Search-ui - can we use signed keys without building a custom connector?

Adonis_Panagidis · January 30, 2022, 10:16am

What's the recommended way of avoiding to expose the searchKey in the front-end react code?

I was thinking to build a service to return the searchKey but I think using the same searchKey for all end users is not ideal. I came across the signed keys but they don't seem to be natively supported by the native connector in GitHub - elastic/search-ui: Search UI. Libraries for the fast development of modern, engaging search experiences.

Is it possible to use signed keys without building a custom connector?

joemcelroy · January 31, 2022, 8:35am

Hey @Adonis_Panagidis

You should be fine exposing the public search key within the frontend. Its only the private API key which should not be exposed publicly. See here for more information on the topic Search guide | Elastic App Search Documentation [7.16] | Elastic

If its still important for you to hide the searchkey, you could proxy the search API call through your server, forwarding on the call to app search with the public key included.

Joe

Topic		Replies	Views
Security - how to avoid exposing app search keys (searchKey,host identifier,engineName) in search ui Elastic Search elastic-app-search	9	1346	December 17, 2019
Signed API keys Elastic Search elastic-app-search	1	252	November 21, 2022
Securing search-ui and embedding in larger a larger non-React app Elastic Search elastic-app-search	8	1006	August 29, 2021
Dec 13th, 2020: [EN] Making it personal: Tailoring content with signed search keys in App Search Advent Calendar	1	1224	January 10, 2021
Signed Search Key via API Elastic Search elastic-app-search	5	742	February 20, 2020

Search-ui - can we use signed keys without building a custom connector?

Related topics