Set passwords for native and built-in users in self-managed clusters
Self Managed
After you implement security, you might need or want to change passwords for different users. If you want to reset a password for a built-in user such as the elastic or kibana_system users, or a user in the native realm, you can use the following tools:
- The Manage users UI in Kibana
- The
elasticsearch-reset-passwordtool - The change passwords API
This topic describes resetting passwords after the initial bootstrap password is reset. To learn about the users that are used to communicate between Elastic Stack components, and about managing bootstrap passwords for built-in users, refer to Built-in users in self-managed clusters.
Elastic enables you to easily manage users in Kibana on the Stack Management > Security > Users page. From this page, you can create users, edit users, assign roles to users, and change user passwords. You can also deactivate or delete existing users.
For example, the following command changes the password for a user with the username user1 to an auto-generated value, and prints the new password to the terminal:
bin/elasticsearch-reset-password -u user1
To explicitly set a password for a user, include the -i parameter with the intended password.
bin/elasticsearch-reset-password -u user1 -i <password>
If you’re working in Kibana or don’t have command-line access, you can use the change passwords API to change a user’s password:
POST /_security/user/user1/_password {
"password" : "new-test-password"
}
You can manage users through the Elasticsearch user API.
For example, you can change a user's password:
POST /_security/user/user1/_password {
"password" : "new-test-password"
}
For more information and examples, see Users.