The OpenSearch security feature is similar to Elasticsearch’s X-Pack plugin and TLS encryption. It is based on a plugin that is configured in much the same way.
One key difference between Elasticsearch and OpenSearch is that, by default, OpenSearch is configured to have its security features enabled while Elasticsearch is not. A full overview of OpenSearch's security plugin is described in their user documentation.
If you are not currently using X-Pack security in your Elasticsearch cluster, then you must make sure to disable security within OpenSearch, as described in this article.
You can then enable it after successfully upgrading if you prefer. If you are not sure if you are using X-Pack, search for
xpack.security.enabled:true within the elasticsearch.yml configuration file for the nodes in your Elasticsearch cluster. X-Pack is disabled when this is set to
In cases where X-Pack security is enabled in your Elasticsearch cluster, reuse your existing TLS certificates.
In summary, no special security considerations are required to upgrade from Elasticsearch v7.10.2 to OpenSearch 1.x-2.x other than noting that this is enabled by default.