Version: SG FLX

Search Guard configuration overview

Most configuration settings for Search Guard - including users, roles and permissions - are stored as documents in the Search Guard configuration index and can be manipulated only using the sgctl tool, API or the Search Guard Configuration UI.

This index is secured so that only an admin user with an admin TLS certificate may write or read this index. Admin certificates are configured in elasticsearch.yml.

Keeping the configuration settings in an Elasticsearch index enables hot config reloading. This means that you can change any of the user, role and permission or authentication settings at runtime, without restarting your nodes. Configuration changes will take effect immediately.

You can load and change the settings from any machine which has access to your Elasticsearch cluster. You do not need to keep any configuration files on the nodes.

The core configuration consists of the following files:

If you are running Kibana you might also need the following configuration:

For special features or configuration, you have also the following files:

  • sg_authz.yml: authorization-specific settings
  • sg_auth_token_service.yml: API auth token service
  • sg_blocks.yml: defines blocked users and IP addresses

Configuration settings are applied by pushing the content of one or more configuration files to the Search Guard secured cluster by using the sgctl tool. For details, refer to the sgctl docs.

Not what you were looking for? Try the search.