What security features does Elasticsearch provide?
Answer
Elasticsearch 8.x enables security by default. Transport layer security (TLS) encrypts all node-to-node and client-to-node communication. Authentication supports native users (built-in user database), LDAP/Active Directory integration, SAML, OpenID Connect, PKI certificates, and API keys. Role-based access control (RBAC) controls which indices users can access and what operations they can perform (read, write, manage). Field-level security (FLS) restricts which fields a user can see within a document — a user with FLS on the salary field simply won't see that field in results. Document-level security (DLS) restricts which documents a user can see using a query filter — e.g., a user can only see documents where department: "engineering". Audit logging records all security-relevant events for compliance. Use API keys for service-to-service authentication with minimal required privileges.
More Elasticsearch Questions
View all →- Advanced What are cluster health states in Elasticsearch and what causes each?
- Advanced What is hot-warm-cold architecture in Elasticsearch?
- Advanced What is Index Lifecycle Management (ILM) in Elasticsearch?
- Advanced What is Cross-Cluster Replication (CCR) and Cross-Cluster Search (CCS)?
- Advanced How do script_score and function_score work for custom relevance?