Press release

Security for Elasticsearch is Now Free

Sponsored by Businesswire

KubeCon and CloudNativeCon — Elastic N.V. (NYSE: ESTC), the
company behind Elasticsearch and the Elastic Stack announced that the
core security features of the Elastic Stack are now free. This means
that users can now encrypt network traffic, create and manage users,
define roles that protect index and cluster level access, and fully
secure Kibana with Spaces. This is an exciting next step for our
community. We opened
the code
of these features (and many more) last year and by making
them free today, everyone can now run a fully secure cluster,

Security is free, starting in versions 6.8.0 and 7.1.0

For a change this important, we wanted to make sure that it was
available to as many people as possible, so today we are releasing
versions 6.8.0 and 7.1.0 of the Elastic Stack. These versions do not
contain new features; they simply make the following core security
features free in the default distribution of the Elastic Stack:

  • TLS for encrypted communications
  • File and native realm for creating and managing users
  • Role-based access control for controlling user access to cluster APIs
    and indexes; also allows multi-tenancy for Kibana with security for
    Kibana Spaces

Previously, these core security features required a paid Gold
subscription. Now they are free as a part of the Basic tier. Note that
our advanced security features — from single sign-on and Active
Directory/LDAP authentication to field- and document-level security —
remain paid features. See
the full feature matrix for details

As always, these releases are available immediately on Elasticsearch
Service on Elastic Cloud
, the official hosted Elasticsearch.

But wait, there’s more … heya Kubernetes

We are announcing this change in conjunction with the announcement and
alpha release of Elastic Cloud on Kubernetes (ECK), the official
Kubernetes Operator for Elasticsearch and Kibana. ECK is designed to
automate and simplify how Elasticsearch is deployed and operated in

Security is an integral part of cluster operations, especially in shared
and multi-tenant environments like Kubernetes. By moving the core
security features into the default distribution of Elastic Stack, we can
ensure that all clusters launched and managed by ECK are secured by
default at creation time, without any additional burden on the admins.
This experience also lines up well with the secure-by-default experience
that users have always had on our Elasticsearch Service on Elastic Cloud.

Upgrade and get started

To get started, download
and install the latest version of the Elastic Stack
, or upgrade
clusters to either 6.8 or 7.1.

To simplify the getting started journey, we have some great material:

Or, accelerate learning and go deeper into Elasticsearch Security with
this new on-demand Fundamentals
of Securing Elasticsearch
course, which is available for free for a
limited time (regularly $200).

Learn More

About Elastic

Elastic is a search company. As the creators of the Elastic Stack
(Elasticsearch, Kibana, Beats, and Logstash), Elastic builds
self-managed and SaaS offerings that make data usable in real time and
at scale for use cases like application search, site search, enterprise
search, logging, APM, metrics, security, business analytics, and many

Elastic and associated marks are trademarks or registered
trademarks of Elastic N.V. and its subsidiaries. All other company and
product names may be trademarks of their respective owners.