Currently, only username/password authentication is supported in this IO. However, Elasticsearch also supports:
Supporting them would allow the user to create specific keys or tokens (with specific permissions and validity period) and use them for its jobs.
However, both features are not opensource themselves inside Elasticsearch (part of the X-Pack solution, under the Elastic license). But for the implementation in Beam, it's only a matter of setting the correct Authorization header. So I think it should be ok to implement them.