEYSTORE,
+            String sslContextProtocol = settings.get(SETTINGS_SSL_PROTOCOL, settings.get(SETTINGS_SSL_SECURITY_PROTOCOL, "TLS"));
+            String keyStore = settings.get(SETTINGS_SSL_KEYSTORE, settings.get(SETTINGS_SSL_SECURITY_KEYSTORE,
                     System.getProperty("javax.net.ssl.keyStore")));
-            String keyStorePassword = settings.get(SETTINGS_SSL_KEYSTORE_PASSWORD, settings.get(SETTINGS_SSL_SHIELD_KEYSTORE_PASSWORD,
+            String keyStorePassword = settings.get(SETTINGS_SSL_KEYSTORE_PASSWORD, settings.get(SETTINGS_SSL_SECURITY_KEYSTORE_PASSWORD,
                     System.getProperty("javax.net.ssl.keyStorePassword")));
-            String keyPassword = settings.get(SETTINGS_SSL_KEYSTORE_KEY_PASSWORD, settings.get(SETTINGS_SSL_SHIELD_KEYSTORE_KEY_PASSWORD,
+            String keyPassword = settings.get(SETTINGS_SSL_KEYSTORE_KEY_PASSWORD, settings.get(SETTINGS_SSL_SECURITY_KEYSTORE_KEY_PASSWORD,
                     keyStorePassword));
-            String keyStoreAlgorithm = settings.get(SETTINGS_SSL_KEYSTORE_ALGORITHM, settings.get(SETTINGS_SSL_SHIELD_KEYSTORE_ALGORITHM,
+            String keyStoreAlgorithm = settings.get(SETTINGS_SSL_KEYSTORE_ALGORITHM, settings.get(SETTINGS_SSL_SECURITY_KEYSTORE_ALGORITHM,
                     System.getProperty("ssl.KeyManagerFactory.algorithm", KeyManagerFactory.getDefaultAlgorithm())));
-            String trustStore = settings.get(SETTINGS_SSL_TRUSTSTORE, settings.get(SETTINGS_SSL_SHIELD_TRUSTSTORE,
+            String trustStore = settings.get(SETTINGS_SSL_TRUSTSTORE, settings.get(SETTINGS_SSL_SECURITY_TRUSTSTORE,
                     System.getProperty("javax.net.ssl.trustStore")));
-            String trustStorePassword = settings.get(SETTINGS_SSL_TRUSTSTORE_PASSWORD, settings.get(SETTINGS_SSL_SHIELD_TRUSTSTORE_PASSWORD,
-                    System.getProperty("javax.net.ssl.trustStorePassword")));
+            String trustStorePassword = settings.get(SETTINGS_SSL_TRUSTSTORE_PASSWORD,
+                    settings.get(SETTINGS_SSL_SECURITY_TRUSTSTORE_PASSWORD, System.getProperty("javax.net.ssl.trustStorePassword")));
             String trustStoreAlgorithm = settings.get(SETTINGS_SSL_TRUSTSTORE_ALGORITHM,
-                    settings.get(SETTINGS_SSL_SHIELD_TRUSTSTORE_ALGORITHM,
+                    settings.get(SETTINGS_SSL_SECURITY_TRUSTSTORE_ALGORITHM,
                             System.getProperty("ssl.TrustManagerFactory.algorithm", TrustManagerFactory.getDefaultAlgorithm())));
 
             if (keyStore != null) {
diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/init/proxy/ClientProxy.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/init/proxy/ClientProxy.java
index 8d722a552c9..012ebb86a6b 100644
--- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/init/proxy/ClientProxy.java
+++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/init/proxy/ClientProxy.java
@@ -12,7 +12,7 @@ import org.elasticsearch.action.bulk.BulkResponse;
 import org.elasticsearch.client.AdminClient;
 import org.elasticsearch.client.Client;
 import org.elasticsearch.common.inject.Injector;
-import org.elasticsearch.shield.InternalClient;
+import org.elasticsearch.xpack.security.InternalClient;
 import org.elasticsearch.transport.TransportMessage;
 import org.elasticsearch.xpack.common.init.LazyInitializable;
 
diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/secret/SecretModule.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/secret/SecretModule.java
index 763a6935ade..8723ec4186e 100644
--- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/secret/SecretModule.java
+++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/secret/SecretModule.java
@@ -7,7 +7,7 @@ package org.elasticsearch.xpack.common.secret;
 
 import org.elasticsearch.common.inject.AbstractModule;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.Security;
+import org.elasticsearch.xpack.security.Security;
 
 /**
  *
diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/secret/SecretService.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/secret/SecretService.java
index 1c2439008b7..a385030c3fb 100644
--- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/secret/SecretService.java
+++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/secret/SecretService.java
@@ -8,7 +8,7 @@ package org.elasticsearch.xpack.common.secret;
 import org.elasticsearch.common.component.AbstractComponent;
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.crypto.CryptoService;
+import org.elasticsearch.xpack.security.crypto.CryptoService;
 
 /**
  *
diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtension.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtension.java
index f1bf62a0b78..aa360f962c1 100644
--- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtension.java
+++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtension.java
@@ -5,7 +5,7 @@
  */
 package org.elasticsearch.xpack.extensions;
 
-import org.elasticsearch.shield.authc.AuthenticationModule;
+import org.elasticsearch.xpack.security.authc.AuthenticationModule;
 
