API Keys and Audit Logging
Secure programmatic access with scoped API keys instead of passwords, and prove who did what by enabling and reading the Elasticsearch audit log.
Beyond Passwords
Applications should not authenticate with a human's username and password. Elasticsearch provides API keys: scoped, revocable credentials ideal for services. Pair them with audit logging to track every security-relevant action.
What Is an API Key
An API key is a credential tied to a set of permissions, with an optional expiration. It can be limited to a subset of the creating user's privileges, following the principle of least privilege.
All lessons in this course
- User Authentication and Roles
- Field and Document Level Security
- TLS/SSL and Network Security
- API Keys and Audit Logging