The Shield security plugin uses the following files:
CONFIG_DIR/shield/roles.ymldefines the roles in use on the cluster (read more here).
CONFIG_DIR/shield/usersdefines the hashed passwords for users on the cluster (read more here).
CONFIG_DIR/shield/users_rolesdefines the role assignments for users on the cluster (read more here).
CONFIG_DIR/shield/role_mapping.ymldefines the role assignments for a Distinguished Name (DN) to a role. This allows for LDAP and Active Directory groups and users and PKI users to be mapped to roles (read more here).
CONFIG_DIR/shield/logging.ymlcontains audit information (read more here).
CONFIG_DIR/shield/system_keyholds a cluster secret key that’s used to authenticate messages during node to node communication. For more information, see Enabling Message Authentication.
Any files that Shield uses must be stored in the Elasticsearch configuration directory. Elasticsearch runs with restricted permissions and is only permitted to read from the locations configured in the directory layout for enhanced security.
Several of these files are in the YAML format. When you edit these files, be aware that YAML is indentation-level sensitive and indentation errors can lead to configuration errors. Avoid the tab character to set indentation levels, or use an editor that automatically expands tabs to spaces.
Be careful to properly escape YAML constructs such as
: or leading exclamation points within quoted strings. Using
> characters to define block literals instead of escaping the problematic characters can help avoid