mirror of
https://github.com/elastic/kibana.git
synced 2025-06-28 19:13:14 -04:00
8b015ebedd
This adds support a password protected keystore. The UX should match other stack products. Closes https://github.com/elastic/kibana/issues/21756. ``` [jon@mbpkbn1]/tmp/kibana-8.15.0-SNAPSHOT% bin/kibana-keystore create --password A Kibana keystore already exists. Overwrite? [y/N] y Enter new password for the kibana keystore (empty for no password): ******** Created Kibana keystore in /tmp/kibana-8.15.0-SNAPSHOT/config/kibana.keystore [jon@mbpkbn1]/tmp/kibana-8.15.0-SNAPSHOT% bin/kibana-keystore add elasticsearch.username Enter password for the kibana keystore: ******** Enter value for elasticsearch.username: ************* [jon@mbpkbn1]/tmp/kibana-8.15.0-SNAPSHOT% bin/kibana-keystore add elasticsearch.password Enter password for the kibana keystore: ******** Enter value for elasticsearch.password: ******** [jon@mbpkbn1]/tmp/kibana-8.15.0-SNAPSHOT% bin/kibana ... Enter password for the kibana keystore: ******** [2024-04-30T09:47:03.560-05:00][INFO ][root] Kibana is starting [jon@mbpkbn1]/tmp/kibana-8.15.0-SNAPSHOT% bin/kibana-keystore has-passwd Keystore is password-protected [jon@mbpkbn1]/tmp/kibana-8.15.0-SNAPSHOT% ./bin/kibana-keystore show elasticsearch.username Enter password for the kibana keystore: ******** kibana_system [jon@mbpkbn1]/tmp/kibana-8.15.0-SNAPSHOT% ./bin/kibana-keystore remove elasticsearch.username Enter password for the kibana keystore: ******** [jon@mbpkbn1]/tmp/kibana-8.15.0-SNAPSHOT% ./bin/kibana-keystore show elasticsearch.username Enter password for the kibana keystore: ******** ERROR: Kibana keystore doesn't have requested key. [jon@mbpkbn1]/tmp/kibana-8.15.0-SNAPSHOT% bin/kibana-keystore passwd Enter password for the kibana keystore: ******** Enter new password for the kibana keystore (empty for no password): [jon@mbpkbn1]/tmp/kibana-8.15.0-SNAPSHOT% ./bin/kibana-keystore has-passwd Error: Keystore is not password protected [jon@mbpkbn1]/tmp/kibana-8.15.0-SNAPSHOT% ./bin/kibana ... [2024-04-30T09:49:03.220-05:00][INFO ][root] Kibana is starting ``` ## Password input Environment variable usage is not consistent across stack products. I implemented `KBN_KEYSTORE_PASSWORD_FILE` and `KBN_KEYSTORE_PASSWORD` to be used to avoid prompts. @elastic/kibana-security do you have any thoughts? - `LOGSTASH_KEYSTORE_PASS` - https://www.elastic.co/guide/en/logstash/current/keystore.html#keystore-password - `KEYSTORE_PASSWORD` - https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html#docker-keystore-bind-mount - `ES_KEYSTORE_PASSPHRASE_FILE` - https://www.elastic.co/guide/en/elasticsearch/reference/current/rpm.html#rpm-running-systemd - Beats discussion, unresolved: https://github.com/elastic/beats/issues/5737 ## Release note Adds password support to the Kibana keystore.
35 lines
970 B
Text
35 lines
970 B
Text
[[start-stop]]
|
|
== Start and stop {kib}
|
|
|
|
The method for starting and stopping {kib} varies depending on how you installed
|
|
it. If a password protected keystore is used, the environment variable
|
|
`KBN_KEYSTORE_PASSPHRASE_FILE` can be used to point to a file containing the password,
|
|
the environment variable `KEYSTORE_PASSWORD` can be defined, or you will be prompted
|
|
to enter to enter the password on startup,
|
|
|
|
[float]
|
|
[[start-start-targz]]
|
|
=== Archive packages (`.tar.gz`)
|
|
|
|
If you installed {kib} on Linux or Darwin with a `.tar.gz` package, you can
|
|
start and stop {kib} from the command line.
|
|
|
|
[float]
|
|
include::install/targz-running.asciidoc[]
|
|
|
|
[float]
|
|
[[start-stop-zip]]
|
|
=== Archive packages (`.zip`)
|
|
|
|
If you installed {kib} on Windows with a `.zip` package, you can
|
|
stop and start {kib} from the command line.
|
|
|
|
[float]
|
|
include::install/windows-running.asciidoc[]
|
|
|
|
[float]
|
|
[[start-stop-deb-rpm]]
|
|
=== Debian and RPM packages
|
|
|
|
[float]
|
|
include::install/systemd.asciidoc[]
|