spring-projects · l-trotta · Jun 20, 2025 · Jun 23, 2025
diff --git a/.../org/springframework/boot/autoconfigure/elasticsearch/ElasticsearchConnectionDetails.java b/.../org/springframework/boot/autoconfigure/elasticsearch/ElasticsearchConnectionDetails.java
@@ -55,6 +55,10 @@ default String getPassword() {
 		return null;
 	}
 
+	default String getAPIKey() {
+		return null;
+	}
+
 	/**
 	 * Prefix added to the path of every request sent to Elasticsearch.
 	 * @return prefix added to the path of every request sent to Elasticsearch or

diff --git a/...in/java/org/springframework/boot/autoconfigure/elasticsearch/ElasticsearchProperties.java b/...in/java/org/springframework/boot/autoconfigure/elasticsearch/ElasticsearchProperties.java
@@ -46,6 +46,10 @@ public class ElasticsearchProperties {
 	 * Password for authentication with Elasticsearch.
 	 */
 	private String password;
+	/**
+	 * APIKey for authentication with Elasticsearch.
+	 */
+	private String APIKey;
 
 	/**
 	 * Connection timeout used when communicating with Elasticsearch.
@@ -93,6 +97,15 @@ public void setPassword(String password) {
 		this.password = password;
 	}
 
+	public String getAPIKey() {
+		return this.APIKey;
+	}
+
+	public void setAPIKey(String APIKey) {
+		this.APIKey = APIKey;
+	}
+
+
 	public Duration getConnectionTimeout() {
 		return this.connectionTimeout;
 	}

diff --git a/...ringframework/boot/autoconfigure/elasticsearch/ElasticsearchRestClientConfigurations.java b/...ringframework/boot/autoconfigure/elasticsearch/ElasticsearchRestClientConfigurations.java
@@ -24,6 +24,7 @@
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLContext;
 
+import org.apache.http.Header;
 import org.apache.http.HttpHost;
 import org.apache.http.auth.AuthScope;
 import org.apache.http.auth.Credentials;
@@ -32,6 +33,7 @@
 import org.apache.http.impl.client.BasicCredentialsProvider;
 import org.apache.http.impl.nio.client.HttpAsyncClientBuilder;
 import org.apache.http.impl.nio.reactor.IOReactorConfig;
+import org.apache.http.message.BasicHeader;
 import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy;
 import org.elasticsearch.client.RestClient;
 import org.elasticsearch.client.RestClientBuilder;
@@ -62,6 +64,7 @@
  * @author Moritz Halbritter
  * @author Andy Wilkinson
  * @author Phillip Webb
+ * @author Laura Trotta
  */
 class ElasticsearchRestClientConfigurations {
 
@@ -94,6 +97,11 @@ RestClientBuilder elasticsearchRestClientBuilder(ElasticsearchConnectionDetails
 				.stream()
 				.map((node) -> new HttpHost(node.hostname(), node.port(), node.protocol().getScheme()))
 				.toArray(HttpHost[]::new));
+			if (connectionDetails.getAPIKey() != null) {
+				builder.setDefaultHeaders(new Header[]{
+					new BasicHeader("Authorization", "ApiKey " + connectionDetails.getAPIKey()),
+				});
+			}
 			builder.setHttpClientConfigCallback((httpClientBuilder) -> {
 				builderCustomizers.orderedStream().forEach((customizer) -> customizer.customize(httpClientBuilder));
 				SslBundle sslBundle = connectionDetails.getSslBundle();
@@ -260,6 +268,11 @@ public String getPassword() {
 			return this.properties.getPassword();
 		}
 
+		@Override
+		public String getAPIKey() {
+			return this.properties.getAPIKey();
+		}
+
 		@Override
 		public String getPathPrefix() {
 			return this.properties.getPathPrefix();

diff --git a/...ework/boot/autoconfigure/elasticsearch/ElasticsearchRestClientAutoConfigurationTests.java b/...ework/boot/autoconfigure/elasticsearch/ElasticsearchRestClientAutoConfigurationTests.java
@@ -19,7 +19,9 @@
 import java.time.Duration;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Optional;
 
+import org.apache.http.Header;
 import org.apache.http.HttpHost;
 import org.apache.http.auth.AuthScope;
 import org.apache.http.auth.Credentials;
@@ -60,6 +62,7 @@
  * @author Andy Wilkinson
  * @author Moritz Halbritter
  * @author Phillip Webb
+ * @author Laura Trotta
  */
 class ElasticsearchRestClientAutoConfigurationTests {
 
@@ -128,6 +131,24 @@ void configureUriWithNoScheme() {
 		});
 	}
 
+	@Test
+	void configureUriWithAPiKey() {
+		this.contextRunner.withPropertyValues("spring.elasticsearch.uris=http://user@localhost:9200","spring.elasticsearch.apikey=some-apiKey").run((context) -> {
+			RestClient client = context.getBean(RestClient.class);
+			assertThat(client.getNodes().stream().map(Node::getHost).map(HttpHost::toString))
+					.containsExactly("http://localhost:9200");
+			assertThat(client)
+					.extracting("defaultHeaders", InstanceOfAssertFactories.list(Header.class))
+					.satisfies(( defaultHeaders) -> {
+						Optional<? extends Header> authHeader = defaultHeaders.stream()
+								.filter(x -> x.getName().equals("Authorization"))
+								.findFirst();
+						assertThat(authHeader).isPresent();
+						assertThat(authHeader.get().getValue()).isEqualTo("ApiKey some-apiKey");
+					});
+		});
+	}
+
 	@Test
 	void configureUriWithUsernameOnly() {
 		this.contextRunner.withPropertyValues("spring.elasticsearch.uris=http://user@localhost:9200").run((context) -> {