In this tutorial series we will be implementing examples for elasticsearch security. In this article, we will explore the importance of securing Elasticsearch 8, a highly scalable search and analysis engine. We will dive into the steps required to set up password authentication and protect your Elasticsearch cluster from unauthorized access. With the increasing risk of data breaches, implementing strong security measures is crucial, and by following this guide, you can ensure your Elasticsearch deployment remains safe and secure.
Video
This tutorial is explained in the below Youtube Video.
Implementation
Go to the elasticsearch downloads page. Click on the Windows button to download the latest elasticsearch installable. In our case it is 8.8.2.
This will be a zip folder. Unzip it as follows.
Open the command prompt as an admin. Go to the elasticsearch bin folder and type the following command
elasticsearch.batThis will start elasticsearch.
With elasticsearch 8 security is enabled by default. Using a browser if we now go to localhost:9200 we get the following prompt asking for a username and password.
Next we will be setting the elasticsearch password. For this do not close the previous command prompt window which is running elasticsearch. Open another command prompt as as admin and go to the bin folder. Previously we would have used the following command.
elasticsearch-setup-passwords interactiveAccording to the elasticsearch documentation the above command is depricated.
Instead we will be using the following command for setting the elasticsearch password.
elasticsearch-reset-password -u elastic --interactive
I have set the elastic password as password. So if i now go to the elasticsearch url - localhost:9200 I can enter the username as elastic and password as password. elasticsearch.
We are able to access the portal as follows -
