24 lines
916 B
Plaintext
24 lines
916 B
Plaintext
[[enable-message-authentication]]
|
|
=== Enable Message Authentication
|
|
|
|
Message authentication verifies that a message has not been tampered with or corrupted in transit.
|
|
|
|
To enable message authentication:
|
|
|
|
. Run the `syskeygen` tool from `ES_HOME` without any options:
|
|
+
|
|
[source, shell]
|
|
----------------
|
|
bin/shield/syskeygen
|
|
----------------
|
|
+
|
|
This creates a system key file in `ES_HOME/config/shield/system_key`. You
|
|
can customize this file's location by changing the value of the `shield.system_key.file` setting in
|
|
`elasticsearch.yml`.
|
|
|
|
. Copy the genererated system key to the rest of the nodes in the cluster.
|
|
|
|
IMPORTANT: The system key is a symmetric key, so the same key must be on every node in the cluster.
|
|
|
|
Now that you've enabled message authentication, you might also want to <<enable-auditing, Enable Auditing>> to keep track of attempted and successful interactions with your Elasticsearch cluster.
|