So is there no room for using the bcrypt library ourselves? if I get a salted and hashed password w/ bcrypt can I just plug that value in to the users section? or does it have to be done with the elasticsearch-users helper tool (not sure if something proprietary is going on there).
I guess I'm asking because I tried this, and its not showing up in kibana or using the users api directly doesn't show my user, but also I dont see a particular complaint anywhere. so I'm not sure if it worked or not.
Thank you, i found a note in the docs that it indeed cannot be managed/seen in the regular api or kibana ui, but can show up using the elasticsearch-users tool to list. My user did show up there with the mapping, but I get a 401 when that account is used to index...so this brings me back to whether or not one must use the elasticsearch-users tool to add/create the file for the secret (as per the example) or if we can use bcrypt to provide the password ourselves. I don't see that mentioned anywhere. It just assumes you will use the users helper tool. For all we know, it won't accept it unless its done with the users command helper tool. @TimV
i couldn't get it to work plugging in user:<my bcrypt w/ salt generated output>
so in the end I did use elasticsearch user helper tool using the same password i provided to bcrypt
so I dont know what the user tool is doing differently or if it assumes specific params like rounds or stuff surrounding the salt, but the only way I could get my user to work was with the elasticsearch-user tool.
not sure if anyone wants to confirm what exact bcrypt params you'd need to match what its doing but it seems this is the only way it will accept it.
Technically, of course, Elasticsearch can't tell the difference between a file that was generated by the CLI tool & an identical file that was generated by some other means.
However, we do not make any guarantees about compatibility with files other that those generated by the CLI. The way that you get a file that is compatible with Elasticsearch's file realm is by generating that file using the provided tooling.
understood I was just trying to clarify that should was not must. and if you knew what exactly params it was using w/ bcrypt follow the same footsteps. I think thats a fair thing to consider.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.