From 42a8d7f2a13f9e5d12b196506a78dcaadc8a841e Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Wed, 27 Mar 2024 09:11:08 -0400 Subject: [PATCH 1/4] Add documentation for setting the OpenSearch keystore password Signed-off-by: Craig Perkins --- .../configuration/opensearch-keystore.md | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/_security/configuration/opensearch-keystore.md b/_security/configuration/opensearch-keystore.md index 8a6f3357df..612b839499 100644 --- a/_security/configuration/opensearch-keystore.md +++ b/_security/configuration/opensearch-keystore.md @@ -65,6 +65,28 @@ The script responds with a confirmation that the keystore was created: Created opensearch keystore in $OPENSEARCH_HOME/config/opensearch.keystore ``` +### Setting a keystore password + +**Command** + +```bash +./bin/opensearch-keystore passwd +``` +{% include copy.html %} + +If a keystore password already exists, the script will ask for the current password before you can reset the password. + +**Response** + +The script responds with a confirmation that the keystore password was set successfully: + +```bash +OpenSearch keystore password changed successfully. +``` + +When starting OpenSearch you will be prompted to enter the keystore password. Alternatively, you can set the environment variable KEYSTORE_PASSWORD to avoid be prompted for password on startup. +{: .note} + ### Listing settings in the keystore **Command** From 543f6ffb40c224d7cda7c6f962446779570ee887 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Wed, 27 Mar 2024 09:13:02 -0400 Subject: [PATCH 2/4] Verb tense Signed-off-by: Craig Perkins --- _security/configuration/opensearch-keystore.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/configuration/opensearch-keystore.md b/_security/configuration/opensearch-keystore.md index 612b839499..2532cf7dee 100644 --- a/_security/configuration/opensearch-keystore.md +++ b/_security/configuration/opensearch-keystore.md @@ -84,7 +84,7 @@ The script responds with a confirmation that the keystore password was set succe OpenSearch keystore password changed successfully. ``` -When starting OpenSearch you will be prompted to enter the keystore password. Alternatively, you can set the environment variable KEYSTORE_PASSWORD to avoid be prompted for password on startup. +When starting OpenSearch you will be prompted to enter the keystore password. Alternatively, you can set the environment variable KEYSTORE_PASSWORD to avoid being prompted for password on startup. {: .note} ### Listing settings in the keystore From 0215b708a934aae479b989fad7353c21721b1ddd Mon Sep 17 00:00:00 2001 From: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> Date: Wed, 3 Apr 2024 17:13:16 -0500 Subject: [PATCH 3/4] Update opensearch-keystore.md --- .../configuration/opensearch-keystore.md | 20 +++++++------------ 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/_security/configuration/opensearch-keystore.md b/_security/configuration/opensearch-keystore.md index 2532cf7dee..06494dcefb 100644 --- a/_security/configuration/opensearch-keystore.md +++ b/_security/configuration/opensearch-keystore.md @@ -48,7 +48,7 @@ The following examples provide the basic syntax for common `opensearch-keystore` ### Creating a new keystore -**Command** +The following command creates a new OpenSearch Keystore: ```bash ./bin/opensearch-keystore create @@ -56,8 +56,6 @@ The following examples provide the basic syntax for common `opensearch-keystore` {% include copy.html %} If a keystore already exists, the script will ask whether you would like to overwrite the existing keystore. - -**Response** The script responds with a confirmation that the keystore was created: @@ -67,14 +65,14 @@ Created opensearch keystore in $OPENSEARCH_HOME/config/opensearch.keystore ### Setting a keystore password -**Command** +The following command sets a new keystore password: ```bash ./bin/opensearch-keystore passwd ``` {% include copy.html %} -If a keystore password already exists, the script will ask for the current password before you can reset the password. +If a keystore password already exists, the script will ask for the current keystore password before you can reset the password. **Response** @@ -89,15 +87,13 @@ When starting OpenSearch you will be prompted to enter the keystore password. Al ### Listing settings in the keystore -**Command** +The following commands list all setting currently in the keystore: ```bash ./bin/opensearch-keystore list ``` {% include copy.html %} -**Response** - The script responds with a list of settings in the keystore: ```bash @@ -107,26 +103,24 @@ plugins.security.ssl.http.pemkey_password_secure ### Adding a new setting +The following command adds a new keystore setting: + ```bash ./bin/opensearch-keystore add plugins.security.ssl.http.pemkey_password_secure ``` {% include copy.html %} -**Response** - After this command, you will be prompted to enter the secret key securely. ### Removing a setting -**Command** +The following command removes a keystore setting: ```bash ./bin/opensearch-keystore remove plugins.security.ssl.http.pemkey_password_secure ``` {% include copy.html %} -**Response** - No response exists for this command. To confirm that the setting was deleted, use `opensearch-keystore list`. ## KeyStore entries as OpenSearch settings From 11ae315affae50ae33cd69ff2427e148e075a04c Mon Sep 17 00:00:00 2001 From: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> Date: Thu, 4 Apr 2024 08:39:52 -0500 Subject: [PATCH 4/4] Apply suggestions from code review Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> --- _security/configuration/opensearch-keystore.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/configuration/opensearch-keystore.md b/_security/configuration/opensearch-keystore.md index 06494dcefb..3c78c9a8e3 100644 --- a/_security/configuration/opensearch-keystore.md +++ b/_security/configuration/opensearch-keystore.md @@ -48,7 +48,7 @@ The following examples provide the basic syntax for common `opensearch-keystore` ### Creating a new keystore -The following command creates a new OpenSearch Keystore: +The following command creates a new keystore: ```bash ./bin/opensearch-keystore create