Authenticate User Access
This guide explains how to manage user authentication in Milvus, including enabling authentication, connecting as a user, and modifying user credentials.
-
TLS and user authentication are two distinct security approaches. If you have enabled both user authentication and TLS in your Milvus system, you must provide a username, password, and certificate file paths. For information on how to enable TLS, refer to Encryption in Transit.
-
The code snippets on this page use new MilvusClient (Python) to interact with Milvus. New MilvusClient SDKs for other languages will be released in future updates.
Enable user authentication
Set common.security.authorizationEnabled
in milvus.yaml
as true
when configuring Milvus to enable authentication.
As of Milvus Helm Chart 4.0.0, you can enable user authentication by modifying values.yaml
as follows:
extraConfigFiles:
user.yaml: |+
common:
security:
authorizationEnabled: true
Connect to Milvus with authentication
After enabling authentication, you need to connect to Milvus using a username and password. By default, the root
user is created with the password Milvus
when Milvus is initiated. Here is an example of how to connect to Milvus with authentication enabled using the default root
user:
# use default `root` user to connect to Milvus
from pymilvus import MilvusClient
client = MilvusClient(
uri='http://localhost:19530', # replace with your own Milvus server address
token="root:Milvus"
)
Create a new user
Once connected as the default root
user, you can create and authenticate a new user as follows:
# create a user
client.create_user(
user_name="user_1",
password="P@ssw0rd",
)
# verify the user has been created
client.describe_user("user_1")
# output
# {'user_name': 'user_1', 'roles': ()}
For more information on creating users, refer to create_user().
Connect to Milvus with a new user
Connect using the credentials of the newly created user:
# connect to milvus with the newly created user
client = MilvusClient(
uri="http://localhost:19530",
token="user_1:P@ssw0rd"
)
Update user password
Change the password for an existing user with the following code:
# update password
client.update_password(
user_name="user_1",
old_password="P@ssw0rd",
new_password="P@ssw0rd123"
)
For more information on updating user passwords, refer to update_password().
If you forget your old password, Milvus provides a configuration item that allows you to designate certain users as super users. This eliminates the need for the old password when you reset the password.
By default, the common.security.superUsers
field in the Milvus configuration file is empty, meaning that all users must provide the old password when resetting their password. However, you can designate specific users as super users who do not need to provide the old password. In the snippet below, root
and foo
are designated as super users.
You should add the below configuration item in the Milvus configuration file that governs the running of your Milvus instance.
common:
security:
superUsers: root, foo
Drop a user
To drop a user, use the drop_user()
method.
client.drop_user(user_name="user_1")
List all users
List all the users.
# list all users
client.list_users()
Limitations
- Username must not be empty, and must not exceed 32 characters in length. It must start with a letter, and only contains underscores, letters, or numbers.
- Password must have at least 6 characters and must not exceed 256 characters in length.
What's next
- You might also want to learn how to:
- If you are ready to deploy your cluster on clouds:
- Learn how to Deploy Milvus on AWS with Terraform and Ansible
- Learn how to Deploy Milvus on Amazon EKS with Terraform
- Learn how to Deploy Milvus Cluster on GCP with Kubernetes
- Learn how to Deploy Milvus on Microsoft Azure With Kubernetes