mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-02-14 08:55:19 +00:00
8bb35cd6c3
This also change ES_HOME/config -> CONFIG_DIR in the documentation to more accurately reflect the location of configuration files as they are not always in ES_HOME/config. Closes elastic/elasticsearch#455 Closes elastic/elasticsearch#432 Original commit: elastic/x-pack-elasticsearch@63ce35450c
22 lines
784 B
Plaintext
22 lines
784 B
Plaintext
[[enable-message-authentication]]
|
|
=== Enable Message Authentication
|
|
|
|
Message authentication verifies that a message has not been tampered with or corrupted in transit.
|
|
|
|
To enable message authentication:
|
|
|
|
. Run the `syskeygen` tool from `ES_HOME` without any options:
|
|
+
|
|
[source, shell]
|
|
----------------
|
|
bin/shield/syskeygen
|
|
----------------
|
|
+
|
|
This creates a system key file in `CONFIG_DIR/shield/system_key`.
|
|
|
|
. Copy the genererated system key to the rest of the nodes in the cluster.
|
|
|
|
IMPORTANT: The system key is a symmetric key, so the same key must be on every node in the cluster.
|
|
|
|
Now that you've enabled message authentication, you might also want to <<enable-auditing, Enable Auditing>> to keep track of attempted and successful interactions with your Elasticsearch cluster.
|