 
 /**
diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionsService.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionsService.java
index e682343838c..922b86e47de 100644
--- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionsService.java
+++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionsService.java
@@ -12,7 +12,7 @@ import org.elasticsearch.common.io.FileSystemUtils;
 import org.elasticsearch.common.logging.ESLogger;
 import org.elasticsearch.common.logging.Loggers;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authc.AuthenticationModule;
+import org.elasticsearch.xpack.security.authc.AuthenticationModule;
 
 import java.io.IOException;
 import java.net.URL;
diff --git a/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/action/TransportXPackInfoActionTests.java b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/action/TransportXPackInfoActionTests.java
index 39582f72159..77318043924 100644
--- a/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/action/TransportXPackInfoActionTests.java
+++ b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/action/TransportXPackInfoActionTests.java
@@ -11,7 +11,7 @@ import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.license.core.License;
 import org.elasticsearch.license.plugin.core.LicensesService;
-import org.elasticsearch.shield.user.AnonymousUser;
+import org.elasticsearch.xpack.security.user.AnonymousUser;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.TransportService;
diff --git a/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/common/http/HttpClientTests.java b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/common/http/HttpClientTests.java
index 521647e2bb6..f9e44e27573 100644
--- a/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/common/http/HttpClientTests.java
+++ b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/common/http/HttpClientTests.java
@@ -159,7 +159,7 @@ public class HttpClientTests extends ESTestCase {
     }
 
     public void testHttps() throws Exception {
-        Path resource = getDataPath("/org/elasticsearch/shield/keystore/truststore-testnode-only.jks");
+        Path resource = getDataPath("/org/elasticsearch/xpack/security/keystore/truststore-testnode-only.jks");
 
         Settings settings;
         if (randomBoolean()) {
@@ -169,15 +169,15 @@ public class HttpClientTests extends ESTestCase {
                     .build();
         } else {
             settings = Settings.builder()
-                    .put(HttpClient.SETTINGS_SSL_SHIELD_TRUSTSTORE, resource.toString())
-                    .put(HttpClient.SETTINGS_SSL_SHIELD_TRUSTSTORE_PASSWORD, "truststore-testnode-only")
+                    .put(HttpClient.SETTINGS_SSL_SECURITY_TRUSTSTORE, resource.toString())
+                    .put(HttpClient.SETTINGS_SSL_SECURITY_TRUSTSTORE_PASSWORD, "truststore-testnode-only")
                     .build();
         }
         HttpClient httpClient = new HttpClient(settings, authRegistry, environment).start();
 
         // We can't use the client created above for the server since it is only a truststore
         webServer.useHttps(new HttpClient(Settings.builder()
-                .put(HttpClient.SETTINGS_SSL_KEYSTORE, getDataPath("/org/elasticsearch/shield/keystore/testnode.jks"))
+                .put(HttpClient.SETTINGS_SSL_KEYSTORE, getDataPath("/org/elasticsearch/xpack/security/keystore/testnode.jks"))
                 .put(HttpClient.SETTINGS_SSL_KEYSTORE_PASSWORD, "testnode")
                 .build(), authRegistry, environment)
                 .start()
@@ -197,7 +197,7 @@ public class HttpClientTests extends ESTestCase {
     }
 
     public void testHttpsClientAuth() throws Exception {
-        Path resource = getDataPath("/org/elasticsearch/shield/keystore/testnode.jks");
+        Path resource = getDataPath("/org/elasticsearch/xpack/security/keystore/testnode.jks");
         Settings settings;
         if (randomBoolean()) {
             settings = Settings.builder()
@@ -206,8 +206,8 @@ public class HttpClientTests extends ESTestCase {
                     .build();
         } else {
             settings = Settings.builder()
-                    .put(HttpClient.SETTINGS_SSL_SHIELD_KEYSTORE, resource.toString())
-                    .put(HttpClient.SETTINGS_SSL_SHIELD_KEYSTORE_PASSWORD, "testnode")
+                    .put(HttpClient.SETTINGS_SSL_SECURITY_KEYSTORE, resource.toString())
+                    .put(HttpClient.SETTINGS_SSL_SECURITY_KEYSTORE_PASSWORD, "testnode")
                     .build();
         }
 
@@ -229,7 +229,7 @@ public class HttpClientTests extends ESTestCase {
 
     public void testHttpClientReadKeyWithDifferentPassword() throws Exception {
         // This truststore doesn't have a cert with a valid SAN so hostname verification will fail if used
-        Path resource = getDataPath("/org/elasticsearch/shield/keystore/testnode-different-passwords.jks");
+        Path resource = getDataPath("/org/elasticsearch/xpack/security/keystore/testnode-different-passwords.jks");
 
         Settings settings;
         final boolean watcherSettings = randomBoolean();
@@ -241,9 +241,9 @@ public class HttpClientTests extends ESTestCase {
                     .build();
         } else {
             settings = Settings.builder()
-                    .put(HttpClient.SETTINGS_SSL_SHIELD_KEYSTORE, resource.toString())
-                    .put(HttpClient.SETTINGS_SSL_SHIELD_KEYSTORE_PASSWORD, "testnode")
-                    .put(HttpClient.SETTINGS_SSL_SHIELD_KEYSTORE_KEY_PASSWORD, "testnode1")
+                    .put(HttpClient.SETTINGS_SSL_SECURITY_KEYSTORE, resource.toString())
+                    .put(HttpClient.SETTINGS_SSL_SECURITY_KEYSTORE_PASSWORD, "testnode")
+                    .put(HttpClient.SETTINGS_SSL_SECURITY_KEYSTORE_KEY_PASSWORD, "testnode1")
                     .build();
         }
 
