The security of Elasticsearch Add-On for Heroku is described on the Elastic Cloud security page. In addition to the security provided by Elastic Cloud, you can take the following steps to secure your deployments:
Prevent unauthorized access with password protection and role-based access control:
- Use third-party authentication providers and services like SAML, OpenID Connect, or Kerberos to provide dynamic role mappings for role based or attribute based access control.
- Use Kibana Spaces and roles to secure access to Kibana.
- Authorize and authenticate service accounts for Beats by granting access using API keys.
- Roles can provide full, or read only, access to your data and can be created in Kibana or directly in Elasticsearch. Check defining roles for full details.
- Reset the
- Block unwanted traffic with traffic filter.
- Secure your settings with the Elasticsearch keystore.
In addition, we also enable encryption at rest (EAR) by default. Elasticsearch Add-On for Heroku supports EAR for both the data stored in your clusters and the snapshots we take for backup, on all cloud platforms and across all regions.