Search Guard v12 with multi-tenancy support officially released!

Hi everyone,

we are very proud to announce that we have released Search Guard v12 including Kibana multi-tenancy support officially today!

The release is accompanied by a revised and better-structured version of the documentation as well. We gave up on the confusing separation between the SSL/TLS part and the Search Guard part, and have merged both docs into one. All new features and changes released with v12, like support for PEM certificates, are already covered:

We will continue to improve on the docs, if you find that some parts are not clear enough or have other suggestions for improvement, please let us know!

The release also includes a new demo installation script which will install and configure demo certificates on a vanilla ES installation automatically. We will extend this feature in the next couple of releases, our goal is to have a completely guided and automated installation process of Search Guard and probably also the enterprise modules. No more searching for the correct versions of the individual components!

There’s also a new version of the Kibana plugin with a couple of new features and of course multi-tenancy support.


Search Guard:

  • First version which supports multi-tenancy for Kibana (ES 5.x only) (needs the Search Guard Kibana multi-tenancy module and Search Guard Kibana Plugin installed)
  • Revised default configuration, added multitenancy config (5.x only)
  • SSL X509/PEM certificate support for transport and rest layer SSL (2.x/5.x) (Not yet available for LDAPS and Auditlog HTTPS connections)
  • Snapshot restore now usable for regular users PR 257 (5.x only) by Lucas Bremgartner @breml
  • Add Kibana Info REST endpoint (ES 5.x only)
  • Add Demo installer (ES 5.x only)
  • Thread context handling fixed (5.x only)
  • Honor JAVA_HOME in and (2.x/5.x)
  • Revise security policy to include additional netty permissions (5.x only)
  • Do not load DLS/FLS wrapper for clients (5.x only)

Kibana Plugin:

  • Customizable login page: Use your own logo, title, and subtitle
  • Global and private tenants can be disabled now
  • The last selected tenant is stored in a cookie per user, and auto-selected upon next login
  • Display user information on tenant page
  • Experimental tenant filter: You can now optionally display a filter bar to filter the list of available tenants
  • Configuration checks: Check that multi-tenancy configuration on KI and ES match
  • Quick links to dashboards and visualizations on tenant page
  • Bugfix: Sort tenants
  • Bugfix: Redirect after login

In the next couple of days, we will discuss the Search Guard roadmap for Q2, and that’s where we need your input! What features would you like to see? What features can be improved? Where can we streamline the setup and configuration processes? Most likely we will set up a simple survey to gather your feedback and input and then rank and prioritize the features accordingly. We’ll keep you updated!

As always, thanks for your help & feedback!

Jochen and the Search Guard team


Search Guard (®) is an Elasticsearch plugin that offers encryption, authentication, and authorization.

It builds on Search Guard SSL and provides pluggable auth/auth modules in addition.

Search Guard is a trademark of floragunn GmbH, registered in the U.S. and in other countries.

Elasticsearch, Kibana, Logstash, and Beats are trademarks of Elasticsearch BV, registered in the U.S. and in other countries.
floragunn GmbH is not affiliated with Elasticsearch BV.