Improve decryption failure logging #200050
Labels
Feature:Security/Encrypted Saved Objects
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Comments
jeramysoucy
added
Feature:Security/Encrypted Saved Objects
Team:Security
|
Pinging @elastic/kibana-security (Team:Security) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Related: #200049
Currently, there is no way to discern the context of a decryption failure - the error log does not include a caller or reason the decryption was being performed.
Example: the
findfunction handles decryption failures gracefully, however, an error log is generated for every decryption failure that occurs. Our serverless dashboards and alerts will pick up this failure, but we will not be able to discern the context. We will not know whether or not the failure is something that should be expected or investigated, or for that matter, how to further investigate the error.Augmenting the decryption error log information to include a caller, operation, or reason would provide enough context to help pinpoint where and how an error occurred.
The text was updated successfully, but these errors were encountered: