How to secure the Elasticsearch API?

To provide the application team with access to Elasticsearch without sharing the username and password, you can use API keys. API keys are base64-encoded strings that are used for service-to-service interactions.

Here are the steps to create an API key:

  1. First, you need to create a role that has the necessary permissions. For example, if you want to allow only GET requests, you can create a role that has only 'read' permissions. You can do this in the Kibana Management UI or by using the Role Management API.

  2. Once the role is created, you can create a user and assign this role to the user. This can also be done in the Kibana Management UI or by using the User Management API.

  3. Now, you can create an API key for this user. You can do this by running the following command:

POST /_security/api_key
{
  "name": "my-api-key",
  "role_descriptors": {
    "role-name": {
      "cluster": ["all"],
      "index": [
        {
          "names": ["index-name"],
          "privileges": ["read"]
        }
      ]
    }
  }
}

Replace 'role-name' with the name of the role you created and 'index-name' with the name of the index you want to give access to.

  1. The response will contain the API key and the ID of the key. You can share this API key with the application team. They can use it in the Authorization header of their requests like this: Authorization: ApiKey <base64_encoded_api_key>

Remember, the API key is not retrievable after it's created. If you lose it, you'll have to create a new one.

Disclaimer: OpsGPT assisted me with part of this answer.

1 Like