elasticsearch-reset-password

Reset the password of the user to an auto-generated value and print it in the console

$ elasticsearch-reset-password [[-u|--username]] [user]

$ elasticsearch-reset-password [[-u|--username]] [user] [[-i|--interactive]]

$ elasticsearch-reset-password --url [host]:[port] [[-u|--username]] [user] [[-i|--interactive]]

elasticsearch-reset-password [-h] [--help] [-s] [--silent] [-i] [--interactive] [-x] [--execute] [-u USERNAME] [--user USERNAME] [usernames ...]

-h, --help
    Show help message and exit

-i, --interactive
    Prompt interactively for new password

-s, --silent
    Reset without confirmation prompt

-x, --execute
    Execute even if Elasticsearch unavailable

-u USERNAME, --user USERNAME
    Specify user(s) to reset (repeatable)

usernames
    Additional users to reset password for

The elasticsearch-reset-password command is a utility provided with Elasticsearch installations (version 7.13+ with security enabled, default in 8.0+). It securely resets the password for the built-in elastic superuser or other specified users. By default, it generates a cryptographically secure random password and outputs it to the console or a file.

Use it during initial setup after installation, when the bootstrap password is lost, or to rotate credentials. The command connects to the local Elasticsearch node via HTTP to update the password. It supports interactive mode for manual password entry, silent execution without confirmation, and operation even if the cluster is unavailable (for initial bootstrap).

Run it from the Elasticsearch bin directory as the elasticsearch user, ensuring the ES_PATH_CONF environment is set. It requires security features enabled in elasticsearch.yml. After reset, update any clients or Kibana with the new password.

This tool enhances security by avoiding weak default passwords and automating strong generation.

Requires security enabled; run as elasticsearch user from bin/; outputs password—store securely; cluster must be accessible unless -x used; not for remote nodes.

elasticsearch-reset-password # Auto-generates elastic password
elasticsearch-reset-password -i # Interactive prompt
elasticsearch-reset-password -u kibana_system -s # Silent reset for specific user

Prints new password to stdout; use > file.txt to save securely.

Introduced in Elasticsearch 7.13 for elastic password reset; became essential in 8.0 with default security enabled, replacing manual bootstrap password handling.

elasticsearch-create-enrollment-token(1), elasticsearch-certutil(1), passwd(1)