Search-ui - can we use signed keys without building a custom connector?

Adonis_Panagidis · January 30, 2022, 10:16am

What's the recommended way of avoiding to expose the searchKey in the front-end react code?

I was thinking to build a service to return the searchKey but I think using the same searchKey for all end users is not ideal. I came across the signed keys but they don't seem to be natively supported by the native connector in GitHub - elastic/search-ui: Search UI. Libraries for the fast development of modern, engaging search experiences.

Is it possible to use signed keys without building a custom connector?

joemcelroy · January 31, 2022, 8:35am

Hey @Adonis_Panagidis

You should be fine exposing the public search key within the frontend. Its only the private API key which should not be exposed publicly. See here for more information on the topic Search guide | Elastic App Search Documentation [7.16] | Elastic

If its still important for you to hide the searchkey, you could proxy the search API call through your server, forwarding on the call to app search with the public key included.

Joe

system · February 28, 2022, 8:36am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Security - how to avoid exposing app search keys (searchKey,host identifier,engineName) in search ui Elastic Search elastic-app-search	9	1273	December 17, 2019
Signed Search Key via API Elastic Search elastic-app-search	5	704	February 20, 2020
Signed API keys Elastic Search elastic-app-search	1	232	November 21, 2022
Dec 13th, 2020: [EN] Making it personal: Tailoring content with signed search keys in App Search Advent Calendar	1	1199	January 10, 2021
Securing search endpoint Elastic Search elastic-app-search	5	427	December 8, 2021

Search-ui - can we use signed keys without building a custom connector?

Related Topics