I'm trying to use Kuzzle with X-pack authentication enabled on Elasticsearch.
I've tried looking through the documentation of Kuzzle and I'm assuming the X-pack password should be stored in the secrets vault and the configuration should be set in the .kuzzlerc
file.
I'd love an explanation of how to setup this. 😊
To achieve an X-Pack authentication to Elasticsearch you have to pass the credentials to the ES client constructor.
The .kuzzlerc
file can not be used with value from the Vault and you may not want to expose clear credentials here.
The best way to modify the client configuration is to use app.config.set method to inject your custom configuration:
app.config.set('services.storageEngine.client', {
node: 'http://elasticsearch:9200',
auth: {
username: 'elastic',
password: 'password',
}
});
The content of this object will be directly passed to the Javascript ES client constructor.
Since Kuzzle 2.10.2 you can use a value from the Vault before application startup and thus use it in the configuration.
app.config.set('services.storageEngine.client', {
node: 'http://elasticsearch:9200',
auth: {
username: 'elastic',
password: app.vault.elasticsearch.password,
}
});