Can I set built-in users passwords in elasticsearch-keystore?

JanKowalik · August 30, 2019, 2:53pm

Hi,

Is it possible to set built-in user passwords in elasticsearch-keystore before ES starts up?
I know one can set the bootstrap.password in the keystore but what about passwords for elastic, kibana and other built-ins?

The Elastic Kubernetes Helm Chart seems to be doing the above here:

Creates a secret with elastic user credentials
https://github.com/elastic/helm-charts/blob/master/elasticsearch/examples/config/Makefile
Adds it to the keystore
https://github.com/elastic/helm-charts/blob/1ad3826f26b4375b8935956d462f8777bd3c78a4/elasticsearch/templates/statefulset.yaml#L155

I am not sure what keys and values are added there exactly, though.

My ElasticSearch version is 6.8.1

--
Thanks in advance

ikakavas · September 6, 2019, 2:28pm

Hi,

As you have read in our docs you can only set bootstrap.password in the elasticsearch keystore and this password only applies to the elastic user. Now that you can authenticate as elastic with the value of bootstrap.password as the password, you can use the change passwords API to set the password for the rest of the built-in users.

Hope this helps!

JanKowalik · September 6, 2019, 2:54pm

Thank you for your response.
Yeah, I looked through the docs, but I just thought I might have missed something obvious. I have used the approach you described now.

Kind regards.

Topic		Replies	Views
Xpack setting password for build-in user Elasticsearch	3	421	August 9, 2018
ERROR: Failed to verify bootstrap password when setting built in user's password Elasticsearch	1	2409	August 12, 2020
Setting up User Authentication Elasticsearch elastic-stack-security	6	4687	March 27, 2019
How to create build in user without interactive mode or auto Elasticsearch	5	6326	June 27, 2019
Can I change the elastic built-in user password? Elasticsearch	2	405	August 10, 2021

Can I set built-in users passwords in elasticsearch-keystore?

Related topics