Reputation: 261
How to perform token authentication in elasticsearch?
I'm testing Elasticsearch in development mode with docker official image.
The basic install is based on X_pack and basic authentication.
Everything works fine by performing curl like:
curl -XPUT -u elastic:elasticpassword "http://localhost:9200/movies/movie/1" -d'
{
"title": "The Godfather",
"director": "Francis Ford Coppola",
"year": 1972, "user":"elastic", "password":"changeme"
}'
But is there a way to perform a token request (with user and password) and then query Elasticsearch with the token. Instead of having to specify user/password every time I perform a query?
Upvotes: 26
Views: 92589
Answers (4)
Reputation: 3606
curl -X GET --user myuser:mypassword "http://elasticsearch:9200/_cluster/health?pretty"
In my case above curl helped
{
"cluster_name" : "elasticsearch",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"active_primary_shards" : 16,
"active_shards" : 16,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
Upvotes: 7
Reputation: 146
Further to Taran's answer, if you want to generate base64 token, you can do so by the following command:
echo -n 'username:pass' | openssl base64
Upvotes: 5
Reputation: 146510
The default X_Pack in docker image has Basic authentication enabled. Which is what your are using. The token for the same is base64(user:password). You can generate the same using http://base64encode.org and inputing :.
In curl there are two ways to call Basic auth URLs
curl -XPUT -u elastic:elasticpassword "http://localhost:9200/movies/movie/1" -d''
which you have already been using
curl -H "Authorization: Basic ZWxhc3RpYzpjaGFuZ2VtZQ==" -XPUT "http://localhost:9200/movies/movie/1" -d'....'
Now if your problem is putting in this again and again then you better create a alias in your bash profile like below
alias curles='curl -u elastic:elasticpassword'
After that you can call your commands as below
curles -XPUT "http://localhost:9200/movies/movie/1" -d''
Upvotes: 35
Reputation: 101
Cutting out a lot of my original answer because you could argue it's all local, but leaving one major complaint about security here:
- Definitely don't go to base64encode.org and enter your username:password. The very fact that it is suggested here on StackOverflow makes that site now (sadly for the owners) and incredibly juicy hacking target to compromise since they know people are going there.
Upvotes: 13
Related Questions
- How I can get authentication token or do loging in Elastic Search using REST API? For example from POSTMAN
- How to fetch elasticsearch api with auth
- Add authentication in elasticsearch high level client for Java
- Authentication in Elasticsearch
- User authentication in Elasticsearch without third party tools
- How to authorize request in elastic search?
- Authentication in Elasticsearch using python
- Elasticsearch on AWS - Adding a Tokenizer
- How to setup a tokenizer in elasticsearch