It is time to say goodbye: This version of Elastic Cloud Enterprise has reached end-of-life (EOL) and is no longer supported.
The documentation for this version is no longer being maintained. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Secure your settings
editSecure your settings
editSome of the settings that you configure in Elastic Cloud Enterprise are sensitive, and relying on file system permissions to protect these settings is insufficient. To protect your sensitive settings, such as passwords, you can use the Elasticsearch keystore.
Before you begin
editTo configure the keystore, you must meet the minimum criteria:
- To access the RESTful API for Elastic Cloud Enterprise, you must use your Elastic Cloud Enterprise credentials.
- The Elasticsearch cluster that you plan to configure must be version 6.0 or later.
To learn more about the Elasticsearch keystore, refer to the Elasticsearch documentation.
Steps
editCreate the keystore:
curl -k -X PATCH -u USER:PASSWORD https://COORDINATOR_HOST:12443/api/v1/clusters/elasticsearch/ELASTICSEARCH_CLUSTER_ID/keystore \ { "secrets": { "s3.client.CLIENT_NAME.access_key": { "as_file": false "value": "ACCESS_KEY_VALUE" } "s3.client.CLIENT_NAME.secret_key": { "value": "SECRET_KEY_VALUE" } } }
-
ELASTICSEARCH_CLUSTER_ID
- The Elasticsearch cluster ID as shown in the Cloud UI or obtained via the API
List the keys defined in the keystore:
{ "secrets": { "s3.client.CLIENT_NAME.access_key": { "as_file": false }, "s3.client.CLIENT_NAME.secret_key": { "as_file": false } } }
Create the credentials for an S3 or Minio repository:
curl -k -X PUT -u $USER:$PASSWORD https://$COODINATOR_HOST:12443/api/v1/clusters/elasticsearch/$ELASTICSEARCH_CLUSTER_ID/_snapshot/s3-repo { "type": "s3", "settings": { "bucket": "s3_REPOSITORY_NAME", "client": "CLIENT_NAME", "base_path": "PATH_NAME" } }
Create the credentials for a GCS repository:
curl -k -X PUT -u USER:PASSWORD https://COORDINATOR_HOST:12443/api/v1/clusters/elasticsearch/$ELASTICSEARCH_CLUSTER_ID/_snapshot/s3-repo { "type": "gcs", "settings": { "bucket": "BUCKET_NAME", "base_path": "BASE_PATH_NAME", "client": "CLIENT_NAME" } }
To use GCS snapshots, the cluster must have the repository-gcs
plugin enabled.
Remove keys that are defined in the keystore:
curl -k -X PATCH -u USER:PASSWORD https://COORDINATOR_HOST:12443/api/v1/clusters/elasticsearch/$ELASTICSEARCH_CLUSTER_ID/keystore \ { "secrets": { "KEY_TO_REMOVE": {} } }