[8.12] [DOCS] Add 'secrets' to Fleet settings page (#172637) (#173401)

# Backport

This will backport the following commits from `main` to `8.12`:
- [[DOCS] Add 'secrets' to Fleet settings page
(#172637)](https://github.com/elastic/kibana/pull/172637)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"David
Kilfoyle","email":"41695641+kilfoyle@users.noreply.github.com"},"sourceCommit":{"committedDate":"2023-12-14T16:01:26Z","message":"[DOCS]
Add 'secrets' to Fleet settings page (#172637)\n\nThis updates the list
of available Fleet settings in the Kibana docs, as\r\nfollows:\r\n\r\n-
Moves the `config` and `proxy_id` settings from the Required to
the\r\nOptional section of `xpack.fleet.outputs`. CC @nchaulet since
the\r\nsettings were added to the docs
via\r\nhttps://github.com/elastic/kibana/pull/158771). [See orange
highlight]\r\n- Adds the `ssl` setting with the `certificate` property
(this setting\r\nis already available but doesn't appear to have been
documented). [See\r\nred highlight]\r\n- Adds the new `secrets` setting,
with SSL `key` as a property. [See\r\nblue highlight]\r\n - Adds an
example output configuration. [See green highlight]\r\n\r\nRel:
https://github.com/elastic/ingest-docs/issues/692\r\nSee
[docs\r\npreview](https://kibana_172637.docs-preview.app.elstc.co/guide/en/kibana/master/fleet-settings-kb.html)\r\n\r\n---\r\n\r\n![Screenshot
2023-12-05 at 4 22
42\r\nPM](a547bad7-57aa-4470-8328-30b80f257973)","sha":"c7fabda4c59789facbbc6127589e66d162148669","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Docs","release_note:skip","backport:prev-minor","v8.13.0"],"number":172637,"url":"https://github.com/elastic/kibana/pull/172637","mergeCommit":{"message":"[DOCS]
Add 'secrets' to Fleet settings page (#172637)\n\nThis updates the list
of available Fleet settings in the Kibana docs, as\r\nfollows:\r\n\r\n-
Moves the `config` and `proxy_id` settings from the Required to
the\r\nOptional section of `xpack.fleet.outputs`. CC @nchaulet since
the\r\nsettings were added to the docs
via\r\nhttps://github.com/elastic/kibana/pull/158771). [See orange
highlight]\r\n- Adds the `ssl` setting with the `certificate` property
(this setting\r\nis already available but doesn't appear to have been
documented). [See\r\nred highlight]\r\n- Adds the new `secrets` setting,
with SSL `key` as a property. [See\r\nblue highlight]\r\n - Adds an
example output configuration. [See green highlight]\r\n\r\nRel:
https://github.com/elastic/ingest-docs/issues/692\r\nSee
[docs\r\npreview](https://kibana_172637.docs-preview.app.elstc.co/guide/en/kibana/master/fleet-settings-kb.html)\r\n\r\n---\r\n\r\n![Screenshot
2023-12-05 at 4 22
42\r\nPM](a547bad7-57aa-4470-8328-30b80f257973)","sha":"c7fabda4c59789facbbc6127589e66d162148669"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.13.0","labelRegex":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/172637","number":172637,"mergeCommit":{"message":"[DOCS]
Add 'secrets' to Fleet settings page (#172637)\n\nThis updates the list
of available Fleet settings in the Kibana docs, as\r\nfollows:\r\n\r\n-
Moves the `config` and `proxy_id` settings from the Required to
the\r\nOptional section of `xpack.fleet.outputs`. CC @nchaulet since
the\r\nsettings were added to the docs
via\r\nhttps://github.com/elastic/kibana/pull/158771). [See orange
highlight]\r\n- Adds the `ssl` setting with the `certificate` property
(this setting\r\nis already available but doesn't appear to have been
documented). [See\r\nred highlight]\r\n- Adds the new `secrets` setting,
with SSL `key` as a property. [See\r\nblue highlight]\r\n - Adds an
example output configuration. [See green highlight]\r\n\r\nRel:
https://github.com/elastic/ingest-docs/issues/692\r\nSee
[docs\r\npreview](https://kibana_172637.docs-preview.app.elstc.co/guide/en/kibana/master/fleet-settings-kb.html)\r\n\r\n---\r\n\r\n![Screenshot
2023-12-05 at 4 22
42\r\nPM](a547bad7-57aa-4470-8328-30b80f257973)","sha":"c7fabda4c59789facbbc6127589e66d162148669"}}]}]
BACKPORT-->

