Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify the intended usage of service-tokens CLI #83491

Closed
ywangd opened this issue Feb 4, 2022 · 3 comments · Fixed by #96091
Closed

Clarify the intended usage of service-tokens CLI #83491

ywangd opened this issue Feb 4, 2022 · 3 comments · Fixed by #96091
Assignees
@ywangd
Labels
>docs General docs changes :Security/Security Security issues without another label Team:Security Meta label for security team

Comments

@ywangd
Copy link
Member

ywangd commented Feb 4, 2022

The documentation around Service Accounts needs more clarification on how and when to use the elasticsearch-service-tokens CLI.

Currently, it is not clear that the CLI generates token on the single node where the it runs. It also generates different token each time it runs. As such, the CLI is more suitable to be part of an orchestration flow. That is, using it to prepare a service token that can be used on all nodes in a cluster needs roughly the following steps:

  1. Run the CLI to generate the service token on one node.
  2. Copy the service_tokens file generated in the previous step to all other nodes of the cluster.

Alternatively, the CreateServiceToken API can be used to generate a service token that is automatically usable on all nodes (similar to how CreateUser API works).
@ywangd ywangd added >docs General docs changes :Security/Security Security issues without another label labels Feb 4, 2022
@elasticmachine elasticmachine added Team:Docs Meta label for docs team Team:Security Meta label for security team labels Feb 4, 2022
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-docs (Team:Docs)

@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

@ywangd ywangd self-assigned this Feb 4, 2022
@rsaeks
Copy link

rsaeks commented Feb 4, 2022

Thanks for clarifying! The API route works successfully!

@lockewritesdocs lockewritesdocs removed the Team:Docs Meta label for docs team label Apr 27, 2022
@tvernum tvernum mentioned this issue May 15, 2023
Merged
elasticsearchmachine pushed a commit that referenced this issue May 16, 2023
@tvernum
[DOCS] Recommend API service tokens (over file) (#96091)
5e2c7d5 
File based service tokens were added to support orchestration
requirements in environments such as ECE and ECK. Outside of these
environments we recommend that API based tokens are used instead.

Resolves: #83491
tvernum added a commit to tvernum/elasticsearch that referenced this issue May 16, 2023
@tvernum
[DOCS] Recommend API service tokens (over file) (elastic#96091)
99320d9 
File based service tokens were added to support orchestration
requirements in environments such as ECE and ECK. Outside of these
environments we recommend that API based tokens are used instead.

Resolves: elastic#83491
tvernum added a commit to tvernum/elasticsearch that referenced this issue May 16, 2023
@tvernum
[DOCS] Recommend API service tokens (over file) (elastic#96091)
7be9b7d 
File based service tokens were added to support orchestration
requirements in environments such as ECE and ECK. Outside of these
environments we recommend that API based tokens are used instead.

Resolves: elastic#83491
tvernum added a commit to tvernum/elasticsearch that referenced this issue May 16, 2023
@tvernum
[DOCS] Recommend API service tokens (over file) (elastic#96091)
2f13f72 
File based service tokens were added to support orchestration
requirements in environments such as ECE and ECK. Outside of these
environments we recommend that API based tokens are used instead.

Resolves: elastic#83491
elasticsearchmachine pushed a commit that referenced this issue May 16, 2023
@tvernum
[DOCS] Recommend API service tokens (over file) (#96091) (#96119)
b1a0479 
File based service tokens were added to support orchestration
requirements in environments such as ECE and ECK. Outside of these
environments we recommend that API based tokens are used instead.

Resolves: #83491
elasticsearchmachine pushed a commit that referenced this issue May 16, 2023
@tvernum
[DOCS] Recommend API service tokens (over file) (#96091) (#96120)
d869b47 
File based service tokens were added to support orchestration
requirements in environments such as ECE and ECK. Outside of these
environments we recommend that API based tokens are used instead.

Resolves: #83491
elasticsearchmachine pushed a commit that referenced this issue May 16, 2023
@tvernum
[DOCS] Recommend API service tokens (over file) (#96091) (#96121)
19d6efa 
File based service tokens were added to support orchestration
requirements in environments such as ECE and ECK. Outside of these
environments we recommend that API based tokens are used instead.

Resolves: #83491
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ywangd ywangd

Labels
>docs General docs changes :Security/Security Security issues without another label Team:Security Meta label for security team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[DOCS] Recommend API service tokens (over file) tvernum/elasticsearch
4 participants
@rsaeks @ywangd @elasticmachine @lockewritesdocs