Is there any authentication plugin for elasticsearch which allows me to offload all read queries from my app server?

Hi Guys,

I have separate elasticsearch cluster and since Elasticsearch offers API call on http(s): So i want my client to directly interface elasticsearch API using javascript.

we can not allow one customer to see the data of other customer. So is there any plugin available which can allow me to generate authentication key when client get logged in.

  1. that key should be valid during the session only.
  2. that key will be unique for every customer and authenticated by elasticsearch before serving content

Otherwise, i have to write some authentication logics before serving any content.

Thank you.

Did you look at xpack (commercial) which brings security to elasticsearch?

Not sure, but as far as i know about x-pack. It can allow me as an admin to create define set of users who can access all data from database. If it is so, then this would not work. because i need authenticated user should be able to access only his data. Just like we authenticate users from mysql and give them some api token to execute rest of the API calls.

Xpack platinum allows document level security and field level security.

Which means that user X will only see its documents.

But may be you are looking for something else.

1 Like

XPack can be helpful in this case. Thank you for your reply. BTW do you know XPack pricing if i want to install it on my own server instead of hosted solution.


No I don't. Better to use the contact form on this page:

Make sense. Thanks.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.