Can I set built-in users passwords in elasticsearch-keystore?

JanKowalik · August 30, 2019, 2:53pm

Hi,

Is it possible to set built-in user passwords in elasticsearch-keystore before ES starts up?
I know one can set the bootstrap.password in the keystore but what about passwords for elastic, kibana and other built-ins?

The Elastic Kubernetes Helm Chart seems to be doing the above here:

Creates a secret with elastic user credentials
https://github.com/elastic/helm-charts/blob/master/elasticsearch/examples/config/Makefile
Adds it to the keystore
https://github.com/elastic/helm-charts/blob/1ad3826f26b4375b8935956d462f8777bd3c78a4/elasticsearch/templates/statefulset.yaml#L155

I am not sure what keys and values are added there exactly, though.

My ElasticSearch version is 6.8.1

--
Thanks in advance

ikakavas · September 6, 2019, 2:28pm

Hi,

As you have read in our docs you can only set bootstrap.password in the elasticsearch keystore and this password only applies to the elastic user. Now that you can authenticate as elastic with the value of bootstrap.password as the password, you can use the change passwords API to set the password for the rest of the built-in users.

Hope this helps!

JanKowalik · September 6, 2019, 2:54pm

Thank you for your response.
Yeah, I looked through the docs, but I just thought I might have missed something obvious. I have used the approach you described now.

Kind regards.

system · October 4, 2019, 2:54pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.