Security for Elasticsearch
Protect your Data with Shield
With the rapid adoption of Elasticsearch, it is easier than ever to store, search, and analyze your data. Shield allows you to easily protect this data with a username and password, while simplifying your architecture. Advanced security features like encryption, role-based access control, IP filtering, and auditing are also available when you need them.
Your data is increasingly your most valuable asset. Password protect it with Shield.
Get Product Updates
Shield now provides security for the entire Elastic Stack by including a Kibana plugin that features a login screen and session support. Notable recent features also include a configuration API, field- and document-level security, and an extensible realm framework enabling custom integrations. Learn more.
Authentication: Protect Elasticsearch with a Username and Password
Your data is the lifeblood of your business; protecting it from unintentional modification or unauthorized access is a priority. Shield makes it easy to password protect your Elasticsearch cluster. Active Directory and LDAP support is included.
Login and Session Management in Kibana
Shield contains a Kibana plugin that provides user authentication and session support, making it easier than ever to fully protect Kibana.
Simplify Your Architecture with Integrated Protection
Avoid building, maintaining, and testing an external security solution. Shield is tightly integrated with Elasticsearch, verifying every request and offering the best performance without sacrificing security. Your time should be spent building your application or analyzing your data, not worrying about security.
Role-Based Access Control: Give the Right Access to the Right People
Shield lets you configure who can do what within your Elasticsearch cluster. Create a monitoring account for the IT/Operations team, which can see cluster health, but cannot access any data. Grant read-only access to your Kibana users, or even support multitenancy by granting access only to specific indexes.
Field- and Document-Level Security
Get granular with your role-based access control in Elasticsearch. Shield lets you restrict access to individual fields in Elasticsearch and prevents users accessing to sensitive documents with true document-level security.
Encrypted Communications & IP Filtering: Protect Your Data on the Wire
SSL/TLS encryption is the best way to protect your data in flight. Shield makes it easy to prevent snooping or tampering by encrypting both node-to-node and client communications. Shield also allows you to prevent unapproved hosts from joining or communicating with your cluster using IP filtering.
Audit Logging: Track All Attempts to Access Elasticsearch
Shield helps you meet and exceed a variety of security regulations and requirements. Whether it’s HIPAA, PCI DSS, FISMA, ISO, or your internal policies, Shield has you covered with a complete record of all system and user activity.