Securing API Gateway Data Store

searchguard.ssl.transport.keystore_type: JKS
searchguard.ssl.transport.keystore_filepath: ../sagconfig/node-0-keystore.jks
searchguard.ssl.transport.keystore_alias: cn=node-0
searchguard.ssl.transport.keystore_password: a362fbcce236eb098973
searchguard.ssl.transport.truststore_type: JKS
searchguard.ssl.transport.truststore_filepath: ../sagconfig/truststore.jks
searchguard.ssl.transport.truststore_alias: root-ca-chain
searchguard.ssl.transport.truststore_password: 2c0820e69e7dd5356576
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.transport.resolve_hostname: false
searchguard.ssl.transport.enable_openssl_if_available: true

searchguard.ssl.http.enabled: false
searchguard.ssl.http.keystore_type: JKS
searchguard.ssl.http.keystore_filepath: ../sagconfig/node-0-keystore.jks
searchguard.ssl.http.keystore_alias: cn=node-0
searchguard.ssl.http.keystore_password: a362fbcce236eb098973
searchguard.ssl.http.truststore_type: JKS
searchguard.ssl.http.truststore_filepath: ../sagconfig/truststore.jks
searchguard.ssl.http.truststore_alias: root-ca-chain
searchguard.ssl.http.truststore_password: 2c0820e69e7dd5356576
searchguard.ssl.http.clientauth_mode: OPTIONAL

searchguard.authcz.admin_dn:
- "CN=sgadmin"

sgadmin.sh -cd ../../../sagconfig/ -ks
../../../sagconfig/sgadmin-keystore.jks -kspass 49fc2492ebbcfa7cfc5e -ts
../../../sagconfig/truststore.jks -tspass 2c0820e69e7dd5356576 -nhnv -p 9340
-cn SAG_InternalDataStore

sagcc exec templates composite import -i properties.yaml

sagcc exec templates composite apply sag-apigw-datastore-properties nodes=local

alias: sag-apigw-datastore-properties
description: API Gateway Data Store Properties

layers:
runtime:
templates:
- apigw-datastore-properties

templates:
apigw-datastore-properties:
products:
CEL:
default:
configuration:
CEL:
CUSTOM-PROPERTIES:
CUSTOM-PROPERTIES-default: |
---
searchguard.ssl.transport.enforce_hostname_verification: false
path.logs: "C:\\sag\\cc\\InternalDataStore/newlogs"
path.repo:
- "C:\\sag\\cc\\InternalDataStore/archives"
searchguard.ssl.http.clientauth_mode: "OPTIONAL"
searchguard.check_snapshot_restore_write_privileges: true
cluster.initial_master_nodes:
- "nodename"
searchguard.ssl.transport.resolve_hostname: false
searchguard.restapi.roles_enabled:
- "SGS_ALL_ACCESS"
searchguard.enable_snapshot_restore_privilege: true
searchguard.ssl.transport.enable_openssl_if_available: true
searchguard.authcz.admin_dn:
- "CN=sgadmin"

provision:
default:
runtime: ${nodes}