Module org.elasticsearch.server
Class LocallyMountedSecrets
java.lang.Object
org.elasticsearch.common.settings.LocallyMountedSecrets
- All Implemented Interfaces:
Closeable
,AutoCloseable
,Writeable
,SecureSettings
An implementation of
SecureSettings
which loads the secrets from
externally mounted local directory. It looks for the folder called 'secrets'
under the config directory. All secure settings should be supplied in a single
file called 'secrets.json' which sits inside the 'secrets' directory.
If the 'secrets' directory or the 'secrets.json' file don't exist, the SecureSettings implementation is loaded with empty settings map.
Example secrets.json format: { "metadata": { "version": "1", "compatibility": "8.7.0" }, "secrets": { "secure.setting.key.one": "aaa", "secure.setting.key.two": "bbb" } }
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.elasticsearch.common.io.stream.Writeable
Writeable.Reader<V>, Writeable.Writer<V>
-
Field Summary
Modifier and TypeFieldDescriptionstatic final ParseField
static final String
static final ParseField
static final String
-
Constructor Summary
ConstructorDescriptionUsed byServerArgs
to deserialize the secrets when they are received by the Elasticsearch process.LocallyMountedSecrets
(Environment environment) Direct constructor to be used by the CLI -
Method Summary
Modifier and TypeMethodDescriptionvoid
close()
Return a file setting.Returns the names of all secure settings available.byte[]
getSHA256Digest
(String setting) Return a string setting.boolean
isLoaded()
Returns true iff the settings are loaded and retrievable.static Path
resolveSecretsDir
(Environment environment) Resolve a secrets directory path given an environmentstatic Path
resolveSecretsFile
(Environment environment) Resolve a secure settings file path given an environmentvoid
writeTo
(StreamOutput out) Write this into the StreamOutput.
-
Field Details
-
SECRETS_FILE_NAME
- See Also:
-
SECRETS_DIRECTORY
- See Also:
-
SECRETS_FIELD
-
METADATA_FIELD
-
-
Constructor Details
-
LocallyMountedSecrets
Direct constructor to be used by the CLI -
LocallyMountedSecrets
Used byServerArgs
to deserialize the secrets when they are received by the Elasticsearch process. The ServerCli code serializes the secrets as part of ServerArgs.- Throws:
IOException
-
-
Method Details
-
resolveSecretsDir
Resolve a secrets directory path given an environment- Parameters:
environment
- Elasticsearch environment- Returns:
- Secrets directory within an Elasticsearch environment
-
resolveSecretsFile
Resolve a secure settings file path given an environment- Parameters:
environment
- Elasticsearch environment- Returns:
- Secure settings file within an Elasticsearch environment
-
writeTo
Description copied from interface:Writeable
Write this into the StreamOutput.- Specified by:
writeTo
in interfaceWriteable
- Throws:
IOException
-
isLoaded
public boolean isLoaded()Description copied from interface:SecureSettings
Returns true iff the settings are loaded and retrievable.- Specified by:
isLoaded
in interfaceSecureSettings
-
getSettingNames
Description copied from interface:SecureSettings
Returns the names of all secure settings available.- Specified by:
getSettingNames
in interfaceSecureSettings
-
getString
Description copied from interface:SecureSettings
Return a string setting. TheSecureString
should be closed once it is used.- Specified by:
getString
in interfaceSecureSettings
-
getFile
Description copied from interface:SecureSettings
Return a file setting. TheInputStream
should be closed once it is used.- Specified by:
getFile
in interfaceSecureSettings
- Throws:
GeneralSecurityException
-
getSHA256Digest
- Specified by:
getSHA256Digest
in interfaceSecureSettings
- Throws:
GeneralSecurityException
-
close
- Specified by:
close
in interfaceAutoCloseable
- Specified by:
close
in interfaceCloseable
- Specified by:
close
in interfaceSecureSettings
- Throws:
IOException
-