@@ -254,7 +254,7 @@ public class HttpClientTests extends ESTestCase {
         if (watcherSettings) {
             badSettings.remove(HttpClient.SETTINGS_SSL_KEYSTORE_KEY_PASSWORD);
         } else {
-            badSettings.remove(HttpClient.SETTINGS_SSL_SHIELD_KEYSTORE_KEY_PASSWORD);
+            badSettings.remove(HttpClient.SETTINGS_SSL_SECURITY_KEYSTORE_KEY_PASSWORD);
         }
 
         try {
@@ -307,7 +307,7 @@ public class HttpClientTests extends ESTestCase {
     @Network
     public void testHttpsWithoutTruststoreAndSSLIntegrationActive() throws Exception {
         // Add some settings with  SSL prefix to force socket factory creation
-        String setting = (randomBoolean() ? HttpClient.SETTINGS_SSL_PREFIX : HttpClient.SETTINGS_SSL_SHIELD_PREFIX) +
+        String setting = (randomBoolean() ? HttpClient.SETTINGS_SSL_PREFIX : HttpClient.SETTINGS_SSL_SECURITY_PREFIX) +
                 "foo.bar";
         Settings settings = Settings.builder()
                 .put(setting, randomBoolean())
diff --git a/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/notification/email/EmailSecretsIntegrationTests.java b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/notification/email/EmailSecretsIntegrationTests.java
index ca67ea0c78a..c5ba29a50e1 100644
--- a/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/notification/email/EmailSecretsIntegrationTests.java
+++ b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/notification/email/EmailSecretsIntegrationTests.java
@@ -62,7 +62,7 @@ public class EmailSecretsIntegrationTests extends AbstractWatcherIntegrationTest
             server = EmailServer.localhost("2500-2600", USERNAME, PASSWORD, logger);
         }
         if (encryptSensitiveData == null) {
-            encryptSensitiveData = shieldEnabled() && randomBoolean();
+            encryptSensitiveData = securityEnabled() && randomBoolean();
         }
         return Settings.builder()
                 .put(super.nodeSettings(nodeOrdinal))
@@ -95,7 +95,7 @@ public class EmailSecretsIntegrationTests extends AbstractWatcherIntegrationTest
         Map<String, Object> source = response.getSource();
         Object value = XContentMapValues.extractValue("actions._email.email.password", source);
         assertThat(value, notNullValue());
-        if (shieldEnabled() && encryptSensitiveData) {
+        if (securityEnabled() && encryptSensitiveData) {
             assertThat(value, not(is((Object) PASSWORD)));
             SecretService secretService = getInstanceFromMaster(SecretService.class);
             assertThat(secretService, instanceOf(SecretService.Secure.class));
@@ -103,7 +103,7 @@ public class EmailSecretsIntegrationTests extends AbstractWatcherIntegrationTest
         } else {
             assertThat(value, is((Object) PASSWORD));
             SecretService secretService = getInstanceFromMaster(SecretService.class);
-            if (shieldEnabled()) {
+            if (securityEnabled()) {
                 assertThat(secretService, instanceOf(SecretService.Secure.class));
             } else {
                 assertThat(secretService, instanceOf(SecretService.Insecure.class));
diff --git a/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/test/rest/XPackRestTestCase.java b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/test/rest/XPackRestTestCase.java
index 675834e9245..4e54f239126 100644
--- a/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/test/rest/XPackRestTestCase.java
+++ b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/test/rest/XPackRestTestCase.java
@@ -33,14 +33,14 @@ import org.elasticsearch.common.xcontent.XContentBuilder;
 import org.elasticsearch.common.xcontent.XContentFactory;
 import org.elasticsearch.common.xcontent.XContentParser;
 import org.elasticsearch.license.plugin.TestUtils;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
 import org.elasticsearch.test.rest.ESRestTestCase;
 import org.elasticsearch.test.rest.RestTestCandidate;
 import org.elasticsearch.test.rest.parser.RestTestParseException;
 import org.junit.After;
 import org.junit.Before;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 import static org.hamcrest.Matchers.is;
 
 public abstract class XPackRestTestCase extends ESRestTestCase {
@@ -100,7 +100,7 @@ public abstract class XPackRestTestCase extends ESRestTestCase {
     }
 
     @After
-    public void clearShieldUsersAndRoles() throws Exception {
+    public void clearUsersAndRoles() throws Exception {
         // we cannot delete the .security index from a rest test since we aren't the internal user, lets wipe the data
         // TODO remove this once the built-in SUPERUSER role is added that can delete the index and we use the built in admin user here
         try (CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/support/init/proxy/WatcherClientProxy.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/support/init/proxy/WatcherClientProxy.java
index c772d66ab1d..19a067bdda3 100644
--- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/support/init/proxy/WatcherClientProxy.java
+++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/support/init/proxy/WatcherClientProxy.java
@@ -27,7 +27,7 @@ import org.elasticsearch.client.Client;
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.unit.TimeValue;
-import org.elasticsearch.shield.InternalClient;
+import org.elasticsearch.xpack.security.InternalClient;
 import org.elasticsearch.xpack.common.init.proxy.ClientProxy;
 
 /**
diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/watch/Watch.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/watch/Watch.java
index 9b77e34f4a8..c6a7073e34e 100644
--- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/watch/Watch.java
+++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/watch/Watch.java
@@ -250,9 +250,9 @@ public class Watch implements TriggerEngine.Job, ToXContent {
          * source might contain (e.g. passwords) will be converted to {@link Secret secrets}
          * Such that the returned watch will potentially hide this sensitive data behind a "secret". A secret
          * is an abstraction around sensitive data (text). There can be different implementations of how the
-         * secret holds the data, depending on the wired up {@link SecretService}. When shield is installed, a
+         * secret holds the data, depending on the wired up {@link SecretService}. When security is enabled, a
          * {@link SecretService.Secure} is used, that potentially encrypts the data
-         * using Shield's configured system key.
+         * using the configured system key.
          *
          * This method is only called once - when the user adds a new watch. From that moment on, all representations
          * of the watch in the system will be use secrets for sensitive data.
diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/WatcherF.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/WatcherF.java
index f29f86fd9be..6c7c7fd23c1 100644
--- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/WatcherF.java
+++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/WatcherF.java
@@ -19,7 +19,7 @@ import java.util.concurrent.CountDownLatch;
 
