Document that remote ES service token can be stored as a secret (#762) (

#768) * Document that remote ES service token can be stored as a secret * fixup (cherry picked from commit 1fffeff) Co-authored-by: David Kilfoyle <41695641+kilfoyle@users.noreply.github.com>
elastic · Dec 14, 2023 · 2cc12bb · 2cc12bb
1 parent 6f72ce8
commit 2cc12bb
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/docs/en/ingest-management/fleet/monitor-elastic-agent.asciidoc b/docs/en/ingest-management/fleet/monitor-elastic-agent.asciidoc
@@ -264,6 +264,8 @@ To configure a remote {es} cluster for your {agent} monitoring data:
 .. Copy the value for the generated token.
 
 .. Back in your main cluster, paste the value you copied into the output **Service Token** field.
++
+NOTE: To prevent unauthorized access the {es} Service Token is stored as a secret value. While secret storage is recommended, you can choose to override this setting and store the password as plain text in the agent policy definition. Secret storage requires {fleet-server} version 8.12 or higher. This setting can also be stored as a secret value or as plain text for preconfigured outputs. See {kibana-ref}/fleet-settings-kb.html#_preconfiguration_settings_for_advanced_use_cases[Preconfiguration settings] in the {kib} Guide to learn more.
 
 . Choose whether or not the remote output should be the default for agent monitoring. When set, {agent}s use this output to send data if no other output is set in the <<agent-policy,agent policy>>.