OpenSearch

Choose an authentication method

OpenSearch deployments expose credentials in different formats. In Traversal, choose the option that matches the credential your OpenSearch administrator gives you.

Username and password
API key
API key with ID
Bearer token

In OpenSearch Dashboards, create or choose a read-only role that can query the indices Traversal should access, then create a user and assign that role.

Use this option only if your OpenSearch cluster already accepts Authorization: Bearer <token> headers, typically through JWT authentication.Ask your OpenSearch administrator or identity team to issue a token for a user or service principal that has read access to the target indices. The token must be signed by an issuer your cluster trusts, and its subject or role claims must map to permissions OpenSearch recognizes.Before saving the integration, test the token with a simple read request:

curl -H "Authorization: Bearer $TOKEN" https://opensearch.example.com:9200/_cluster/health

OpenSearch On-Behalf-Of tokens are short-lived, so they are usually not a good fit for a saved integration unless you rotate them automatically.

Get Started

Set up

Using Traversal

Setup

Security & Trust

What Traversal reads

Setup

More information

Get Started

Set up

Using Traversal

Setup

Security & Trust

​What Traversal reads

​Setup

​More information

What Traversal reads

Setup

More information