 /**
  * Main class to easily run Watcher from a IDE.
- * It sets all the options to run the Watcher plugin and access it from Sense, but doesn't run with Shield.
+ * It sets all the options to run the Watcher plugin and access it from Sense, but doesn't run with security.
  *
  * In order to run this class set configure the following:
  * 1) Set `-Des.path.home=` to a directory containing an ES config directory
diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/WatcherPluginDisableTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/WatcherPluginDisableTests.java
index 54d266b47fa..03cf546e3cb 100644
--- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/WatcherPluginDisableTests.java
+++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/WatcherPluginDisableTests.java
@@ -15,7 +15,7 @@ import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.http.HttpServerTransport;
 import org.elasticsearch.marvel.Monitoring;
 import org.elasticsearch.plugins.Plugin;
-import org.elasticsearch.shield.Security;
+import org.elasticsearch.xpack.security.Security;
 import org.elasticsearch.test.ESIntegTestCase;
 import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
 import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
@@ -43,7 +43,7 @@ public class WatcherPluginDisableTests extends ESIntegTestCase {
                 .put(super.nodeSettings(nodeOrdinal))
                 .put(XPackPlugin.featureEnabledSetting(Watcher.NAME), false)
 
-                // disable shield because of query cache check and authentication/authorization
+                // disable security because of query cache check and authentication/authorization
                 .put(XPackPlugin.featureEnabledSetting(Security.NAME), false)
                 .put(XPackPlugin.featureEnabledSetting(Monitoring.NAME), false)
 
diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/TimeThrottleIntegrationTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/TimeThrottleIntegrationTests.java
index 8bc312df0e9..bdff9a6f66a 100644
--- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/TimeThrottleIntegrationTests.java
+++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/TimeThrottleIntegrationTests.java
@@ -49,7 +49,7 @@ public class TimeThrottleIntegrationTests extends AbstractWatcherIntegrationTest
     }
 
     @Override
-    protected boolean enableShield() {
+    protected boolean enableSecurity() {
         return false;
     }
 
diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/webhook/WebhookHttpsIntegrationTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/webhook/WebhookHttpsIntegrationTests.java
index 5aed1126be6..983e31f7bd2 100644
--- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/webhook/WebhookHttpsIntegrationTests.java
+++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/webhook/WebhookHttpsIntegrationTests.java
@@ -47,7 +47,7 @@ public class WebhookHttpsIntegrationTests extends AbstractWatcherIntegrationTest
 
     @Override
     protected Settings nodeSettings(int nodeOrdinal) {
-        Path resource = getDataPath("/org/elasticsearch/shield/keystore/testnode.jks");
+        Path resource = getDataPath("/org/elasticsearch/xpack/security/keystore/testnode.jks");
         return Settings.builder()
                 .put(super.nodeSettings(nodeOrdinal))
                 .put(HttpClient.SETTINGS_SSL_KEYSTORE, resource.toString())
diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/condition/compare/CompareConditionSearchTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/condition/compare/CompareConditionSearchTests.java
index e7103ad2308..77b2b420625 100644
--- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/condition/compare/CompareConditionSearchTests.java
+++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/condition/compare/CompareConditionSearchTests.java
@@ -34,7 +34,7 @@ import static org.mockito.Mockito.when;
 public class CompareConditionSearchTests extends AbstractWatcherIntegrationTestCase {
 
     @Override
-    protected boolean enableShield() {
+    protected boolean enableSecurity() {
         return true;
     }
 
diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/execution/ManualExecutionTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/execution/ManualExecutionTests.java
index 0da9dff123c..30f2e8127df 100644
--- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/execution/ManualExecutionTests.java
+++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/execution/ManualExecutionTests.java
@@ -61,7 +61,7 @@ import static org.hamcrest.Matchers.startsWith;
 
 public class ManualExecutionTests extends AbstractWatcherIntegrationTestCase {
     @Override
-    protected boolean enableShield() {
+    protected boolean enableSecurity() {
         return false;
     }
 
diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateEmailMappingsTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateEmailMappingsTests.java
index fd358684e60..b39cdca5695 100644
--- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateEmailMappingsTests.java
+++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateEmailMappingsTests.java
@@ -57,8 +57,8 @@ public class HistoryTemplateEmailMappingsTests extends AbstractWatcherIntegratio
     }
 
     @Override
-    protected boolean enableShield() {
-        return false; // remove shield noise from this test
+    protected boolean enableSecurity() {
+        return false; // remove security noise from this test
     }
 
     @BeforeClass
diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateHttpMappingsTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateHttpMappingsTests.java
index 7edbfeff8ea..82a6f14920b 100644
--- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateHttpMappingsTests.java
+++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateHttpMappingsTests.java
@@ -68,8 +68,8 @@ public class HistoryTemplateHttpMappingsTests extends AbstractWatcherIntegration
     }
 
     @Override
-    protected boolean enableShield() {
-        return false; // remove shield noise from this test
+    protected boolean enableSecurity() {
+        return false; // remove security noise from this test
     }
 
     public void testHttpFields() throws Exception {
diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateIndexActionMappingsTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateIndexActionMappingsTests.java
index 1bb90565419..b54257c759e 100644
--- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateIndexActionMappingsTests.java
+++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateIndexActionMappingsTests.java
@@ -32,8 +32,8 @@ public class HistoryTemplateIndexActionMappingsTests extends AbstractWatcherInte
     }
 
     @Override
-    protected boolean enableShield() {
-        return false; // remove shield noise from this test
+    protected boolean enableSecurity() {
+        return false; // remove security noise from this test
     }
 
     public void testIndexActionFields() throws Exception {
diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateSearchInputMappingsTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateSearchInputMappingsTests.java
index 066750967a3..6267319158f 100644
--- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateSearchInputMappingsTests.java
+++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateSearchInputMappingsTests.java
@@ -38,8 +38,8 @@ public class HistoryTemplateSearchInputMappingsTests extends AbstractWatcherInte
     }
 
