github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-25 02:09:32 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/docs
History
Jon 8b015ebedd
[keystore] Add password support (#180414) 
This adds support a password protected keystore. The UX should match
other stack products.

Closes https://github.com/elastic/kibana/issues/21756.

```
[jon@mbpkbn1]/tmp/kibana-8.15.0-SNAPSHOT% bin/kibana-keystore create --password
A Kibana keystore already exists. Overwrite? [y/N] y
Enter new password for the kibana keystore (empty for no password): ********
Created Kibana keystore in /tmp/kibana-8.15.0-SNAPSHOT/config/kibana.keystore

[jon@mbpkbn1]/tmp/kibana-8.15.0-SNAPSHOT% bin/kibana-keystore add elasticsearch.username
Enter password for the kibana keystore: ********
Enter value for elasticsearch.username: *************

[jon@mbpkbn1]/tmp/kibana-8.15.0-SNAPSHOT% bin/kibana-keystore add elasticsearch.password
Enter password for the kibana keystore: ********
Enter value for elasticsearch.password: ********

[jon@mbpkbn1]/tmp/kibana-8.15.0-SNAPSHOT% bin/kibana
...
Enter password for the kibana keystore: ********
[2024-04-30T09:47:03.560-05:00][INFO ][root] Kibana is starting

[jon@mbpkbn1]/tmp/kibana-8.15.0-SNAPSHOT% bin/kibana-keystore has-passwd
Keystore is password-protected

[jon@mbpkbn1]/tmp/kibana-8.15.0-SNAPSHOT% ./bin/kibana-keystore show elasticsearch.username
Enter password for the kibana keystore: ********
kibana_system

[jon@mbpkbn1]/tmp/kibana-8.15.0-SNAPSHOT% ./bin/kibana-keystore remove elasticsearch.username
Enter password for the kibana keystore: ********

[jon@mbpkbn1]/tmp/kibana-8.15.0-SNAPSHOT% ./bin/kibana-keystore show elasticsearch.username
Enter password for the kibana keystore: ********
ERROR: Kibana keystore doesn't have requested key.

[jon@mbpkbn1]/tmp/kibana-8.15.0-SNAPSHOT% bin/kibana-keystore passwd
Enter password for the kibana keystore: ********
Enter new password for the kibana keystore (empty for no password):
[jon@mbpkbn1]/tmp/kibana-8.15.0-SNAPSHOT% ./bin/kibana-keystore has-passwd
Error: Keystore is not password protected

[jon@mbpkbn1]/tmp/kibana-8.15.0-SNAPSHOT% ./bin/kibana
...
[2024-04-30T09:49:03.220-05:00][INFO ][root] Kibana is starting
```

## Password input

Environment variable usage is not consistent across stack products. I
implemented `KBN_KEYSTORE_PASSWORD_FILE` and `KBN_KEYSTORE_PASSWORD` to
be used to avoid prompts. @elastic/kibana-security do you have any
thoughts?


- `LOGSTASH_KEYSTORE_PASS` -
https://www.elastic.co/guide/en/logstash/current/keystore.html#keystore-password
- `KEYSTORE_PASSWORD` -
https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html#docker-keystore-bind-mount
- `ES_KEYSTORE_PASSPHRASE_FILE` -
https://www.elastic.co/guide/en/elasticsearch/reference/current/rpm.html#rpm-running-systemd
- Beats discussion, unresolved:
https://github.com/elastic/beats/issues/5737


## Release note
Adds password support to the Kibana keystore.
2024-05-06 10:23:29 -05:00
..
api [Synthetics] Monitor CRUD's public api's (#169928) 2024-04-12 15:10:11 -04:00
apm [DOCS] Update Observability docs to fix problems found during testing (#175636) 2024-01-29 11:05:21 -08:00
canvas Removes duplicate images (#173097) 2023-12-11 11:36:25 -08:00
concepts [data views] cache field caps requests (#168910) 2024-01-16 06:54:38 -06:00
dev-tools Sort out objectization in variable substitution (#162382) 2023-07-27 09:30:52 +09:00
developer [Discover] Create Discover Shared plugin and features registry (#181952) 2024-05-03 11:27:32 +02:00
development/plugins/expressions/public Remove old doc generation system for core APIs (#134313) 2022-06-21 17:43:17 +02:00
discover [ES|QL] Rename the setting to a more generic one and move to the general section (#182074) 2024-05-01 16:13:53 +02:00
fleet [DOCS] Fleet managed content (#178380) 2024-03-25 22:14:29 +00:00
getting-started [DOCS] Updates the quick start guide (#163165) 2023-08-04 15:55:25 +02:00
management [ES|QL] Rename the setting to a more generic one and move to the general section (#182074) 2024-05-01 16:13:53 +02:00
maps [Docs][Chore] Fix asset tracking tutorial from 8.12 improvements (#176061) 2024-02-02 05:22:55 -07:00
migration [DOCS] Remove breaking changes tags (#162928) 2023-08-02 08:27:22 -04:00
observability
osquery [DOCS] Documents Osquery Timeout setting (#174595) 2024-01-17 15:29:23 +00:00
settings [GenAI] Bedrock Claude 3 Support (#179304) 2024-03-27 13:24:10 -06:00
setup [keystore] Add password support (#180414) 2024-05-06 10:23:29 -05:00
siem [DOCS] Elastic Sec Overview (Fixing Image) (#104529) 2021-07-07 09:58:09 -04:00
spaces Removing docs about multi-tenancy (#143698) 2022-10-24 16:01:43 -04:00
user [DOCS] Fix docs and screenshots for rule creation changes (#181925) 2024-05-01 09:18:17 -07:00
accessibility.asciidoc
action-type-template.asciidoc [DOCS] Add preconfigured AWS Bedrock connector (#168663) 2023-10-16 08:23:12 -07:00
CHANGELOG.asciidoc [DOCS] Add a bug fix for 8.13.3 release notes (#182373) 2024-05-02 22:25:05 +03:00
gs-index.asciidoc [DOCS] Remove or move book-scoped attributes (#155210) 2023-04-20 09:12:09 -07:00
index.asciidoc [Docs] remove Kibana book-scoped variables (#178676) 2024-03-14 11:53:33 -04:00
index.x.asciidoc
landing-page.asciidoc [DOCS] Fix welcome-to-elastic link (#166357) 2023-09-14 06:08:35 -04:00
limitations.asciidoc [DOCS] Reallocates limitations to point-of-use (#79582) 2020-11-19 10:49:27 -06:00
migration.asciidoc
redirects.asciidoc [DOCS] Create stub page for Playground (#181266) 2024-04-22 10:16:52 +02:00
rule-type-template.asciidoc [DOCS] Create and manage rule action frequencies (#150957) 2023-02-23 13:16:46 -08:00
template.asciidoc [DOCS] Remove snapshot and restore docs (#114836) 2021-11-16 16:59:24 -05:00