Security configuration
The plugin includes demo certificates so that you can get up and running quickly. To use OpenSearch in a production environment, you must configure it manually:
- Replace the demo certificates.
- Reconfigure
opensearch.yml
to use your certificates. - Reconfigure
config.yml
to use your authentication backend (if you don’t plan to use the internal user database). - Modify the configuration YAML files.
- If you plan to use the internal user database, set a password policy in
opensearch.yml
. - Apply changes using the
securityadmin
script. - Start OpenSearch.
- Add users, roles, role mappings, and tenants.
If you don’t want to use the plugin, see Disable security.
The Security plugin has several default users, roles, action groups, permissions, and settings for OpenSearch Dashboards that use kibana in their names. We will change these names in a future release.
For a full list of opensearch.yml
Security plugin settings, Security plugin settings, see Security settings.