Hi, first post and I'm not all that knowledgeable about this topic.
Can anyone tell me the best way to use my ElasticSearch Google Cloud instance in terms of security?
I have a mobile app that is being released as a PWA (mobile website). The mobile app didn't require the same level of security as the web. We could just put the credentials for the searches right into the code.
Now, the "code" shows up in the "view source" option in the browser, so our ElasticSearch password is clearly visible to anyone. This is obviously a disaster waiting to happen.
How do we set up a web site to make ElasticSearch queries using the credentials for our ElasticSearch instance, but NOT have it show up in the website code?
What are current best practices for this?