Module org.elasticsearch.server

Package org.elasticsearch.common.settings

Class LocallyMountedSecrets

java.lang.Object

org.elasticsearch.common.settings.LocallyMountedSecrets

All Implemented Interfaces:

Closeable, AutoCloseable, Writeable, SecureSettings

public class LocallyMountedSecrets
extends Object
implements SecureSettings

An implementation of SecureSettings which loads the secrets from externally mounted local directory. It looks for the folder called 'secrets' under the config directory. All secure settings should be supplied in a single file called 'secrets.json' which sits inside the 'secrets' directory.

If the 'secrets' directory or the 'secrets.json' file don't exist, the SecureSettings implementation is loaded with empty settings map.

Example secrets.json format: { "metadata": { "version": "1", "compatibility": "8.7.0" }, "secrets": { "secure.setting.key.one": "aaa", "secure.setting.key.two": "bbb" } }

Nested Class Summary

Nested classes/interfaces inherited from interface org.elasticsearch.common.io.stream.Writeable

Writeable.Reader<V>, Writeable.Writer<V>

Field Summary

Fields

Modifier and Type	Field	Description
static final ParseField	METADATA_FIELD
static final String	SECRETS_DIRECTORY
static final ParseField	SECRETS_FIELD
static final String	SECRETS_FILE_NAME

Constructor Summary

Constructors

Constructor	Description
LocallyMountedSecrets(StreamInput in)	Used by ServerArgs to deserialize the secrets when they are received by the Elasticsearch process.
LocallyMountedSecrets(Environment environment)	Direct constructor to be used by the CLI

Method Summary

Modifier and Type	Method	Description
void	close()
InputStream	getFile(String setting)	Return a file setting.
Set<String>	getSettingNames()	Returns the names of all secure settings available.
byte[]	getSHA256Digest(String setting)
SecureString	getString(String setting)	Return a string setting.
boolean	isLoaded()	Returns true iff the settings are loaded and retrievable.
static Path	resolveSecretsDir(Environment environment)	Resolve a secrets directory path given an environment
static Path	resolveSecretsFile(Environment environment)	Resolve a secure settings file path given an environment
void	writeTo(StreamOutput out)	Write this into the StreamOutput.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

SECRETS_FILE_NAME

public static final String SECRETS_FILE_NAME

See Also:

• Constant Field Values

SECRETS_DIRECTORY

public static final String SECRETS_DIRECTORY

See Also:

• Constant Field Values

SECRETS_FIELD

public static final ParseField SECRETS_FIELD

METADATA_FIELD

public static final ParseField METADATA_FIELD

Constructor Details

LocallyMountedSecrets

public LocallyMountedSecrets(Environment environment)

Direct constructor to be used by the CLI

LocallyMountedSecrets

public LocallyMountedSecrets(StreamInput in)
                      throws IOException

Used by ServerArgs to deserialize the secrets when they are received by the Elasticsearch process. The ServerCli code serializes the secrets as part of ServerArgs.

Throws:

IOException

Method Details

resolveSecretsDir

public static Path resolveSecretsDir(Environment environment)

Resolve a secrets directory path given an environment

Parameters:

environment - Elasticsearch environment

Returns:

Secrets directory within an Elasticsearch environment

resolveSecretsFile

public static Path resolveSecretsFile(Environment environment)

Resolve a secure settings file path given an environment

Parameters:

environment - Elasticsearch environment

Returns:

Secure settings file within an Elasticsearch environment

writeTo

public void writeTo(StreamOutput out)
             throws IOException

Description copied from interface: Writeable

Write this into the StreamOutput.

Specified by:

writeTo in interface Writeable

Throws:

IOException

isLoaded

public boolean isLoaded()

Description copied from interface: SecureSettings

Returns true iff the settings are loaded and retrievable.

Specified by:

isLoaded in interface SecureSettings

getSettingNames

public Set<String> getSettingNames()

Description copied from interface: SecureSettings

Returns the names of all secure settings available.

Specified by:

getSettingNames in interface SecureSettings

getString

public SecureString getString(String setting)

Description copied from interface: SecureSettings

Return a string setting. The SecureString should be closed once it is used.

Specified by:

getString in interface SecureSettings

getFile

public InputStream getFile(String setting)
                    throws GeneralSecurityException

Description copied from interface: SecureSettings

Return a file setting. The InputStream should be closed once it is used.

Specified by:

getFile in interface SecureSettings

Throws:

GeneralSecurityException

getSHA256Digest

public byte[] getSHA256Digest(String setting)
                       throws GeneralSecurityException

Specified by:

getSHA256Digest in interface SecureSettings

Throws:

GeneralSecurityException

close

public void close()
           throws IOException

Specified by:

close in interface AutoCloseable

Specified by:

close in interface Closeable

Specified by:

close in interface SecureSettings

Throws:

IOException