     @Override
-    protected boolean enableShield() {
-        return false; // remove shield noise from this test
+    protected boolean enableSecurity() {
+        return false; // remove security noise from this test
     }
 
     public void testHttpFields() throws Exception {
diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateTimeMappingsTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateTimeMappingsTests.java
index f59478281ca..185cec03b8e 100644
--- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateTimeMappingsTests.java
+++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateTimeMappingsTests.java
@@ -36,8 +36,8 @@ public class HistoryTemplateTimeMappingsTests extends AbstractWatcherIntegration
     }
 
     @Override
-    protected boolean enableShield() {
-        return false; // remove shield noise from this test
+    protected boolean enableSecurity() {
+        return false; // remove security noise from this test
     }
 
     public void testTimeFields() throws Exception {
diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateTransformMappingsTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateTransformMappingsTests.java
index 3a2085c8aa4..7c7cab0160d 100644
--- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateTransformMappingsTests.java
+++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateTransformMappingsTests.java
@@ -40,8 +40,8 @@ public class HistoryTemplateTransformMappingsTests extends AbstractWatcherIntegr
     }
 
     @Override
-    protected boolean enableShield() {
-        return false; // remove shield noise from this test
+    protected boolean enableSecurity() {
+        return false; // remove security noise from this test
     }
 
     public void testTransformFields() throws Exception {
diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/input/chain/ChainIntegrationTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/input/chain/ChainIntegrationTests.java
index a760116dd11..748dceb7297 100644
--- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/input/chain/ChainIntegrationTests.java
+++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/input/chain/ChainIntegrationTests.java
@@ -49,7 +49,7 @@ public class ChainIntegrationTests extends AbstractWatcherIntegrationTestCase {
         HttpInput.Builder httpInputBuilder = httpInput(HttpRequestTemplate.builder(address.getHostString(), address.getPort())
                 .path("/" + index  + "/_search")
                 .body(jsonBuilder().startObject().field("size", 1).endObject())
-                .auth(shieldEnabled() ? new BasicAuth("test", "changeme".toCharArray()) : null));
+                .auth(securityEnabled() ? new BasicAuth("test", "changeme".toCharArray()) : null));
 
         ChainInput.Builder chainedInputBuilder = chainInput()
                 .add("first", simpleInput("url", "/" + index  + "/_search"))
diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/input/http/HttpInputIntegrationTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/input/http/HttpInputIntegrationTests.java
index a22d6262be7..2df09208eb3 100644
--- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/input/http/HttpInputIntegrationTests.java
+++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/input/http/HttpInputIntegrationTests.java
@@ -59,7 +59,7 @@ public class HttpInputIntegrationTests extends AbstractWatcherIntegrationTestCas
                         .input(httpInput(HttpRequestTemplate.builder(address.getHostString(), address.getPort())
                                 .path("/index/_search")
                                 .body(jsonBuilder().startObject().field("size", 1).endObject())
-                                .auth(shieldEnabled() ? new BasicAuth("test", "changeme".toCharArray()) : null)))
+                                .auth(securityEnabled() ? new BasicAuth("test", "changeme".toCharArray()) : null)))
                         .condition(compareCondition("ctx.payload.hits.total", CompareCondition.Op.EQ, 1L))
                         .addAction("_id", loggingAction("watch [{{ctx.watch_id}}] matched")))
                 .get();
@@ -78,7 +78,7 @@ public class HttpInputIntegrationTests extends AbstractWatcherIntegrationTestCas
                         .trigger(schedule(interval("1s")))
                         .input(httpInput(HttpRequestTemplate.builder(address.getHostString(), address.getPort())
                                 .path("/_cluster/stats")
-                                .auth(shieldEnabled() ? new BasicAuth("test", "changeme".toCharArray()) : null)))
+                                .auth(securityEnabled() ? new BasicAuth("test", "changeme".toCharArray()) : null)))
                         .condition(compareCondition("ctx.payload.nodes.count.total", CompareCondition.Op.GTE, 1L))
                         .addAction("_id", loggingAction("watch [{{ctx.watch_id}}] matched")))
                 .get();
@@ -106,7 +106,7 @@ public class HttpInputIntegrationTests extends AbstractWatcherIntegrationTestCas
         HttpRequestTemplate.Builder requestBuilder = HttpRequestTemplate.builder(address.getHostString(), address.getPort())
                 .path(TextTemplate.inline("/idx/_search"))
                 .body(body);
-        if (shieldEnabled()) {
+        if (securityEnabled()) {
             requestBuilder.auth(new BasicAuth("test", "changeme".toCharArray()));
         }
 
diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/shield/BasicShieldTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/security/BasicSecurityTests.java
similarity index 95%
rename from elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/shield/BasicShieldTests.java
rename to elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/security/BasicSecurityTests.java
index e12c7565f2c..4976f31da9c 100644
--- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/shield/BasicShieldTests.java
+++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/security/BasicSecurityTests.java
@@ -3,11 +3,11 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.xpack.watcher.shield;
+package org.elasticsearch.xpack.watcher.security;
 
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
 import org.elasticsearch.xpack.watcher.WatcherState;
 import org.elasticsearch.xpack.watcher.test.AbstractWatcherIntegrationTestCase;
 import org.elasticsearch.xpack.watcher.transport.actions.delete.DeleteWatchResponse;
@@ -22,7 +22,7 @@ import org.joda.time.DateTime;
 
 import java.util.Collections;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 import static org.elasticsearch.xpack.watcher.client.WatchSourceBuilders.watchBuilder;
 import static org.elasticsearch.xpack.watcher.trigger.TriggerBuilders.schedule;
 import static org.elasticsearch.xpack.watcher.trigger.schedule.Schedules.interval;
@@ -30,9 +30,9 @@ import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.core.Is.is;
 import static org.joda.time.DateTimeZone.UTC;
 
