Protect Elasticsearch using Oauth


(Jørgen) #1

I, nor my users, can afford X-pack og similar commercial alternatives to protect Elasticsearch. I have several use cases that require me to put Elasticsearch on the Internet and as such I have started a little project that will allow you to protect individual Elasticsearch indices using a combination of Oath 2.0 Personal Access Tokens and JSON Web Tokens.

In a nutshell:

  • Provide the use of Personal Access Tokens to protect Elasticsearch. Frees you from having to manage Basic Auth at the server level.
  • JSON Api for managing indices and tokens.
  • Also, a self service frontend GUI allowing users to set create their own indices and attach tokens to these.

For more information please see https://github.com/jorgenb/elasticshield. I realise that it does not solve anything new but I hope that with time and feedback I will be able to grow it to solution that can benefit many.


(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.