9
votes

we are building an opensource application which needs elasticsearch security feature. i am trying to find if the security feature is free for elastic search. elastic search website says Xpack is open now. Not sure if it is really opensource.

Could someone please share your experience?

3
elasticsearch has one of the most confusing license agreements (not clear easily what is free, what is Open, what is open but not free and on top of it some settings are "default", but not free...)senseiwu

3 Answers

23
votes

This blog post explained some of the reasons why Elastic "opened" their XPack code. "Open" here simply means that they merged their private XPack repositories into the open ones. One of the reasons that the blog post above doesn't mention is that this move was mostly motivated to facilitate tedious engineering tasks of having to keep all their product versions in synch. Anyway, the XPack code is now out in the open and visible for anyone to see, but it's not free as in "free beer".

As shown on the Elastic subscriptions page (see the red rectangle in the image below), XPack Security is only available starting with a Gold license.

Elastic Subscriptions

Another alternative is to use their Elastic Cloud which provides Security out of the box and allows you to pay a lower amount on a monthly basis.

If the price burden is too heavy for you, you might want to check out SearchGuard which is an alternative Security plugin for ES, which provides a free Community tier for basic security features.

enter image description here

UPDATE (March 11th, 2019):

Since today, Amazon has released a fully open-sourced version of Elasticsearch with a Security (and Alerting) plugin. More info at: https://opendistro.github.io/for-elasticsearch/

UPDATE (May 20th, 2019):

Since version 6.8.0 and 7.1.0, some features of XPack Security are now included into the BASIC license, and are thus free.

UPDATE (Sep 4th, 2019):

Elastic has filed a lawsuit against SearchGuard for IP infringements: https://www.elastic.co/blog/dear-search-guard-users

Details of the lawsuit: https://www.pacermonitor.com/public/case/29887799/Elasticsearch,_Inc_et_al_v_Floragunn_GmBH

This impacts both SearchGuard users AND OpenDistro users since the latter repackage the SearchGuard plugin.

1
votes

I run a widely used OSS project that implements a ton of enterprise grade Elasticsearch security features (included the ones in SearchGuard you'd need to pay for).

github.com/sscarduzio/elasticsearch-readonlyrest-plugin

We also have a forum: forum.readonlyrest.com

I hope this helps.

0
votes

In short, no.

According to We’re Opening X-Pack | Elastic, features that were not free remain paid.

If the code of X-Pack is open, does that mean it's all free?

No. Many features in X-Pack are free, such as monitoring, tile maps, Grok Debugger, and Search Profiler. Some features in X-Pack are paid, and require a license that comes with a Gold or Platinum subscription.