22 lines
784 B
Plaintext
22 lines
784 B
Plaintext
[[enable-message-authentication]]
|
|
=== Enable Message Authentication
|
|
|
|
Message authentication verifies that a message has not been tampered with or corrupted in transit.
|
|
|
|
To enable message authentication:
|
|
|
|
. Run the `syskeygen` tool from `ES_HOME` without any options:
|
|
+
|
|
[source, shell]
|
|
----------------
|
|
bin/shield/syskeygen
|
|
----------------
|
|
+
|
|
This creates a system key file in `CONFIG_DIR/shield/system_key`.
|
|
|
|
. Copy the genererated system key to the rest of the nodes in the cluster.
|
|
|
|
IMPORTANT: The system key is a symmetric key, so the same key must be on every node in the cluster.
|
|
|
|
Now that you've enabled message authentication, you might also want to <<enable-auditing, Enable Auditing>> to keep track of attempted and successful interactions with your Elasticsearch cluster.
|