github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

Adding link to docs about encryption key cli tool (#92394) (#92682)

Browse source
This commit is contained in:
ymao1 2021-02-24 14:27:13 -05:00 committed by GitHub
parent 5132a8d09a
commit f9b2ea88d9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
docs/settings/alert-action-settings.asciidoc
View file

@ -21,9 +21,12 @@ You can configure the following settings in the `kibana.yml` file.
[cols="2*<"]
|===
| `xpack.encryptedSavedObjects.encryptionKey`
| `xpack.encryptedSavedObjects`
`.encryptionKey`
| A string of 32 or more characters used to encrypt sensitive properties on alerts and actions before they're stored in {es}. Third party credentials &mdash; such as the username and password used to connect to an SMTP service &mdash; are an example of encrypted properties. +
+
{kib} offers a <<kibana-encryption-keys, CLI tool>> to help generate this encryption key. +
+
If not set, {kib} will generate a random key on startup, but all alert and action functions will be blocked. Generated keys are not allowed for alerts and actions because when a new key is generated on restart, existing encrypted data becomes inaccessible. For the same reason, alerts and actions in high-availability deployments of {kib} will behave unexpectedly if the key isn't the same on all instances of {kib}. +
+
Although the key can be specified in clear text in `kibana.yml`, it's recommended to store this key securely in the <<secure-settings,{kib} Keystore>>.