Beta 2: API Auth Tokens for Search Guard

Right in time for the holidays, we have finished the second beta version of the Search Guard Auth Token Service.

This feature allows any user logged into Search Guard to create access tokens which can be used for external applications, scripts, etc. without having to use a password. Auth tokens can have a limited set of permissions, a limited lifetime and can be revoked by the user.

Beta 2 brings these updates:

  • In beta 1, all auth tokens needed to be kept in the heap memory on all nodes. Thus, the number of auth tokens was bound by the available heap memory. Beta 2 removes this restriction; it does no longer require all auth tokens to be kept in the heap.
  • Normally, Search Guard will always create a snapshot of the current role configuration when issuing an auth token. This ensures that an auth token will continue to work even if you redesign your role configuration. Beta 2 now introduces an option freeze_privileges which can be used in the body of create auth token requests. If you set this option to false, Search Guard won’t create a snapshot of the role configuration. Instead, it will always use the current role configuration for the created auth token. This option can be also controlled globally in sg_config.yml.
  • A number of smaller bugfixes made it into beta 2 as well.

You can download it here:

For details on how to use the feature, refer to the documentation:

We are looking forward to any feedback from you!

Have fun!

Many greetings from the Search Guard team

Search Guard (®) is an Elasticsearch plugin that offers encryption, authentication, and authorization.

Coded with love in Berlin, Denmark, Sweden, Italy, Ukraine and the US.

Search Guard is a trademark of floragunn GmbH, registered in the U.S. and in other countries.

Elasticsearch, Kibana, Logstash, and Beats are trademarks of Elasticsearch BV, registered in the U.S. and in other countries.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.