Hibernate Elasticsearch - set connection/username/password programmaticly

Is there any way to set the Hibernate ElasticSearch connection, username and password programmaticly?

We are able to get the ES version running by setting these in the hibernate.properties file, but this involves them being stored in plaintext. We need to be able to connect to and retrieve the passwords via a vault.

Is there any way we can currently achieve this?

In Hibernate Search itself, no. You can pass configuration the usual way through your framework’s application.properties, or through system properties (-Dhibernate.search.foo=bar passed to the JVM).

Fortunately, most frameworks allow you to define configuration properties programmatically, and from there you can set the Hibernate Search configuration programmatically.

In Quarkus there seems to be a way to configure a custom configuration source; this may be what you need?
I’m sure there are similar solutions for Spring (some are discussed here).

Thanks, will look into it :smiley:

To anyone finding this in the future, tried a few different things (including setting it by creating a new properties object, and calling application.setDefault properties before running it in spring), but easiest solution I found was to simply call System.setProperty before calling SpringApplication.run(…). Not the cleanest of solutions, but one that works at least!

I have set it via the system properties, is there anyway to force hibernate to reload the properties (specifically the password), without restarting the application. I am testing it by changing the hostname (set via system properties), but hibernate still uses the old name.

No, the properties are set on bootstrap and cannot be changed afterwards.

The best you can do is to take advantage of node discovery, but that still requires some hosts of the cluster to stay up until new nodes are discovered.

Sorry for bad explanation, the host is staying up but our passwords are only valid for x days, so I was hoping to be able to change them in hibernate without restarting the application. No worries though, and thanks for the help!

I suppose you could achieve what you want (a changing password) by implementing org.hibernate.search.backend.elasticsearch.client.spi.ElasticsearchHttpClientConfigurer to configure the underlying Apache HTTP Client, and registering it.

You can find an example of an HTTP client configurer in the module hibernate-search-backend-elasticsearch-aws:

This all relies on SPI, though, so there’s little documentation and there might be breaking changes in future minor versions of Hibernate Search. Use at your own risk :slight_smile:

Seems like the org.hibernate.search.engine.environment.bean.spi.BeanConfigurer class was added in 6, is this still possible to do in 5.10?

Yes it is possible in 5.10:

  • Implement org.hibernate.search.elasticsearch.client.spi.ElasticsearchHttpClientConfigurer
  • Register your implementation by creating a resource file named META-INF/services/org.hibernate.search.elasticsearch.client.spi.ElasticsearchHttpClientConfigurer containing a single line: the fully qualified class name of your implementation.

Was just able to get it working, thanks so much for the help, really appreciate it!! Out of interest if we go to save an object through our repo, which would usually save it to the index, but the credentials are invalid what is the expected behavior, does it rollback the save to the repo, or would the DB and index become out of sync?

Indexing happens after the database transaction is committed, so if indexing fails, the DB and index will become out of sync. But you’ll get an exception on commit with a list of entities that couldn’t be reindexed.

You can find an FAQ about automatic indexing here; please let me know if anything is missing!

Thank you so much for all your help on this! Really appreciate it :smiley:

1 Like