Add Documentation for authenticating kibana server user to ES via PKI #18504
Labels
Comments
elasticmachine
added
Team:Security
|
It's minimally documented here: https://www.elastic.co/guide/en/kibana/current/settings.html Optional settings that provide the paths to the PEM-format SSL certificate and key files. These files are used to verify the identity of Kibana to Elasticsearch and are required when xpack.ssl.verification_mode in Elasticsearch is set to either certificate or full. It wouldn't hurt to write some docs on doing PKI for everything Kibana -> Elasticsearch though |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Original comment by @ctindel:
As noted here:
#6119
It is possible to authenticate kibana server user to ES using PKI so that no cleartext password is necessary in the kibana.yml file.
However there doesn't seem to be an example of doing this anywhere, and the documentation for kibana.yml doesn't mention anything about this. It just says:
elasticsearch.ssl.certificate: and elasticsearch.ssl.key:
Optional settings that provide the paths to the PEM-format SSL certificate and key files. These files validate that your Elasticsearch backend uses the same key files.
Can we build out the docs to show people how to not have the cleartext password? Ideally we'd publish a blogpost like "How to avoid putting cleartext passwords in your kibana.yml file" showing the end-end steps on both ES and kibana sides
The text was updated successfully, but these errors were encountered: