A solid, open source Elasticsearch security solution.

"Our largest shared cluster [...] consolidates about 17 different use cases on the same hardware, lowering the total cost."

— Ulrich Schwickerath
Physicist, IT department, CERN

An Enduring Experience

Since 2013 delivering fast, simple access control.

Years before Elastic Shield or X-Pack, ReadonlyREST provided a fast lane to Elasticsearch security.

Started as a "scratch your own itch" side project, evolved into a full bootstrapped company in 2016, the products and the business are growing at a steady and fast pace since then.

Battle tested

In production, since years

ReadonlyREST plugins manage access control in very large clusters, in the data centers of scientific institutions, Fortune 500, and two Big-4 silicon valley companies.

We have extensive unit and end-to-end testing based on the excellent docker framework testcontainers.

Product Details (Free)


ReadonlyREST Free for Elasticsearch contains the following functionalities:

  • HTTPS: layer for Elasticsearch REST API
  • ACL: HTTP Level (method, path, body, etc.)
  • ACL: Network Level(IP ranges, hostnames)
  • ACL: Elasticsearch level (action, indices)
  • Authentication: HTTP Basic Auth
  • Authentication: external site HTTP Basic Auth
  • Authentication: JWT
  • Authentication: LDAP Authentication connector
  • Authorization: Internal user groups
  • Authorization: external JSON Microservice
  • Authorization: LDAP Authorization connector


Detailed documentation about configuring and using each feature can be found in the ReadonlyREST collaborative documentation project.


We have an active community of users in our forum. If you need commercial support, go for the Enterprise or Embed offers.


Download now ReadonlyREST Free plugin for Elasticsearch from our self service download form. You will receive the installation instructions in your email. For further examples and instructions, refer to the ReadonlyREST collaborative documentation project.


ReadonlyREST Free plugin for Elasticsearch, like all our products, will receive bug fixes and new functionality over time.


ReadonlyREST for Elasticsearch is released under the GPLv3 license. For an easy explanation of what this means, see the documentation

Trusted every day in production by