Module org.elasticsearch.server
Class LocallyMountedSecrets
java.lang.Object
org.elasticsearch.common.settings.LocallyMountedSecrets
- All Implemented Interfaces:
Closeable,AutoCloseable,Writeable,SecureSettings
An implementation of
SecureSettings which loads the secrets from
externally mounted local directory. It looks for the folder called 'secrets'
under the config directory. All secure settings should be supplied in a single
file called 'secrets.json' which sits inside the 'secrets' directory.
If the 'secrets' directory or the 'secrets.json' file don't exist, the SecureSettings implementation is loaded with empty settings map.
Example secrets.json format: { "metadata": { "version": "1", "compatibility": "8.7.0" }, "string_secrets": { "secure.setting.key.one": "aaa", "secure.setting.key.two": "bbb" } "file_secrets": { "secure.setting.key.three": "Y2Nj" } }
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.elasticsearch.common.io.stream.Writeable
Writeable.Reader<V>, Writeable.Writer<V> -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final ParseFieldstatic final ParseFieldstatic final Stringstatic final Stringstatic final ParseField -
Constructor Summary
ConstructorsConstructorDescriptionUsed byServerArgsto deserialize the secrets when they are received by the Elasticsearch process.LocallyMountedSecrets(Environment environment) Direct constructor to be used by the CLI -
Method Summary
Modifier and TypeMethodDescriptionvoidclose()Return a file setting.Returns the names of all secure settings available.byte[]getSHA256Digest(String setting) Return a string setting.longReturns version number from the secrets filebooleanisLoaded()Returns true iff the settings are loaded and retrievable.static PathresolveSecretsDir(Environment environment) Resolve a secrets directory path given an environmentstatic PathresolveSecretsFile(Environment environment) Resolve a secure settings file path given an environmentvoidwriteTo(StreamOutput out) Write this into the StreamOutput.
-
Field Details
-
SECRETS_FILE_NAME
- See Also:
-
SECRETS_DIRECTORY
- See Also:
-
STRING_SECRETS_FIELD
-
FILE_SECRETS_FIELD
-
METADATA_FIELD
-
-
Constructor Details
-
LocallyMountedSecrets
Direct constructor to be used by the CLI -
LocallyMountedSecrets
Used byServerArgsto deserialize the secrets when they are received by the Elasticsearch process. The ServerCli code serializes the secrets as part of ServerArgs.- Throws:
IOException
-
-
Method Details
-
resolveSecretsDir
Resolve a secrets directory path given an environment- Parameters:
environment- Elasticsearch environment- Returns:
- Secrets directory within an Elasticsearch environment
-
resolveSecretsFile
Resolve a secure settings file path given an environment- Parameters:
environment- Elasticsearch environment- Returns:
- Secure settings file within an Elasticsearch environment
-
writeTo
Description copied from interface:WriteableWrite this into the StreamOutput.- Specified by:
writeToin interfaceWriteable- Throws:
IOException
-
isLoaded
public boolean isLoaded()Description copied from interface:SecureSettingsReturns true iff the settings are loaded and retrievable.- Specified by:
isLoadedin interfaceSecureSettings
-
getSettingNames
Description copied from interface:SecureSettingsReturns the names of all secure settings available.- Specified by:
getSettingNamesin interfaceSecureSettings
-
getString
Description copied from interface:SecureSettingsReturn a string setting. TheSecureStringshould be closed once it is used.- Specified by:
getStringin interfaceSecureSettings
-
getFile
Description copied from interface:SecureSettingsReturn a file setting. TheInputStreamshould be closed once it is used.- Specified by:
getFilein interfaceSecureSettings- Throws:
GeneralSecurityException
-
getSHA256Digest
- Specified by:
getSHA256Digestin interfaceSecureSettings- Throws:
GeneralSecurityException
-
getVersion
public long getVersion()Returns version number from the secrets file -
close
- Specified by:
closein interfaceAutoCloseable- Specified by:
closein interfaceCloseable- Specified by:
closein interfaceSecureSettings- Throws:
IOException
-