Token vs Clear text user/password


#1

Is it possible to send User creds using a token instead of sending clear text? I know that we can use the statement below and that it is sent encrypted:
curl --user user1:password2 -XGET 'https://elasticserver:9200/.....'

But, in the case of using elasticsearch.pm, that means that the username and password are stored in clear text on the server running the connection to Elasticsaerch. Not something we want to do, especially given that the documentation says that Elasticsearch running X-Pack processes the creds as a Base64 token.

Ideally we want to be able to tokenize the creds, then save that token in our scripts. That way not only is the data encrypted in transmission, but it is also not stored in clear text on the server.

Thanks.
Laura


(Alexander Reelsen) #2

Hey,

right now you cannot use tokens. However as a workaround, you could use the PKI realm and use certificates to authenticate users, requiring you not to store passwords locally.

--Alex


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.