ReadonlyREST Free for Kibana

ReadonlyREST Free plugin is proprietary software, but is released for anyone to use for an indefinite amount of time, free of charge.


  • Local and LDAP based authentication/authorization
  • Read-only/Read-write users in Kibana
  • Hiding kibana apps for certain users (ReadonlyREST PRO needed)
  • Kibana UI tweaking with custom CSS/JS (ReadonlyREST PRO needed)
  • Multi-tenancy (ReadonlyREST Enterprise needed)
  • SAML/OIDC SSO Authentication/Authorization (ReadonlyREST Eterprise needed)
  • Security settings YAML editor, no need to reboot the cluser  (ReadonlyREST PRO needed)
  • SLA Support (ReadonlyREST Enterprise needed)

Why us? Fewer decisions more security

ReadonlyREST Free plugin for Elasticsearch is the solution with the simplest, yet most powerful and scalable, security model in the industry.
It works just like a firewall, using a single feature-rich access control list (ACL). This plugin covers TLS encryption (HTTPS), customizable audit logging, and internal or external authentication and authorization.

Trusted every day in production by

Credit Safe Logo

Key Features (FREE)

An Enduring Experience

Delivering fast, simple access control since 2013

Years before Elastic Shield or X-Pack, ReadonlyREST provided a fast track to Elasticsearch security.

Started as a “scratch your own itch” side project, ReadonlyRest evolved into a full bootstrapped company in 2016. Since then, our products and our business have been growing at a steady pace.

Github ReasonlyREST

Battle tested

In production for many years

ReadonlyREST plugins manage access control in the data centers of scientific institutions, Fortune 500 companies, and two Big-4 Silicon Valley companies.

We perform extensive unit and end-to-end testing based on the Docker framework testcontainers.


Product Details (FREE)


ReadonlyREST Free for Elasticsearch contains the following functionalities:

  • HTTPS: Layer for Elasticsearch REST API
  • ACL: HTTP Level (method, path, body, etc.)
  • ACL: Network Level (IP ranges, hostnames)
  • ACL: Elasticsearch level (action, indices)
  • Authentication: HTTP Basic Auth
  • Authentication: External site HTTP Basic Auth
  • Authentication: JWT
  • Authentication: LDAP Authentication connector
  • Authorization: Internal user groups
  • Authorization: External JSON Microservice
  • Authorization: LDAP Authorization connector


Download the ReadonlyREST Free plugin for Elasticsearch from our self-service download form now. You will receive the installation instructions in your email. For further examples and instructions, refer to the ReadonlyREST collaborative documentation project.


Detailed documentation about configuring and using each feature can be found in the ReadonlyREST collaborative documentation project.


The ReadonlyREST Free plugin for Elasticsearch, like all our products, will receive bug fixes and new functionality over time.


We have an active community of users in our forum. If you need commercial support, consider the Enterprise or Embed options.


ReadonlyREST for Elasticsearch is released under the GPLv3 license. For an explanation of what this means, please see the documentation.

Questions, comments, or concerns?Contact us

Create A product first!

Create a product first please!