Elasticsearchquery~30 mins

Why security protects sensitive data in Elasticsearch - See It in Action

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Why Security Protects Sensitive Data in Elasticsearch

📖 Scenario: You work for a company that stores customer information in Elasticsearch. Some data is sensitive, like passwords and credit card numbers. You want to protect this sensitive data from unauthorized access.

🎯 Goal: Build a simple Elasticsearch setup that shows how to secure sensitive data by enabling security features and restricting access.

📋 What You'll Learn

Create an Elasticsearch index with sample customer data including sensitive fields

Add a configuration variable to enable security features

Apply a role-based access control rule to restrict access to sensitive fields

Output the result of a query showing only allowed fields

💡 Why This Matters

🌍 Real World

Companies store sensitive customer data in Elasticsearch and must protect it from unauthorized access to comply with privacy laws and maintain trust.

💼 Career

Understanding Elasticsearch security is important for roles like DevOps engineers, backend developers, and security specialists who manage data storage and access.

Progress0 / 4 steps

Create an Elasticsearch index with sample customer data

Create an index called customers with these exact documents: {"name": "Alice", "email": "alice@example.com", "password": "alice123"} and {"name": "Bob", "email": "bob@example.com", "password": "bob123"}.

Elasticsearch

# Create the customers index with two documents
# Your code here

Need a hint?

Use the PUT method to add documents to the customers index with the exact fields and values.

Enable security features in Elasticsearch configuration

Add a configuration setting called xpack.security.enabled and set it to true to enable security features.

Elasticsearch

PUT /customers/_doc/1
{
  "name": "Alice",
  "email": "alice@example.com",
  "password": "alice123"
}

PUT /customers/_doc/2
{
  "name": "Bob",
  "email": "bob@example.com",
  "password": "bob123"
}

# Enable security features below
# Your code here

Need a hint?

Use the PUT /_cluster/settings API to set xpack.security.enabled to true.

Create a role to restrict access to sensitive fields

Create a role called read_customers that allows reading the customers index but excludes the password field from search results.

Elasticsearch

PUT /customers/_doc/1
{
  "name": "Alice",
  "email": "alice@example.com",
  "password": "alice123"
}

PUT /customers/_doc/2
{
  "name": "Bob",
  "email": "bob@example.com",
  "password": "bob123"
}

PUT /_cluster/settings
{
  "persistent": {
    "xpack.security.enabled": true
  }
}

# Create the read_customers role below
# Your code here

Need a hint?

Use the POST /_security/role/read_customers API to create a role that grants read access to name and email fields only.

Query the customers index showing only allowed fields

Write a search query on the customers index that returns documents but excludes the password field from the results.

Elasticsearch

PUT /customers/_doc/1
{
  "name": "Alice",
  "email": "alice@example.com",
  "password": "alice123"
}

PUT /customers/_doc/2
{
  "name": "Bob",
  "email": "bob@example.com",
  "password": "bob123"
}

PUT /_cluster/settings
{
  "persistent": {
    "xpack.security.enabled": true
  }
}

POST /_security/role/read_customers
{
  "indices": [
    {
      "names": ["customers"],
      "privileges": ["read"],
      "field_security": {
        "grant": ["name", "email"]
      }
    }
  ]
}

# Write a search query excluding the password field
# Your code here

Need a hint?

Use the _source parameter in the search query to include only name and email fields.