The elasticsearch-setup-passwords command sets the passwords for the built-in users.


bin/elasticsearch-setup-passwords auto|interactive
[-b, --batch] [-h, --help] [-E <KeyValuePair>]
[-s, --silent] [-u, --url "<URL>"] [-v, --verbose]


This command is intended for use only during the initial configuration of the Elasticsearch security features. It uses the elastic bootstrap password to run user management API requests. If your Elasticsearch keystore is password protected, before you can set the passwords for the built-in users, you must enter the keystore password. After you set a password for the elastic user, the bootstrap password is no longer active and you cannot use this command. Instead, you can change passwords by using the Management > Users UI in Kibana or the Change Password API.

This command uses an HTTP connection to connect to the cluster and run the user management requests. If your cluster uses TLS/SSL on the HTTP layer, the command automatically attempts to establish the connection by using the HTTPS protocol. It configures the connection by using the xpack.security.http.ssl settings in the elasticsearch.yml file. If you do not use the default config directory location, ensure that the ES_PATH_CONF environment variable returns the correct path before you run the elasticsearch-setup-passwords command. You can override settings in your elasticsearch.yml file by using the -E command option. For more information about debugging connection failures, see Setup-passwords command fails due to connection failure.


Outputs randomly-generated passwords to the console.
-b, --batch
If enabled, runs the change password process without prompting the user.
-E <KeyValuePair>
Configures a standard Elasticsearch or X-Pack setting.
-h, --help
Shows help information.
Prompts you to manually enter passwords.
-s, --silent
Shows minimal output.
-u, --url "<URL>"
Specifies the URL that the tool uses to submit the user management API requests. The default value is determined from the settings in your elasticsearch.yml file. If xpack.security.http.ssl.enabled is set to true, you must specify an HTTPS URL.
-v, --verbose
Shows verbose output.


The following example uses the -u parameter to tell the tool where to submit its user management API requests:

bin/elasticsearch-setup-passwords auto -u "http://localhost:9201"