Hope someone can help here
i'm attempting to create api keys for a user and utilize them as documented here:
https://www.elastic.co/guide/en/elasticsearch/reference/7.5/security-api-create-api-key.html
i have successfully created the api key however when i attempt to curl anything as documented in the elastic search docs i.e.:
curl -k https://<censored>:9200/_cluster/health -H 'Authorization: ApiKey <censored>='
i am greeted with the following response:
{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/_cluster/health]","header":{"WWW-Authenticate":["Bearer realm=\"security\"","ApiKey","Basic realm=\"security\" charset=\"UTF-8\""]}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/_cluster/health]","header":{"WWW-Authenticate":["Bearer realm=\"security\"","ApiKey","Basic realm=\"security\" charset=\"UTF-8\""]}},"status":401}
I'm not sure why it would complain here given that i have apparently valid api token.
After doing some more digging i've noticed that i'm getting an invalid credentials error logged from elastic-search - the credentials are in fact correct and were pulled from the response using the following:
echo $(cat response | jq -r .id):$(cat response | jq -r .api_key) | base64
Incidentally if i intentionally use the wrong key id (in this case by including quotes) the following is logged
Authentication using apikey failed - unable to find apikey with id "fufe928Bnl45U--l7GCn"
so seemingly elasticsearch is finding the key but failing to grant access for other reasons