Co-authored-by: David Kilfoyle <41695641+kilfoyle@users.noreply.github.com>

docs/settings/fleet-settings.asciidoc

@@ -13,7 +13,10 @@ In {ecloud}, {fleet} flags are already configured.
 You can configure `xpack.fleet` settings in your `kibana.yml`.
 By default, {fleet} is enabled. To use {fleet}, you also need to configure {kib} and {es} hosts.
 
-See the {fleet-guide}/index.html[{fleet}] docs for more information.
+Many {fleet} settings can also be configured directly through the {fleet} UI.
+See {fleet-guide}/fleet-settings.html[Fleet UI settings] for details.
+
+See the {fleet-guide}/index.html[{fleet}] docs for more information about {fleet}.
 
 [[general-fleet-settings-kb]]
 ==== General {fleet} settings
@@ -174,6 +177,8 @@ xpack.fleet.agentPolicies:
 `xpack.fleet.outputs`::
 List of outputs that are configured when the {fleet} app starts.
 +
+Certain types of outputs have additional required and optional settings. Refer to {fleet-guide}/fleet-settings.html#output-settings[Output settings] in the {fleet} and {agent} Guide for the full list of settings for each output type.
++
 If configured in your `kibana.yml`, output settings are grayed out and
 unavailable in the {fleet} UI. To make these settings editable in the UI, do not
 configure them in the configuration file. 
@@ -188,13 +193,9 @@ NOTE: The `xpack.fleet.outputs` settings are intended for advanced configuration
   `name`::: 
     Output name.
   `type`::: 
-    Type of Output. Currently we support "elasticsearch", "logstash", "kafka".
+    Type of Output. Currently we support "elasticsearch", "logstash", "kafka", and "remote_elasticsearch".
   `hosts`::: 
     Array that contains the list of host for that output.
-  `config`::: 
-    Extra config for that output.
-  `proxy_id`:::
-    Unique ID of a proxy to access the output.
 =====
 +
 .Optional properties of `xpack.fleet.outputs`
@@ -204,7 +205,46 @@ NOTE: The `xpack.fleet.outputs` settings are intended for advanced configuration
     If `true`, the output specified in `xpack.fleet.outputs` will be the one used to send agent data unless there is another one configured specifically for the agent policy.
   `is_default_monitoring`::: 
     If `true`, the output specified in `xpack.fleet.outputs` will be the one used to send agent monitoring data unless there is another one configured specifically for the agent policy.
+  `config`::: 
+    Extra config for that output.
+  `proxy_id`:::
+    Unique ID of a proxy to access the output.
+  `ssl`:::
+    Set to enable authentication using the Secure Sockets Layer (SSL) protocol.
++
+.Properties of `ssl`
+[%collapsible%open]
+=======
+  `certificate`:::: 
+    The SSL certificate that {agents} use to authenticate with the output. Include the full contents of the certificate here.
+=======
+
+  `secrets`::: 
+    Include here any values for preconfigured outputs that should be stored as secrets. A secret value is replaced in the `kibana.yml` settings file with a reference, with the original value stored externally as a secure hash. Note that this type of secret storage requires all configured {fleet-server}s to be on version 8.12.0 or later.
++
+.Properties of `secrets`
+[%collapsible%open]
+=======
+  `key`:::::
+    The private certificate key that {agents} use to authenticate with the output.
+=======
 =====
++
+Example `xpack.fleet.outputs` configuration:
++
+[source,yaml]
+----
+xpack.fleet.outputs:
+  - id: my-logstash-output-with-a-secret
+    name: preconfigured logstash output with a secret
+    type:  logstash
+    hosts: ["localhost:9999"]
+    ssl:
+      certificate: xxxxxxxxxx
+    secrets:
+      ssl:
+        key: securekey
+----
 
 `xpack.fleet.fleetServerHosts`::
 List of {fleet-server} hosts that are configured when the {fleet} app starts.