elasticsearch-users

Manage file-based Elasticsearch users

TLDR

List users

$ elasticsearch-users list

Add a user

$ elasticsearch-users useradd [username] -p [password] -r [roles]

Delete a user

$ elasticsearch-users userdel [username]

Change password

$ elasticsearch-users passwd [username]

Add role to user

$ elasticsearch-users roles [username] -a [role]

Remove role from user

$ elasticsearch-users roles [username] -r [role]

SYNOPSIS

elasticsearch-users command [options]

elasticsearch-users manages file-based users for Elasticsearch's native realm. These users are stored locally in the node's configuration directory and don't require an external authentication system. The tool is part of the Elasticsearch security features.When listing users, only those registered on the local node are shown. In a multi-node cluster, file-based users must be managed on each node separately.

PARAMETERS

-p pass

User password (must be at least 6 characters). If omitted, prompts interactively.

-r roles

Comma-separated list of roles. With useradd, assigns roles. With roles, removes roles.

-a roles

Add comma-separated roles (used with roles subcommand).

SUBCOMMANDS

useradd

Add a user.

userdel

Delete a user.

passwd

Change password.

roles

Manage user roles.

list

List users.

CAVEATS

Users are stored in config/users and roles in config/users_roles. Changes apply only to the local node; synchronize these files across cluster nodes manually. Requires the X-Pack security features to be enabled.

HISTORY

elasticsearch-users ships with Elasticsearch's security features (originally part of the commercial X-Pack plugin, made free under the Basic license in Elasticsearch 6.8/7.1). It provides lightweight authentication without requiring LDAP, Active Directory, or other external realms.