How to secure the Elasticsearch API?

Hello,
I want to share the Elastic curl API to the application team so that they can consume the API to get the data from Elastic search.

How do I provide the authorization to the application team to consume that API?
I don't want to share the Elasticsearch's username and password to them to hit the API.

Also I want to restrict them to consume only GET method.

Kindly let me know your suggestions.

To provide the application team with access to Elasticsearch without sharing the username and password, you can use API keys. API keys are base64-encoded strings that are used for service-to-service interactions.

Here are the steps to create an API key:

  1. First, you need to create a role that has the necessary permissions. For example, if you want to allow only GET requests, you can create a role that has only 'read' permissions. You can do this in the Kibana Management UI or by using the Role Management API.

  2. Once the role is created, you can create a user and assign this role to the user. This can also be done in the Kibana Management UI or by using the User Management API.

  3. Now, you can create an API key for this user. You can do this by running the following command:

POST /_security/api_key
{
  "name": "my-api-key",
  "role_descriptors": {
    "role-name": {
      "cluster": ["all"],
      "index": [
        {
          "names": ["index-name"],
          "privileges": ["read"]
        }
      ]
    }
  }
}

Replace 'role-name' with the name of the role you created and 'index-name' with the name of the index you want to give access to.

  1. The response will contain the API key and the ID of the key. You can share this API key with the application team. They can use it in the Authorization header of their requests like this: Authorization: ApiKey <base64_encoded_api_key>

Remember, the API key is not retrievable after it's created. If you lose it, you'll have to create a new one.

Disclaimer: OpsGPT assisted me with part of this answer.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.