From e6f304b599bcbfe706ff2f0682c67cfa155055bd Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Thu, 4 Apr 2024 13:47:15 +0000 Subject: [PATCH] Add documentation for setting the OpenSearch keystore password (#6795) * Add documentation for setting the OpenSearch keystore password Signed-off-by: Craig Perkins * Verb tense Signed-off-by: Craig Perkins * Update opensearch-keystore.md * Apply suggestions from code review Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> --------- Signed-off-by: Craig Perkins Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> (cherry picked from commit cc3c11f4020e508fecf60c020107c509a906d06a) Signed-off-by: github-actions[bot] --- .../configuration/opensearch-keystore.md | 38 +++++++++++++------ 1 file changed, 27 insertions(+), 11 deletions(-) diff --git a/_security/configuration/opensearch-keystore.md b/_security/configuration/opensearch-keystore.md index 8a6f3357df..3c78c9a8e3 100644 --- a/_security/configuration/opensearch-keystore.md +++ b/_security/configuration/opensearch-keystore.md @@ -48,7 +48,7 @@ The following examples provide the basic syntax for common `opensearch-keystore` ### Creating a new keystore -**Command** +The following command creates a new keystore: ```bash ./bin/opensearch-keystore create @@ -56,8 +56,6 @@ The following examples provide the basic syntax for common `opensearch-keystore` {% include copy.html %} If a keystore already exists, the script will ask whether you would like to overwrite the existing keystore. - -**Response** The script responds with a confirmation that the keystore was created: @@ -65,17 +63,37 @@ The script responds with a confirmation that the keystore was created: Created opensearch keystore in $OPENSEARCH_HOME/config/opensearch.keystore ``` +### Setting a keystore password + +The following command sets a new keystore password: + +```bash +./bin/opensearch-keystore passwd +``` +{% include copy.html %} + +If a keystore password already exists, the script will ask for the current keystore password before you can reset the password. + +**Response** + +The script responds with a confirmation that the keystore password was set successfully: + +```bash +OpenSearch keystore password changed successfully. +``` + +When starting OpenSearch you will be prompted to enter the keystore password. Alternatively, you can set the environment variable KEYSTORE_PASSWORD to avoid being prompted for password on startup. +{: .note} + ### Listing settings in the keystore -**Command** +The following commands list all setting currently in the keystore: ```bash ./bin/opensearch-keystore list ``` {% include copy.html %} -**Response** - The script responds with a list of settings in the keystore: ```bash @@ -85,26 +103,24 @@ plugins.security.ssl.http.pemkey_password_secure ### Adding a new setting +The following command adds a new keystore setting: + ```bash ./bin/opensearch-keystore add plugins.security.ssl.http.pemkey_password_secure ``` {% include copy.html %} -**Response** - After this command, you will be prompted to enter the secret key securely. ### Removing a setting -**Command** +The following command removes a keystore setting: ```bash ./bin/opensearch-keystore remove plugins.security.ssl.http.pemkey_password_secure ``` {% include copy.html %} -**Response** - No response exists for this command. To confirm that the setting was deleted, use `opensearch-keystore list`. ## KeyStore entries as OpenSearch settings