Version: Search Guard 5 / This is an older version of Search Guard. Switch to Latest version

REST management API

This module adds the capability of managing users, roles, roles mapping and action groups via a REST Api.

Installation

Download the REST management API enterprise module from Maven Central:

Maven central

and place it in the folder

  • <ES installation directory>/plugins/search-guard-2

or

  • <ES installation directory>/plugins/search-guard-5

if you are using Search Guard 5.

Choose the module version matching your Elasticsearch version, and download the jar with dependencies.

After that, restart all nodes to activate the module.

Prerequisites

The Search Guard index can only be accessed with an admin certificate. This is the same certificate that you use when executing sgadmin.

In order for Search Guard to pick up this certificate on the REST layer, you need to set the clientauth_mode in elasticsearch.yml to either OPTIONAL or REQUIRE:

searchguard.ssl.http.clientauth_mode: OPTIONAL

If you plan to use the REST API via a browser, you will need to install the admin certificate in your browser. This varies from browser to browser, so please refer to the documentation of your browser-of-choice to learn how to do that.

For curl, you need to specify the admin certificate with it’s complete certificate chain, and also the key:

curl --insecure --cert chain.pem --key kirk.key.pem "<API Endpoint>"

If you use the example PKI scripts provided by Search Guard SSL, the kirk.key.pem is already generated for you. You can generate the chain file by cating the certificate and the ca chain file:

cd search-guard-sll
cat example-pki-scripts/kirk.crt.pem example-pki-scripts/ca/chain-ca.pem > chain.pem