-public class BasicShieldTests extends AbstractWatcherIntegrationTestCase {
+public class BasicSecurityTests extends AbstractWatcherIntegrationTestCase {
     @Override
-    protected boolean enableShield() {
+    protected boolean enableSecurity() {
         return true;
     }
 
diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/support/DynamicIndexNameIntegrationTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/support/DynamicIndexNameIntegrationTests.java
index abcd33831cc..04cf4b29ad8 100644
--- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/support/DynamicIndexNameIntegrationTests.java
+++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/support/DynamicIndexNameIntegrationTests.java
@@ -38,7 +38,7 @@ public class DynamicIndexNameIntegrationTests extends AbstractWatcherIntegration
     }
 
     @Override
-    protected boolean enableShield() {
+    protected boolean enableSecurity() {
         return false; // reduce noise
     }
 
diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/AbstractWatcherIntegrationTestCase.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/AbstractWatcherIntegrationTestCase.java
index ac9d9a2b749..a848fdd69d8 100644
--- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/AbstractWatcherIntegrationTestCase.java
+++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/AbstractWatcherIntegrationTestCase.java
@@ -27,12 +27,12 @@ import org.elasticsearch.plugins.Plugin;
 import org.elasticsearch.script.MockMustacheScriptEngine;
 import org.elasticsearch.search.SearchHit;
 import org.elasticsearch.search.builder.SearchSourceBuilder;
-import org.elasticsearch.shield.Security;
-import org.elasticsearch.shield.authc.file.FileRealm;
-import org.elasticsearch.shield.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authz.store.FileRolesStore;
-import org.elasticsearch.shield.crypto.InternalCryptoService;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.authc.file.FileRealm;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authz.store.FileRolesStore;
+import org.elasticsearch.xpack.security.crypto.InternalCryptoService;
 import org.elasticsearch.test.ESIntegTestCase;
 import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
 import org.elasticsearch.test.TestCluster;
@@ -88,7 +88,7 @@ import java.util.function.Function;
 
 import static org.elasticsearch.index.query.QueryBuilders.boolQuery;
 import static org.elasticsearch.index.query.QueryBuilders.matchQuery;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 import static org.elasticsearch.test.ESIntegTestCase.Scope.SUITE;
 import static org.elasticsearch.xpack.watcher.support.WatcherIndexTemplateRegistry.HISTORY_TEMPLATE_NAME;
 import static org.elasticsearch.xpack.watcher.support.WatcherIndexTemplateRegistry.TRIGGERED_TEMPLATE_NAME;
@@ -109,14 +109,14 @@ public abstract class AbstractWatcherIntegrationTestCase extends ESIntegTestCase
 
     private TimeWarp timeWarp;
 
-    private static Boolean shieldEnabled;
+    private static Boolean securityEnabled;
 
     private static ScheduleModule.Engine scheduleEngine;
 
     @Override
     protected TestCluster buildTestCluster(Scope scope, long seed) throws IOException {
-        if (shieldEnabled == null) {
-            shieldEnabled = enableShield();
+        if (securityEnabled == null) {
+            securityEnabled = enableSecurity();
             scheduleEngine = randomFrom(ScheduleModule.Engine.values());
         }
         return super.buildTestCluster(scope, seed);
@@ -134,7 +134,7 @@ public abstract class AbstractWatcherIntegrationTestCase extends ESIntegTestCase
                 .put("index.store.mock.check_index_on_close", false)
                 .put("xpack.watcher.execution.scroll.size", randomIntBetween(1, 100))
                 .put("xpack.watcher.watch.scroll.size", randomIntBetween(1, 100))
-                .put(ShieldSettings.settings(shieldEnabled))
+                .put(SecuritySettings.settings(securityEnabled))
                 .put("xpack.watcher.trigger.schedule.engine", scheduleImplName)
                 .put("script.inline", "true")
                 .build();
@@ -152,9 +152,9 @@ public abstract class AbstractWatcherIntegrationTestCase extends ESIntegTestCase
     @Override
     protected Collection<Class<? extends Plugin>> getMockPlugins() {
         Set<Class<? extends Plugin>> plugins = new HashSet<>(super.getMockPlugins());
-        // shield has its own transport service
+        // security has its own transport service
         plugins.remove(MockTransportService.TestPlugin.class);
-        // shield has its own transport
+        // security has its own transport
         plugins.remove(AssertingLocalTransport.TestPlugin.class);
         // we have to explicitly add it otherwise we will fail to set the check_index_on_close setting
         plugins.add(MockFSIndexStore.TestPlugin.class);
@@ -174,16 +174,16 @@ public abstract class AbstractWatcherIntegrationTestCase extends ESIntegTestCase
 
     @Override
     protected Function<Client,Client> getClientWrapper() {
-        if (shieldEnabled == false) {
+        if (securityEnabled == false) {
             return Function.identity();
         }
         Map<String, String> headers = Collections.singletonMap("Authorization",
-                basicAuthHeaderValue(ShieldSettings.TEST_USERNAME, new SecuredString(ShieldSettings.TEST_PASSWORD.toCharArray())));
-        // we need to wrap node clients because we do not specify a shield user for nodes and all requests will use the system
+                basicAuthHeaderValue(SecuritySettings.TEST_USERNAME, new SecuredString(SecuritySettings.TEST_PASSWORD.toCharArray())));
+        // we need to wrap node clients because we do not specify a user for nodes and all requests will use the system
         // user. This is ok for internal n2n stuff but the test framework does other things like wiping indices, repositories, etc
         // that the system user cannot do. so we wrap the node client with a user that can do these things since the client() calls
         // are randomized to return both node clients and transport clients
-        // transport clients do not need to be wrapped since we specify the shield.user setting that sets the default user to be
+        // transport clients do not need to be wrapped since we specify the xpack.security.user setting that sets the default user to be
         // used for the transport client. If we did not set a default user then the transport client would not even be allowed
         // to connect
         return client -> (client instanceof NodeClient) ? client.filterWithHeader(headers) : client;
@@ -210,10 +210,10 @@ public abstract class AbstractWatcherIntegrationTestCase extends ESIntegTestCase
     }
 
