Securing Elasticsearch cluster

I have a 3 nodes cluster in my local VM ware workstation. I followed the instructions on below to make my Elasticsearch 7.10 secure:

configuring-security

getting-started-with-elasticsearch-security

I could complete the tutorials, but I want to know if I can secure built in users with password but no TLS configuration !! I mean , is it possible only add passwords to Elasticsearch built in users without Configure Transport Layer Security (TLS/SSL) for internode-communication ?

In a single node cluster, I add xpack.security.enabled: true and then run the Elasticsearch-setup-passwords interactive and just finish !! now I can add user/password to my connection strings to connect to my database in Elasticsearch!

But in a multi node cluster, I added xpack.security.enabled: true and when I want to startmy elasticsearch, the error says :

[1]: Transport SSL must be enabled if security is enabled on a [basic] license. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]

and so I have to be engaged in security transport SSL, while my all nodes/servers will be internal and not connected to internet and without SSH and other security points.

It is safe to me if I can have a secured cluster just with a password!! and with no SSL/TLS in node communications. I do not know that is it possible or not ??

Running multiple nodes means you are in a production mode
Elasticsearch will force bootstrap checks, hence if security enabled then TLS is a must

1 Like

A password that is sent in plaintext is not secure.

There's no way to do what you want to do sorry.

1 Like