Security in 8.x upgraded from 7.x

We are running 7.11 of Elastic and we will be moving to 8.x (by first upgrading to 7.17).
It would have been good to have security already, but we do not.
We want to add it now, but I'm looking at the documentation and I'm not clear about the following:
a) Is it true that I need three different restarts to implement good security? One for adding users, another for adding certificates and another for adding encryption.
b) Should we add security now, or when we get to 8.x (in terms of simplicity only, what would be simpler to do, not what would be more secure to do) ?

a) No, you only need to restart to add certificates. Because once that is done encryption is enabled. You can add users before that if you want.
b) Security in 8.X is more automatic, it'll create certificates for you for eg.

The documentation clearly states that I must stop Elastic to add users. The first step is literally to stop everything.

"1. On every node in your cluster, stop both Kibana and Elasticsearch if they are running."

Please explain how this doesn't mean I need to restart to add users.

If you read down a little - Set up minimal security for Elasticsearch | Elasticsearch Guide [7.17] | Elastic;

On every node in your cluster, start Elasticsearch

So yes, it does say to stop Elasticsearch, but that is purely to enable the setting in the configuration file.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.