elasticsearch-setup-passwords
The elasticsearch-setup-passwords
command sets the passwords for the built-in users.
Synopsis
bin/elasticsearch-setup-passwords auto|interactive
[-b, --batch] [-h, --help] [-E <KeyValuePair>]
[-s, --silent] [-u, --url "<URL>"] [-v, --verbose]
Description
This command is intended for use only during the initial configuration of the Elasticsearch security features. It uses the elastic
bootstrap password to run user management API requests. If your Elasticsearch keystore is password protected, before you can set the passwords for the built-in users, you must enter the keystore password. After you set a password for the elastic
user, the bootstrap password is no longer active and you cannot use this command. Instead, you can change passwords by using the Management > Users UI in Kibana or the Change Password API.
This command uses an HTTP connection to connect to the cluster and run the user management requests. If your cluster uses TLS/SSL on the HTTP layer, the command automatically attempts to establish the connection by using the HTTPS protocol. It configures the connection by using the xpack.security.http.ssl
settings in the elasticsearch.yml
file. If you do not use the default config directory location, ensure that the ES_PATH_CONF environment variable returns the correct path before you run the elasticsearch-setup-passwords
command. You can override settings in your elasticsearch.yml
file by using the -E
command option. For more information about debugging connection failures, see Setup-passwords command fails due to connection failure.
Parameters
auto
Outputs randomly-generated passwords to the console.
-b, --batch
If enabled, runs the change password process without prompting the user.
-E <KeyValuePair>
Configures a standard Elasticsearch or X-Pack setting.
-h, --help
Shows help information.
interactive
Prompts you to manually enter passwords.
-s, --silent
Shows minimal output.
-u, --url "<URL>"
Specifies the URL that the tool uses to submit the user management API requests. The default value is determined from the settings in your elasticsearch.yml
file. If xpack.security.http.ssl.enabled
is set to true
, you must specify an HTTPS URL.
-v, --verbose
Shows verbose output.
Examples
The following example uses the -u
parameter to tell the tool where to submit its user management API requests:
bin/elasticsearch-setup-passwords auto -u "http://localhost:9201"