mirror of
https://github.com/elastic/kibana.git
synced 2025-06-27 18:51:07 -04:00
13f1a94039
# Backport This will backport the following commits from `main` to `7.17`: - [Adds documentation to clarify kibana-keystore behaviour (#157146)](https://github.com/elastic/kibana/pull/157146) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Alex Szabo","email":"alex.szabo@elastic.co"},"sourceCommit":{"committedDate":"2023-05-09T16:02:45Z","message":"Adds documentation to clarify kibana-keystore behaviour (#157146)\n\n## Summary\r\nAddresses #155474 \r\n\r\nWe've discussed with the team, and decided that we'd retain current\r\nbehaviour, and adjust the docs and notes around the behaviour.\r\n\r\nfix(keystore): add warning note to explain that input is being JSON\r\nparsed\r\ndocs(keystore): add documentation to clarify behavior\r\n\r\n### Checklist\r\n\r\n- [x]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n\r\n### For maintainers\r\n\r\n- [x] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"58650c55456fbcf418f7a75edf98de32238f6bea","branchLabelMapping":{"^v8.9.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Operations","release_note:skip","backport:all-open","v8.9.0"],"number":157146,"url":"https://github.com/elastic/kibana/pull/157146","mergeCommit":{"message":"Adds documentation to clarify kibana-keystore behaviour (#157146)\n\n## Summary\r\nAddresses #155474 \r\n\r\nWe've discussed with the team, and decided that we'd retain current\r\nbehaviour, and adjust the docs and notes around the behaviour.\r\n\r\nfix(keystore): add warning note to explain that input is being JSON\r\nparsed\r\ndocs(keystore): add documentation to clarify behavior\r\n\r\n### Checklist\r\n\r\n- [x]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n\r\n### For maintainers\r\n\r\n- [x] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"58650c55456fbcf418f7a75edf98de32238f6bea"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.9.0","labelRegex":"^v8.9.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/157146","number":157146,"mergeCommit":{"message":"Adds documentation to clarify kibana-keystore behaviour (#157146)\n\n## Summary\r\nAddresses #155474 \r\n\r\nWe've discussed with the team, and decided that we'd retain current\r\nbehaviour, and adjust the docs and notes around the behaviour.\r\n\r\nfix(keystore): add warning note to explain that input is being JSON\r\nparsed\r\ndocs(keystore): add documentation to clarify behavior\r\n\r\n### Checklist\r\n\r\n- [x]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n\r\n### For maintainers\r\n\r\n- [x] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"58650c55456fbcf418f7a75edf98de32238f6bea"}}]}] BACKPORT--> Co-authored-by: Alex Szabo <alex.szabo@elastic.co>
77 lines
2.6 KiB
Text
77 lines
2.6 KiB
Text
[[secure-settings]]
|
|
=== Secure settings
|
|
|
|
Some settings are sensitive, and relying on filesystem permissions to protect
|
|
their values is not sufficient. For this use case, Kibana provides a
|
|
keystore, and the `kibana-keystore` tool to manage the settings in the keystore.
|
|
|
|
NOTE: All commands here should be run as the user which will run Kibana.
|
|
|
|
[float]
|
|
[[creating-keystore]]
|
|
=== Create the keystore
|
|
|
|
To create the `kibana.keystore`, use the `create` command:
|
|
|
|
[source,sh]
|
|
----------------------------------------------------------------
|
|
bin/kibana-keystore create
|
|
----------------------------------------------------------------
|
|
|
|
The file `kibana.keystore` will be created in the `config` directory defined by the
|
|
environment variable `KBN_PATH_CONF`.
|
|
|
|
[float]
|
|
[[list-settings]]
|
|
=== List settings in the keystore
|
|
|
|
A list of the settings in the keystore is available with the `list` command:
|
|
|
|
[source,sh]
|
|
----------------------------------------------------------------
|
|
bin/kibana-keystore list
|
|
----------------------------------------------------------------
|
|
|
|
[float]
|
|
[[add-string-to-keystore]]
|
|
=== Add string settings
|
|
|
|
NOTE: Your input will be JSON-parsed to allow for object/array input configurations. To enforce string values, use "double quotes" around your input.
|
|
|
|
Sensitive string settings, like authentication credentials for Elasticsearch
|
|
can be added using the `add` command:
|
|
|
|
[source,sh]
|
|
----------------------------------------------------------------
|
|
bin/kibana-keystore add the.setting.name.to.set
|
|
----------------------------------------------------------------
|
|
|
|
Once added to the keystore, these setting will be automatically applied
|
|
to this instance of Kibana when started. For example if you do
|
|
|
|
[source,sh]
|
|
----------------------------------------------------------------
|
|
bin/kibana-keystore add elasticsearch.username
|
|
----------------------------------------------------------------
|
|
|
|
you will be prompted to provide the value for elasticsearch.username.
|
|
(Your input will show as asterisks.)
|
|
|
|
The tool will prompt for the value of the setting. To pass the value
|
|
through stdin, use the `--stdin` flag:
|
|
|
|
[source,sh]
|
|
----------------------------------------------------------------
|
|
cat /file/containing/setting/value | bin/kibana-keystore add the.setting.name.to.set --stdin
|
|
----------------------------------------------------------------
|
|
|
|
[float]
|
|
[[remove-settings]]
|
|
=== Remove settings
|
|
|
|
To remove a setting from the keystore, use the `remove` command:
|
|
|
|
[source,sh]
|
|
----------------------------------------------------------------
|
|
bin/kibana-keystore remove the.setting.name.to.remove
|
|
----------------------------------------------------------------
|