2

We initialize the RestHighLevelClient with username-password only at our api startup (spring-boot app)

There is a small chance that the password can be changed/resetted externally (maybe by mistake of a human) later while our api is still running.

My question is, does the Elastic connection still stays active after initialization even the password changes later? Maybe it's only checked one time? And if not, what is an elegant way to update this password at runtime (via Elastic API), without needing to destroy and re-initiliaze all our beans with new password?

Note: I also see that RestHighLevelClient is deprecated, We can also make it a priority to migrate to the newer version if there is a solution for this

Improve this question

1 Answer 1

Reset to default
3
+50

The RestClient or any other client communicating over HTTP will authenticate each calls via the Basic authentication header. No authentication state is kept between calls, which means that if the password changes while your application is running, you'll need some way to update the password in your application code (probably via restarting the application).

That someone else could change the password sounds weird, though. I would strongly suggest to use another authentication mechanism (tokens or API keys) that are proper to your application. You'd be way better off.

Improve this answer
0

Not the answer you're looking for? Browse other questions tagged or ask your own question.