Authenticate User Access
This topic describes how to manage user authentication in Milvus.
Milvus supports authenticated access by username and password.
Enable user authentication
Set common.security.authorizationEnabled
in milvus.yaml
as true
when configuring Milvus to enable authentication.
As of Milvus Helm Chart 4.0.0, you can enable user authentication by modifying values.yaml
as follows:
extraConfigFiles:
user.yaml: |+
common:
security:
authorizationEnabled: true
Create an authenticated user
A root user (password: Milvus
) is created along with each Milvus instance by default. It is recommended to change the password of the root user when you start Milvus for the first time. The root user can be used to create new users for authenticated access.
Create a user with username and password with the following command.
from pymilvus import utility
utility.create_user('user', 'password', using='default')
Parameter | Description |
---|---|
user | Username to create. |
password | Password for the user to create. |
using | Alias of the Milvus server to create the user. |
Connect Milvus with an authenticated user
Connect Milvus with an existing user.
from pymilvus import connections
connections.connect(
alias='default',
host='localhost',
port='19530',
user='user',
password='password',
)
Parameter | Description |
---|---|
alias | Alias of the Milvus server to connect. |
host | IP address of the Milvus server to connect. |
port | Port of the Milvus server to connect. |
user | Username used to connect. |
password | Password used to connect. |
Reset password
Change the password for an existing user and reset the Milvus connection.
from pymilvus import utility
utility.reset_password('user', 'old_password', 'new_password', using='default')
# Or you can use an alias function update_password
utility.update_password('user', 'old_password', 'new_password', using='default')
Parameter | Description |
---|---|
user | Username to reset password. |
password | New password for the user. |
using | Alias of the Milvus server. |
If you forget your old password, Milvus provides a configuration item that allows you to designate certain users as super users. This eliminates the need for the old password when you reset the password.
By default, the common.security.superUsers
field in the Milvus configuration file is empty, meaning that all users must provide the old password when resetting their password. However, you can designate specific users as super users who do not need to provide the old password. In the snippet below, root
and foo
are designated as super users.
You should add the below configuration item in the Milvus configuration file that governs the running of your Milvus instance.
common:
security:
superUsers: root, foo
Delete a user
Delete an authenticated user.
from pymilvus import utility
utility.delete_user('user', using='default')
Parameter | Description |
---|---|
user | Username to delete. |
using | Alias of the Milvus server. |
List all users
List all the credential users.
from pymilvus import utility
users = utility.list_usernames(using='default')
Limitations
- Username must not be empty, and must not exceed 32 characters in length. It must start with a letter, and only contains underscores, letters, or numbers.
- Password must have at least 6 characters and must not exceed 256 characters in length.
What’s next
- You might also want to learn how to:
- If you are ready to deploy your cluster on clouds:
- Learn how to Deploy Milvus on AWS with Terraform and Ansible
- Learn how to Deploy Milvus on Amazon EKS with Terraform
- Learn how to Deploy Milvus Cluster on GCP with Kubernetes
- Learn how to Deploy Milvus on Microsoft Azure With Kubernetes