Authenticate User Access
This guide explains how to manage user authentication in Milvus, including enabling authentication, connecting as a user, and modifying user credentials.
TLS and user authentication are two distinct security approaches. If you have enabled both user authentication and TLS in your Milvus system, you must provide a username, password, and certificate file paths. For information on how to enable TLS, refer to Encryption in Transit.
The code snippets on this page use new MilvusClient (Python) to interact with Milvus. New MilvusClient SDKs for other languages will be released in future updates.
Enable user authentication
To enable user authentication for your Milvus server, set common.security.authorizationEnabled to true in the Milvus config file milvus.yaml
. For more information on configs, refer to Configure Milvus with Docker Compose.
...
common:
...
security:
authorizationEnabled: true
...
To enable user authentication for your Milvus server, set authorizationEnabled to true in the Milvus config file values.yaml
. For more information on configs, refer to Configure Milvus with Helm Charts.
...
extraConfigFiles:
user.yaml: |+
common:
security:
authorizationEnabled: true
...
To enable authentication, set spec.common.security.authorizationEnabled
to true
in the Milvus
CRD. For more information on Milvus CRD, refer to Configure Milvus with Milvus Operator.
apiVersion: milvus.io/v1beta1
kind: Milvus
metadata:
name: my-release
labels:
app: milvus
spec:
# Omit other fields ...
config:
common:
security:
authorizationEnabled: true
Connect to Milvus with authentication
After enabling authentication, you need to connect to Milvus using a username and password. By default, the root
user is created with the password Milvus
when Milvus is initiated. Here is an example of how to connect to Milvus with authentication enabled using the default root
user:
# use default `root` user to connect to Milvus
from pymilvus import MilvusClient
client = MilvusClient(
uri='http://localhost:19530', # replace with your own Milvus server address
token="root:Milvus"
)
Create a new user
Once connected as the default root
user, you can create and authenticate a new user as follows:
# create a user
client.create_user(
user_name="user_1",
password="P@ssw0rd",
)
# verify the user has been created
client.describe_user("user_1")
# output
# {'user_name': 'user_1', 'roles': ()}
For more information on creating users, refer to create_user().
Connect to Milvus with a new user
Connect using the credentials of the newly created user:
# connect to milvus with the newly created user
client = MilvusClient(
uri="http://localhost:19530",
token="user_1:P@ssw0rd"
)
Update user password
Change the password for an existing user with the following code:
# update password
client.update_password(
user_name="user_1",
old_password="P@ssw0rd",
new_password="P@ssw0rd123"
)
For more information on updating user passwords, refer to update_password().
If you forget your old password, Milvus provides a configuration item that allows you to designate certain users as super users. This eliminates the need for the old password when you reset the password.
By default, the common.security.superUsers
field in the Milvus configuration file is empty, meaning that all users must provide the old password when resetting their password. However, you can designate specific users as super users who do not need to provide the old password. In the snippet below, root
and foo
are designated as super users.
You should add the below configuration item in the Milvus configuration file that governs the running of your Milvus instance.
common:
security:
superUsers: root, foo
Drop a user
To drop a user, use the drop_user()
method.
client.drop_user(user_name="user_1")
List all users
List all the users.
# list all users
client.list_users()
Limitations
- Username must not be empty, and must not exceed 32 characters in length. It must start with a letter, and only contains underscores, letters, or numbers.
- Password must have at least 6 characters and must not exceed 256 characters in length.
What’s next
- You might also want to learn how to:
- If you are ready to deploy your cluster on clouds:
- Learn how to Deploy Milvus on Amazon EKS with Terraform
- Learn how to Deploy Milvus Cluster on GCP with Kubernetes
- Learn how to Deploy Milvus on Microsoft Azure With Kubernetes