     /**
-     * @return whether shield has been enabled
+     * @return whether security has been enabled
      */
-    protected final boolean shieldEnabled() {
-        return shieldEnabled;
+    protected final boolean securityEnabled() {
+        return securityEnabled;
     }
 
     /**
@@ -224,9 +224,9 @@ public abstract class AbstractWatcherIntegrationTestCase extends ESIntegTestCase
     }
 
     /**
-     * Override and returns {@code false} to force running without shield
+     * Override and returns {@code false} to force running without security
      */
-    protected boolean enableShield() {
+    protected boolean enableSecurity() {
         return randomBoolean();
     }
 
@@ -252,13 +252,13 @@ public abstract class AbstractWatcherIntegrationTestCase extends ESIntegTestCase
 
     @AfterClass
     public static void _cleanupClass() {
-        shieldEnabled = null;
+        securityEnabled = null;
         scheduleEngine = null;
     }
 
     @Override
     protected Settings transportClientSettings() {
-        if (shieldEnabled == false) {
+        if (securityEnabled == false) {
             return super.transportClientSettings();
         }
 
@@ -351,7 +351,7 @@ public abstract class AbstractWatcherIntegrationTestCase extends ESIntegTestCase
     }
 
     protected WatcherClient watcherClient() {
-        Client client = shieldEnabled ? internalCluster().transportClient() : client();
+        Client client = securityEnabled ? internalCluster().transportClient() : client();
         return randomBoolean() ? new XPackClient(client).watcher() : new WatcherClient(client);
     }
 
@@ -640,9 +640,9 @@ public abstract class AbstractWatcherIntegrationTestCase extends ESIntegTestCase
     }
 
 
-    /** Shield related settings */
+    /** Security related settings */
 
-    public static class ShieldSettings {
+    public static class SecuritySettings {
 
         public static final String TEST_USERNAME = "test";
         public static final String TEST_PASSWORD = "changeme";
@@ -691,7 +691,7 @@ public abstract class AbstractWatcherIntegrationTestCase extends ESIntegTestCase
                 return builder.put("xpack.security.enabled", false).build();
             }
             try {
-                Path folder = createTempDir().resolve("watcher_shield");
+                Path folder = createTempDir().resolve("watcher_security");
                 Files.createDirectories(folder);
                 return builder.put("xpack.security.enabled", true)
                         .put("xpack.security.authc.realms.esusers.type", FileRealm.TYPE)
@@ -704,7 +704,7 @@ public abstract class AbstractWatcherIntegrationTestCase extends ESIntegTestCase
                         .put("xpack.security.audit.enabled", auditLogsEnabled)
                         .build();
             } catch (IOException ex) {
-                throw new RuntimeException("failed to build settings for shield", ex);
+                throw new RuntimeException("failed to build settings for security", ex);
             }
         }
 
diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/HttpSecretsIntegrationTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/HttpSecretsIntegrationTests.java
index 948ee132b39..cd244e7a890 100644
--- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/HttpSecretsIntegrationTests.java
+++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/HttpSecretsIntegrationTests.java
@@ -84,7 +84,7 @@ public class HttpSecretsIntegrationTests extends AbstractWatcherIntegrationTestC
     @Override
     protected Settings nodeSettings(int nodeOrdinal) {
         if (encryptSensitiveData == null) {
-            encryptSensitiveData = shieldEnabled() && randomBoolean();
+            encryptSensitiveData = securityEnabled() && randomBoolean();
         }
         if (encryptSensitiveData) {
             return Settings.builder()
@@ -107,7 +107,7 @@ public class HttpSecretsIntegrationTests extends AbstractWatcherIntegrationTestC
                         .addAction("_logging", loggingAction("executed")))
                         .get();
 
-        // verifying the basic auth password is stored encrypted in the index when shield
+        // verifying the basic auth password is stored encrypted in the index when security
         // is enabled, and when it's not enabled, it's stored in plain text
         GetResponse response = client().prepareGet(WatchStore.INDEX, WatchStore.DOC_TYPE, "_id").get();
         assertThat(response, notNullValue());
@@ -115,7 +115,7 @@ public class HttpSecretsIntegrationTests extends AbstractWatcherIntegrationTestC
         Map<String, Object> source = response.getSource();
         Object value = XContentMapValues.extractValue("input.http.request.auth.basic.password", source);
         assertThat(value, notNullValue());
-        if (shieldEnabled() && encryptSensitiveData) {
+        if (securityEnabled() && encryptSensitiveData) {
             assertThat(value, not(is((Object) PASSWORD)));
             SecretService secretService = getInstanceFromMaster(SecretService.class);
             assertThat(secretService, instanceOf(SecretService.Secure.class));
@@ -123,7 +123,7 @@ public class HttpSecretsIntegrationTests extends AbstractWatcherIntegrationTestC
         } else {
             assertThat(value, is((Object) PASSWORD));
             SecretService secretService = getInstanceFromMaster(SecretService.class);
-            if (shieldEnabled()) {
+            if (securityEnabled()) {
                 assertThat(secretService, instanceOf(SecretService.Secure.class));
             } else {
                 assertThat(secretService, instanceOf(SecretService.Insecure.class));
@@ -178,7 +178,7 @@ public class HttpSecretsIntegrationTests extends AbstractWatcherIntegrationTestC
                                 .auth(new BasicAuth(USERNAME, PASSWORD.toCharArray())))))
                         .get();
 
