-
Notifications
You must be signed in to change notification settings - Fork 24.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
elastic user password reset CLI tool #70113
Comments
Pinging @elastic/es-security (Team:Security) |
I like the proposal! Should it check and use the bootstrap password if not already used? It could be a good unified way to set up the The file realm approach requires that the user running the tool has write access to |
What would you see as the benefit that would justify this added complexity @bytebilly? The suggested approach would work fine whether or not the bootstrap password is already used / the
Agreed! I mentioned that above in
and we'll make sure this is called out in the docs and a helpful message is thrown if this is not the case in runtime |
Good point. It would work even in cases that the file realm is disabled, but use cases are probably very limited. No need to add complexity.
Oh yes that's what I was meaning, making it clear to the final user |
Aha, now I got you, that's a valid point. As you mention too, this would only cover the use case where the file realm is disabled and the elastic password hasn't already be set via some means. Given that a) the file realm can be enabled (albeit with a node restart required ), b) we are moving towards having the elastic password set by default, c) the file realm always being enabled unless explicitly disabled , I don't think it justifies the effort to cater for that use case. |
This change introduces a new CLI tool that allows users to reset the password for the elastic user, setting it to a user defined or an auto-generated value. Resolves: elastic#70113
It would be beneficial for our users to offer a simple solution for resetting the password of the
elastic
built-in user.Requirements
Suggested Solution
We can offer a CLI tool for this purpose. The tool can depend on the file realm and codify the suggested approach we have even now for these kinds of situations where users have lost the password for the elastic user. The flow can be similar to:
bin/elasticsearch-tool-name
, optionally specifying the requested password valuesuperuser
and adds that to the file realm.elastic
user to the requested valueRequirements satisfied
The text was updated successfully, but these errors were encountered: