Hi,
I am trying to put together a script to automatically snapshot indexes but I am running into a problem, when I run the CRUL request it requires authentication (normally done with a --user $username:$password) but I do not want to leave the login hard coded since that is a security risk. Is there another way to handle the authentication maybe using a key in addition to a password just to provide a extra layer of protection (similar to sgadmin)?
Thank You!
Elasticsearch version: 6.4.1 (basic license)
Search Guard version: 23.1 (community version)
When asking questions, please provide the following information:
-
Search Guard and Elasticsearch version
-
Installed and used enterprise modules, if any
-
JVM version and operating system version
-
Search Guard configuration files
-
Elasticsearch log messages on debug level
-
Other installed Elasticsearch or Kibana plugins, if any
Well, the HTTP Basic authentication spec does not provide you with any extra layer of security. It’s just a base64 encoded username:password combination in the HTTP header.
What people usually do is to remove any hardcoded passwords in their scripts and use environment variables instead.
sgadmin works with a TLS client certificate, this is totally different from Basic Authentication.
However, you can also use TLS client cert authentication in combination with curl.
A typical call could then look something like:
curl ‘https://sgssl-0.example.com:9200/…’
–cert “/path/to/certificate.pem”
–cacert “/path/to/root-ca.pem”
``
···
On Thursday, March 7, 2019 at 6:50:55 PM UTC+1, william.s@orangelogic.com wrote:
Hi,
I am trying to put together a script to automatically snapshot indexes but I am running into a problem, when I run the CRUL request it requires authentication (normally done with a --user $username:$password) but I do not want to leave the login hard coded since that is a security risk. Is there another way to handle the authentication maybe using a key in addition to a password just to provide a extra layer of protection (similar to sgadmin)?
Thank You!
Elasticsearch version: 6.4.1 (basic license)
Search Guard version: 23.1 (community version)
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
- Installed and used enterprise modules, if any
- JVM version and operating system version
- Search Guard configuration files
- Elasticsearch log messages on debug level
- Other installed Elasticsearch or Kibana plugins, if any