is Security free in Elastic search Stack Features?

Sathish picture Sathish · Nov 8, 2018 · Viewed 7k times · Source

we are building an opensource application which needs elasticsearch security feature. i am trying to find if the security feature is free for elastic search. elastic search website says Xpack is open now. Not sure if it is really opensource.

Could someone please share your experience?

Answer

Val picture Val · Nov 8, 2018

This blog post explained some of the reasons why Elastic "opened" their XPack code. "Open" here simply means that they merged their private XPack repositories into the open ones. One of the reasons that the blog post above doesn't mention is that this move was mostly motivated to facilitate tedious engineering tasks of having to keep all their product versions in synch. Anyway, the XPack code is now out in the open and visible for anyone to see, but it's not free as in "free beer".

As shown on the Elastic subscriptions page (see the red rectangle in the image below), XPack Security is only available starting with a Gold license.

Elastic Subscriptions

Another alternative is to use their Elastic Cloud which provides Security out of the box and allows you to pay a lower amount on a monthly basis.

If the price burden is too heavy for you, you might want to check out SearchGuard which is an alternative Security plugin for ES, which provides a free Community tier for basic security features.

enter image description here

UPDATE (March 11th, 2019):

Since today, Amazon has released a fully open-sourced version of Elasticsearch with a Security (and Alerting) plugin. More info at: https://opendistro.github.io/for-elasticsearch/

UPDATE (May 20th, 2019):

Since version 6.8.0 and 7.1.0, some features of XPack Security are now included into the BASIC license, and are thus free.

UPDATE (Sep 4th, 2019):

Elastic has filed a lawsuit against SearchGuard for IP infringements: https://www.elastic.co/blog/dear-search-guard-users

Details of the lawsuit: https://www.pacermonitor.com/public/case/29887799/Elasticsearch,_Inc_et_al_v_Floragunn_GmBH

This impacts both SearchGuard users AND OpenDistro users since the latter repackage the SearchGuard plugin.