- Enterprise Search Guide: other versions:
- Getting started
- Prerequisites
- Ingestion
- Web crawler
- Connectors
- Native connectors
- Connector clients
- Elastic connector framework
- Workplace Search connectors
- Using connectors
- Known issues
- Troubleshooting
- Document level security
- Logs
- Security
- Content syncs
- Sync rules
- Content extraction
- Reference: Azure Blob Storage
- Reference: Confluence
- Reference: Dropbox
- Reference: GitHub
- Reference: Gmail
- Reference: Google Cloud Storage
- Reference: Google Drive
- Reference: Jira
- Reference: Microsoft SQL
- Reference: MongoDB
- Reference: MySQL
- Reference: Network drive
- Reference: OneDrive
- Reference: Oracle
- Reference: PostgreSQL
- Reference: S3
- Reference: Salesforce
- Reference: ServiceNow
- Reference: SharePoint Online
- Reference: SharePoint Server
- Reference: Slack
- Ingestion APIs
- Ingest pipelines
- Document enrichment with ML
- ELSER text expansion
- Indices, engines, content sources
- Programming language clients
- Behavioral analytics
- Search UI
- App Search and Workplace Search
- Search Applications
- Enterprise Search server
- Run using Docker images
- Run using downloads (packages)
- Enterprise Search server known issues
- Troubleshooting
- Troubleshooting setup
- Monitoring
- Read-only mode
- Management APIs
- Monitoring APIs
- Read-only mode API
- Storage API
- Configuration
- Configuring encryption keys
- Configuring a mail service
- Configuring SSL/TLS
- Upgrading and migrating
- Upgrading self-managed deployments
- Upgrading from Enterprise Search 7.x
- Upgrading from Enterprise Search 7.11 and earlier
- Migrating from App Search on Elastic Cloud
- Migrating from App Search on Swiftype.com
- Migrating from self-managed App Search
- Logs and logging
- Known issues
- Troubleshooting
- Help, support, and feedback
- Release notes
- 8.10.4 release notes
- 8.10.3 release notes
- 8.10.2 release notes
- 8.10.1 release notes
- 8.10.0 release notes
- 8.9.2 release notes
- 8.9.1 release notes
- 8.9.0 release notes
- 8.8.2 release notes
- 8.8.1 release notes
- 8.8.0 release notes
- 8.7.1 release notes
- 8.7.0 release notes
- 8.6.2 release notes
- 8.6.1 release notes
- 8.6.0 release notes
- 8.5.3 release notes
- 8.5.2 release notes
- 8.5.1 release notes
- 8.5.0 release notes
- 8.4.3 release notes
- 8.4.2 release notes
- 8.4.1 release notes
- 8.4.0 release notes
- 8.3.3 release notes
- 8.3.2 release notes
- 8.3.1 release notes
- 8.3.0 release notes
- 8.2.3 release notes
- 8.2.2 release notes
- 8.2.1 release notes
- 8.2.0 release notes
- 8.1.3 release notes
- 8.1.2 release notes
- 8.1.1 release notes
- 8.1.0 release notes
- 8.0.1 release notes
- 8.0.0 release notes
- 8.0.0-rc2 release notes
- 8.0.0-rc1 release notes
- 8.0.0-beta1 release notes
- 8.0.0-alpha2 release notes
- 8.0.0-alpha1 release notes
Connectors security
editConnectors security
editThis document describes security considerations for native connectors and connector clients. For Workplace Search connectors, see the Workplace Search documentation.
Elastic Cloud deployments have strong security defaults. For example, data is encrypted by default, whether at rest or in transit.
Self-managed deployments require more upfront work to ensure strong security. Refer to Secure the Elastic Stack in the Elasticsearch documentation for more information.
Access to credentials
editCredentials for the data source — such as API keys or username/password pair— are stored in your deployment’s .elastic-connectors
Elasticsearch index.
Therefore, the credentials are visible to all Elastic users with the read
indices privilege for that index.
By default, the following Elastic users have this privilege: the elastic
superuser and the kibana_system
user.
Enterprise Search service account tokens can also read the .elastic-connectors
index.
Access to documents
editData synced from your data source are stored as documents in the Elasticsearch index you created.
This data is visible to all Elastic users with the read
indices privilege for that index.
Be careful to ensure that access to this index is at least as restrictive as access to the original data source.
Encryption
editElastic Cloud automatically encrypts data at rest.
Data in transit is automatically encrypted using https
.
Self-managed deployments must implement encryption at rest. See Configure security for the Elastic Stack in the Elasticsearch documentation for more information.