Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add documentation for setting the OpenSearch keystore password #6795

Merged
merged 5 commits into from
Apr 4, 2024
Merged

Add documentation for setting the OpenSearch keystore password #6795

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
42a8d7f
Add documentation for setting the OpenSearch keystore password
cwperks Mar 27, 2024
543f6ff
Verb tense
cwperks Mar 27, 2024
0215b70
Update opensearch-keystore.md
Naarcha-AWS Apr 3, 2024
11ae315
Apply suggestions from code review
Naarcha-AWS Apr 4, 2024
2d63594
Merge branch 'main' into keystore-password
Naarcha-AWS Apr 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 27 additions & 11 deletions _security/configuration/opensearch-keystore.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,34 +48,52 @@ The following examples provide the basic syntax for common `opensearch-keystore`

### Creating a new keystore

**Command**
The following command creates a new keystore:

```bash
./bin/opensearch-keystore create
```
{% include copy.html %}

If a keystore already exists, the script will ask whether you would like to overwrite the existing keystore.

**Response**

The script responds with a confirmation that the keystore was created:

```bash
Created opensearch keystore in $OPENSEARCH_HOME/config/opensearch.keystore
```

### Setting a keystore password

The following command sets a new keystore password:

```bash
./bin/opensearch-keystore passwd
```
{% include copy.html %}

If a keystore password already exists, the script will ask for the current keystore password before you can reset the password.

**Response**

The script responds with a confirmation that the keystore password was set successfully:

```bash
OpenSearch keystore password changed successfully.
```

When starting OpenSearch you will be prompted to enter the keystore password. Alternatively, you can set the environment variable KEYSTORE_PASSWORD to avoid being prompted for password on startup.
{: .note}

### Listing settings in the keystore

**Command**
The following commands list all setting currently in the keystore:

```bash
./bin/opensearch-keystore list
```
{% include copy.html %}

**Response**

The script responds with a list of settings in the keystore:

```bash
Expand All @@ -85,26 +103,24 @@ plugins.security.ssl.http.pemkey_password_secure

### Adding a new setting

The following command adds a new keystore setting:

```bash
./bin/opensearch-keystore add plugins.security.ssl.http.pemkey_password_secure
```
{% include copy.html %}

**Response**

After this command, you will be prompted to enter the secret key securely.

### Removing a setting

**Command**
The following command removes a keystore setting:

```bash
./bin/opensearch-keystore remove plugins.security.ssl.http.pemkey_password_secure
```
{% include copy.html %}

**Response**

No response exists for this command. To confirm that the setting was deleted, use `opensearch-keystore list`.

## KeyStore entries as OpenSearch settings
Expand Down
Loading