You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: learn/configuration/instance_options.md
+6-8Lines changed: 6 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -166,12 +166,12 @@ Configures the instance's environment. Value must be either `production` or `dev
166
166
167
167
`production`:
168
168
169
-
- Setting a [master key](/learn/security/master_api_keys.md) is **mandatory**
169
+
- Setting a [master key](/learn/security/master_api_keys.md)of at least 16 bytes is **mandatory**. If no master key is provided or if it is under 16 bytes, Meilisearch will suggest a secure autogenerated master key
170
170
- The [search preview interface](/learn/what_is_meilisearch/search_preview.md) is disabled
171
171
172
172
`development`:
173
173
174
-
- Setting a [master key](/learn/security/master_api_keys.md) is **optional**
174
+
- Setting a [master key](/learn/security/master_api_keys.md) is **optional**. If no master key is provided or if it is under 16 bytes, Meilisearch will suggest a secure autogenerated master key
175
175
- Search preview is enabled
176
176
177
177
::: tip
@@ -192,18 +192,16 @@ Sets the HTTP address and port Meilisearch will use.
192
192
**Environment variable**: `MEILI_MASTER_KEY`
193
193
**CLI option**: `--master-key`
194
194
**Default value**: `None`
195
-
**Expected value**: an alphanumeric string
195
+
**Expected value**: a UTF-8 string of at least 16 bytes
196
196
197
197
Sets the instance's master key, automatically protecting all routes except [`GET /health`](/reference/api/health.md). This means you will need an API key to access endpoints such as `POST /search` and `GET /documents`. [You can read more about security keys in Meilisearch in our dedicated guide.](/learn/security/master_api_keys.md)
198
198
199
-
::: note
200
-
You must supply an alphanumeric string when using this option.
201
-
:::
202
-
203
-
Providing a master key is mandatory when `--env` is set to `production`. If none is given, Meilisearch will throw an error and refuse to launch.
199
+
Providing a master key is mandatory when `--env` is set to `production`. If none is given, or it is under 16 bytes, Meilisearch will throw an error and refuse to launch.
204
200
205
201
If no master key is provided in a `development` environment, all routes will be unprotected and publicly accessible.
206
202
203
+
If you do not supply a master key in `production` or `development` environments or it is under 16 bytes, Meilisearch will suggest a secure autogenerated master key you can use when restarting your instance.
204
+
207
205
[Learn more about Meilisearch's use of security keys.](/learn/security/master_api_keys.md)
Copy file name to clipboardExpand all lines: learn/cookbooks/running_production.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -119,7 +119,7 @@ In Debian and other Linux distributions, `systemd` allows you to create and mana
119
119
120
120
Service files are text files that tell your operating system how to run your program, and when. They live in the `/etc/systemd/system` directory, and your system will load them at boot time. In this case, let's use a very simple service file that will run Meilisearch on port `7700`.
121
121
122
-
To run Meilisearch in a production environment, use the `--env` flag. Set the master key using the `--master-key` option. When you launch an instance for the first time, Meilisearch creates two default API keys: [`Default Search API Key` and `Default Admin API Key`](/learn/security/master_api_keys.md#using-default-api-keys-for-authorization). With the `Default Admin API Key`, you can control who can access or create new documents, indexes, or change the configuration.
122
+
To run Meilisearch in a production environment, use the `--env` flag. Set a master key of at least 16 bytes using the `--master-key` option. When you launch an instance for the first time, Meilisearch creates two default API keys: [`Default Search API Key` and `Default Admin API Key`](/learn/security/master_api_keys.md#using-default-api-keys-for-authorization). With the `Default Admin API Key`, you can control who can access or create new documents, indexes, or change the configuration.
123
123
124
124
Remember to choose a safe and random key and avoid exposing it in publicly accessible applications. You can change the master key with the following command:
Copy file name to clipboardExpand all lines: learn/getting_started/quick_start.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -312,7 +312,7 @@ You should now have a working front-end search interface 🚀🔥
312
312
313
313
## Securing Meilisearch
314
314
315
-
The Meilisearch API is unprotected by default, making all routes publicly accessible. You can set a master key to protect your instance from unauthorized use:
315
+
The Meilisearch API is unprotected by default, making all routes publicly accessible. You can set a master key of at least 16 bytes to protect your instance from unauthorized use:
Copy file name to clipboardExpand all lines: learn/security/master_api_keys.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,9 +4,9 @@ This guide will teach you how to protect your Meilisearch instance by setting a
4
4
5
5
## Protecting a Meilisearch instance
6
6
7
-
**By default, Meilisearch's API is unprotected**. This means all routes are publicly accessible, and require no authorization to access.
7
+
**By default, Meilisearch's API is unprotected**. This means all routes are publicly accessible and require no authorization to access.
8
8
9
-
To protect a Meilisearch instance from unauthorized use, you must supply a master key at launch. This master key can be of any length, but must be composed of valid UTF-8 characters.
9
+
To protect a Meilisearch instance from unauthorized use, you must supply a master key at launch. This master key must be at least 16 bytes, composed of valid UTF-8 characters. In a production environment, Meilisearch will throw an error and refuse to launch if no master key is provided or if it is under 16 bytes, Meilisearch will suggest a secure autogenerated master key.
10
10
11
11
::: warning
12
12
You need to set a master key to access the [`/keys`](/reference/api/keys.md) route. Otherwise, you will get a [`missing_master_key`](/reference/errors/error_codes.md#missing-master-key) error.
Copy file name to clipboardExpand all lines: reference/api/overview.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -21,7 +21,7 @@ This API documentation uses the following conventions:
21
21
22
22
## Authorization
23
23
24
-
By [providing Meilisearch with a master key at launch](/learn/security/master_api_keys.md#protecting-a-meilisearch-instance), you protect your instance from unauthorized requests. From then on, you must include the `Authorization` header along with a valid API key to access protected routes (all routes except [`/health`](/reference/api/health.md).
24
+
By [providing Meilisearch with a master key at launch](/learn/security/master_api_keys.md#protecting-a-meilisearch-instance), you protect your instance from unauthorized requests. The provided master key must be at least 16 bytes. From then on, you must include the `Authorization` header along with a valid API key to access protected routes (all routes except [`/health`](/reference/api/health.md).
![bors[bot]](https://avatars.githubusercontent.com/in/1847?v=4&size=40){kind=avatar}
0 commit comments