Message authentication verifies that a message has not been tampered with or corrupted in transit.
To enable message authentication:
ES_HOMEwithout any options:
This creates a system key file in
ES_HOME/config/shield/system_key. You can customize this file’s location by changing the value of the
- Copy the genererated system key to the rest of the nodes in the cluster.
The system key is a symmetric key, so the same key must be on every node in the cluster.
Now that you’ve enabled message authentication, you might also want to Enable Auditing to keep track of attempted and successful interactions with your Elasticsearch cluster.