-        // verifying the basic auth password is stored encrypted in the index when shield
+        // verifying the basic auth password is stored encrypted in the index when security
         // is enabled, when it's not enabled, the the passowrd should be stored in plain text
         GetResponse response = client().prepareGet(WatchStore.INDEX, WatchStore.DOC_TYPE, "_id").get();
         assertThat(response, notNullValue());
@@ -187,7 +187,7 @@ public class HttpSecretsIntegrationTests extends AbstractWatcherIntegrationTestC
         Object value = XContentMapValues.extractValue("actions._webhook.webhook.auth.basic.password", source);
         assertThat(value, notNullValue());
 
-        if (shieldEnabled() && encryptSensitiveData) {
+        if (securityEnabled() && encryptSensitiveData) {
             assertThat(value, not(is((Object) PASSWORD)));
             SecretService secretService = getInstanceFromMaster(SecretService.class);
             assertThat(secretService, instanceOf(SecretService.Secure.class));
@@ -195,7 +195,7 @@ public class HttpSecretsIntegrationTests extends AbstractWatcherIntegrationTestC
         } else {
             assertThat(value, is((Object) PASSWORD));
             SecretService secretService = getInstanceFromMaster(SecretService.class);
-            if (shieldEnabled()) {
+            if (securityEnabled()) {
                 assertThat(secretService, instanceOf(SecretService.Secure.class));
             } else {
                 assertThat(secretService, instanceOf(SecretService.Insecure.class));
diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/WatcherSettingsFilterTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/WatcherSettingsFilterTests.java
index 12f2fb6b423..a9b913575ba 100644
--- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/WatcherSettingsFilterTests.java
+++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/WatcherSettingsFilterTests.java
@@ -12,7 +12,7 @@ import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.xcontent.json.JsonXContent;
 import org.elasticsearch.common.xcontent.support.XContentMapValues;
 import org.elasticsearch.http.HttpServerTransport;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
 import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
 import org.elasticsearch.test.rest.client.http.HttpResponse;
 import org.elasticsearch.xpack.watcher.test.AbstractWatcherIntegrationTestCase;
@@ -21,10 +21,10 @@ import org.junit.After;
 import java.io.IOException;
 import java.util.Map;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
-import static org.elasticsearch.xpack.watcher.test.AbstractWatcherIntegrationTestCase.ShieldSettings.TEST_PASSWORD;
-import static org.elasticsearch.xpack.watcher.test.AbstractWatcherIntegrationTestCase.ShieldSettings.TEST_USERNAME;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.watcher.test.AbstractWatcherIntegrationTestCase.SecuritySettings.TEST_PASSWORD;
+import static org.elasticsearch.xpack.watcher.test.AbstractWatcherIntegrationTestCase.SecuritySettings.TEST_USERNAME;
 import static org.hamcrest.CoreMatchers.nullValue;
 import static org.hamcrest.Matchers.is;
 
@@ -79,7 +79,7 @@ public class WatcherSettingsFilterTests extends AbstractWatcherIntegrationTestCa
         if (body != null) {
             requestBuilder.body(body);
         }
-        if (shieldEnabled()) {
+        if (securityEnabled()) {
             requestBuilder.addHeader(BASIC_AUTH_HEADER,
                     basicAuthHeaderValue(TEST_USERNAME, new SecuredString(TEST_PASSWORD.toCharArray())));
         }
diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/transport/action/delete/ForceDeleteWatchTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/transport/action/delete/ForceDeleteWatchTests.java
index 51c5883cc6b..4f235e15d71 100644
--- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/transport/action/delete/ForceDeleteWatchTests.java
+++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/transport/action/delete/ForceDeleteWatchTests.java
@@ -35,7 +35,7 @@ public class ForceDeleteWatchTests extends AbstractWatcherIntegrationTestCase {
     }
 
     @Override
-    protected boolean enableShield() {
+    protected boolean enableSecurity() {
         return false;
     }
 
diff --git a/elasticsearch/x-pack/watcher/src/test/resources/org/elasticsearch/shield/keystore/testnode-different-passwords.jks b/elasticsearch/x-pack/watcher/src/test/resources/org/elasticsearch/xpack/security/keystore/testnode-different-passwords.jks
similarity index 100%
rename from elasticsearch/x-pack/watcher/src/test/resources/org/elasticsearch/shield/keystore/testnode-different-passwords.jks
rename to elasticsearch/x-pack/watcher/src/test/resources/org/elasticsearch/xpack/security/keystore/testnode-different-passwords.jks
diff --git a/elasticsearch/x-pack/watcher/src/test/resources/org/elasticsearch/shield/keystore/testnode.cert b/elasticsearch/x-pack/watcher/src/test/resources/org/elasticsearch/xpack/security/keystore/testnode.cert
similarity index 100%
rename from elasticsearch/x-pack/watcher/src/test/resources/org/elasticsearch/shield/keystore/testnode.cert
rename to elasticsearch/x-pack/watcher/src/test/resources/org/elasticsearch/xpack/security/keystore/testnode.cert
diff --git a/elasticsearch/x-pack/watcher/src/test/resources/org/elasticsearch/shield/keystore/testnode.jks b/elasticsearch/x-pack/watcher/src/test/resources/org/elasticsearch/xpack/security/keystore/testnode.jks
similarity index 100%
rename from elasticsearch/x-pack/watcher/src/test/resources/org/elasticsearch/shield/keystore/testnode.jks
rename to elasticsearch/x-pack/watcher/src/test/resources/org/elasticsearch/xpack/security/keystore/testnode.jks
diff --git a/elasticsearch/x-pack/watcher/src/test/resources/org/elasticsearch/shield/keystore/truststore-testnode-only.jks b/elasticsearch/x-pack/watcher/src/test/resources/org/elasticsearch/xpack/security/keystore/truststore-testnode-only.jks
similarity index 100%
rename from elasticsearch/x-pack/watcher/src/test/resources/org/elasticsearch/shield/keystore/truststore-testnode-only.jks
rename to elasticsearch/x-pack/watcher/src/test/resources/org/elasticsearch/xpack/security/keystore/truststore-testnode-only.jks