How to pass pass username and password as env variable when search-gaurd is securing the ES cluster that is running as docker image

I am not adding configuration files, because this is just an implementation question and I am not getting any error because of the configuration.
So, I secured official docker image of elastic search by installing the plugin and other required things in the Dockerfile itself.
If I build the Dockerfile and run the image everything works as expected with the default password admin/admin. Now, what I am trying to do is to get the password as env variable while running the image so that we can decide the password while running the image.
What I am doing right now is accepting the password while we run docker build and changed the sg_internal_users.yml with the given password then copy this updated sg_internal_users.yml config file to the correct location in search-guard.
My question is how can achieve this is I want to give the password while running the image using docker run.

If you are running SG version 25.0 or above, you can use environment variables in the Search Guard configuration files.

For example, if the password hash for your admin user is stored in an environment variable called ADMIN_PWD_HASH you can use it like:

admin:
  hash: ${env.ADMIN_PWD_HASH}

If your cleartext password is stored in an environment variable called ADMIN_PWD, SG can automatically convert it to a hash when replacing the variables, like:

admin:
  hash: ${envbc.ADMIN_PWD}
1 Like

Thanks for response and I will have to pass these variables while running the image using docker run using the flag -e "ADMIN_PWD=adminpassw0rd", is that correct.
If you want to see the Dockerfile I can share the link with you.
com.floragunn:search-guard-7:7.0.1-35.0.0 is the artifact of the search-guard project that we are using.

Yes, that would be correct. Use the -e flag to pass env variables to Docker, and when applying the configuration files Search Guard will use them.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.