Right in time for the holidays, we have finished the second beta version of the Search Guard Auth Token Service.
This feature allows any user logged into Search Guard to create access tokens which can be used for external applications, scripts, etc. without having to use a password. Auth tokens can have a limited set of permissions, a limited lifetime and can be revoked by the user.
Beta 2 brings these updates:
- In beta 1, all auth tokens needed to be kept in the heap memory on all nodes. Thus, the number of auth tokens was bound by the available heap memory. Beta 2 removes this restriction; it does no longer require all auth tokens to be kept in the heap.
- Normally, Search Guard will always create a snapshot of the current role configuration when issuing an auth token. This ensures that an auth token will continue to work even if you redesign your role configuration. Beta 2 now introduces an option
freeze_privilegeswhich can be used in the body of create auth token requests. If you set this option to false, Search Guard won’t create a snapshot of the role configuration. Instead, it will always use the current role configuration for the created auth token. This option can be also controlled globally in
- A number of smaller bugfixes made it into beta 2 as well.
For details on how to use the feature, refer to the documentation: https://docs.search-guard.com/latest/search-guard-auth-tokens
We are looking forward to any feedback from you!
Many greetings from the Search Guard team
Search Guard (®) is an Elasticsearch plugin that offers encryption, authentication, and authorization.
Coded with love in Berlin, Denmark, Sweden, Italy, Ukraine and the US.
Search Guard is a trademark of floragunn GmbH, registered in the U.S. and in other countries.
Elasticsearch, Kibana, Logstash, and Beats are trademarks of Elasticsearch BV, registered in the U.S. and in other countries.