habsi/elasticsearch-js
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
80817a00f9c804c8b2dd1e77600c82fb6f168641
elasticsearch-js/docs/authentication.asciidoc
Tomas Della Vedova 9a9057db9e ApiKey should take precedence over basic auth (#1115) 
* ApiKey should take precedence over basic auth

* Updated docs

* Updated test
2020-03-13 13:34:47 +01:00

132 lines
3.6 KiB
Plaintext
Raw Blame History

[[auth-reference]]
== Authentication
This document contains code snippets to show you how to connect to various {es}
providers.
=== Elastic Cloud
If you are using https://www.elastic.co/cloud[Elastic Cloud], the client offers
an easy way to connect to it via the `cloud` option. You must pass the Cloud ID
that you can find in the cloud console, then your username and password inside
the `auth` option.
NOTE: When connecting to Elastic Cloud, the client will automatically enable
both request and response compression by default, since it yields significant
throughput improvements. Moreover, the client will also set the ssl option
`secureProtocol` to `TLSv1_2_method` unless specified otherwise. You can still
override this option by configuring them.
IMPORTANT: Do not enable sniffing when using Elastic Cloud, since the nodes are
behind a load balancer, Elastic Cloud will take care of everything for you.
[source,js]
----
const { Client } = require('@elastic/elasticsearch')
const client = new Client({
cloud: {
id: 'name:bG9jYWxob3N0JGFiY2QkZWZnaA==',
},
auth: {
username: 'elastic',
password: 'changeme'
}
})
----
=== Basic authentication
You can provide your credentials by passing the `username` and `password`
parameters via the `auth` option.
NOTE: If you provide both basic authentication credentials and the Api Key configuration, the Api Key will take precedence.
[source,js]
----
const { Client } = require('@elastic/elasticsearch')
const client = new Client({
node: 'https://localhost:9200',
auth: {
username: 'elastic',
password: 'changeme'
}
})
----
Otherwise, you can provide your credentials in the node(s) URL.
[source,js]
----
const { Client } = require('@elastic/elasticsearch')
const client = new Client({
node: 'https://username:password@localhost:9200'
})
----
=== ApiKey authentication
You can use the
https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-create-api-key.html[ApiKey]
authentication by passing the `apiKey` parameter via the `auth` option. The
`apiKey` parameter can be either a base64 encoded string or an object with the
values that you can obtain from the
https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-create-api-key.html[create api key endpoint].
NOTE: If you provide both basic authentication credentials and the Api Key configuration, the Api Key will take precedence.
[source,js]
----
const { Client } = require('@elastic/elasticsearch')
const client = new Client({
node: 'https://localhost:9200',
auth: {
apiKey: 'base64EncodedKey'
}
})
----
[source,js]
----
const { Client } = require('@elastic/elasticsearch')
const client = new Client({
node: 'https://localhost:9200',
auth: {
apiKey: {
id: 'foo',
api_key: 'bar'
}
}
})
----
=== SSL configuration
Without any additional configuration you can specify `https://` node urls, but
the certificates used to sign these requests will not verified
(`rejectUnauthorized: false`). To turn on certificate verification, you must
specify an `ssl` object either in the top level config or in each host config
object and set `rejectUnauthorized: true`. The ssl config object can contain
many of the same configuration options that
https://nodejs.org/api/tls.html#tls_tls_connect_options_callback[tls.connect()]
accepts.
[source,js]
----
const { Client } = require('@elastic/elasticsearch')
const client = new Client({
node: 'http://localhost:9200',
auth: {
username: 'elastic',
password: 'changeme'
},
ssl: {
ca: fs.readFileSync('./cacert.pem'),
rejectUnauthorized: true
}
})
----
Reference in New Issue View Git Blame Copy Permalink