How to Authenticate Scripted CURL Requests

Hi,

I am trying to put together a script to automatically snapshot indexes but I am running into a problem, when I run the CRUL request it requires authentication (normally done with a --user $username:$password) but I do not want to leave the login hard coded since that is a security risk. Is there another way to handle the authentication maybe using a key in addition to a password just to provide a extra layer of protection (similar to sgadmin)?

Thank You!

Elasticsearch version: 6.4.1 (basic license)

Search Guard version: 23.1 (community version)

When asking questions, please provide the following information:

• Search Guard and Elasticsearch version

• Installed and used enterprise modules, if any

• JVM version and operating system version

• Search Guard configuration files

• Elasticsearch log messages on debug level

• Other installed Elasticsearch or Kibana plugins, if any

Well, the HTTP Basic authentication spec does not provide you with any extra layer of security. It’s just a base64 encoded username:password combination in the HTTP header.

What people usually do is to remove any hardcoded passwords in their scripts and use environment variables instead.

sgadmin works with a TLS client certificate, this is totally different from Basic Authentication.

However, you can also use TLS client cert authentication in combination with curl.

A typical call could then look something like:

curl ‘https://sgssl-0.example.com:9200/…’
–cert “/path/to/certificate.pem”
–cacert “/path/to/root-ca.pem”

``