Elastic Agent environment variables

edit

Use environment variables to configure Elastic Agent when running in a containerized environment. Variables on this page are grouped by action type:

Common variables
edit

To limit the number of environment variables that need to be set, the following common variables are available. These variables can be used across all Elastic Agent actions, but have a lower precedence than action-specific environment variables.

These common variables are useful, for example, when using the same Elasticsearch and Kibana credentials to prepare the Fleet plugin in Kibana, configure Fleet Server, and enroll an Elastic Agent.

Settings Description

ELASTICSEARCH_HOST

(string) The Elasticsearch host to communicate with.

Default: http://elasticsearch:9200

ELASTICSEARCH_USERNAME

(string) The basic authentication username used to connect to Elasticsearch. This user needs the privileges required to publish events to Elasticsearch.

[8.0.0] Deprecated in 8.0.0. Behaviour will change, use FLEET_SERVER_SERVICE_TOKEN instead.

Default: elastic

ELASTICSEARCH_PASSWORD

(string) The basic authentication password used to connect to Elasticsearch.

[8.0.0] Deprecated in 8.0.0. Behaviour will change, use FLEET_SERVER_SERVICE_TOKEN instead.

Default: changeme

ELASTICSEARCH_CA

(string) The path to a certificate authority.

By default, Elastic Agent uses the list of trusted certificate authorities (CA) from the operating system where it is running. If the certificate authority that signed your node certificates is not in the host system’s trusted certificate authorities list, use this config to add the path to the .pem file that contains your CA’s certificate.

Default: ""

KIBANA_HOST

(string) The Kibana host.

Default: http://kibana:5601

KIBANA_USERNAME

(string) The basic authentication username used to connect to Kibana.

[8.0.0] Deprecated in 8.0.0. Behaviour will change in upcoming release.

Default: elastic

KIBANA_PASSWORD

(string) The basic authentication password used to connect to Kibana.

[8.0.0] Deprecated in 8.0.0. Behaviour will change in upcoming release.

Default: changeme

KIBANA_CA

(string) The path to a certificate authority.

By default, Elastic Agent uses the list of trusted certificate authorities (CA) from the operating system where it is running. If the certificate authority that signed your node certificates is not in the host system’s trusted certificate authorities list, use this config to add the path to the .pem file that contains your CA’s certificate.

Default: ""

Prepare Kibana for Fleet
edit

Settings used to prepare the Fleet plugin in Kibana.

Settings Description

KIBANA_FLEET_SETUP

(int) Set to 1 to enable Fleet setup. Enabling Fleet is required before Fleet Server will start. When this action is not performed, a user must manually log in to Kibana and visit the Fleet page to enable setup. Overrides FLEET_SETUP when set.

Default: none

KIBANA_FLEET_HOST

(string) The Kibana host to enable Fleet on. Overrides FLEET_HOST when set.

Default: http://kibana:5601

KIBANA_FLEET_USERNAME

(string) The basic authentication username used to connect to Kibana and enable Fleet. Overrides KIBANA_USERNAME when set.

[8.0.0] Deprecated in 8.0.0. Behaviour will change in upcoming release.

Default: elastic

KIBANA_FLEET_PASSWORD

(string) The basic authentication password used to connect to Kibana and enable Fleet. Overrides KIBANA_PASSWORD when set.

[8.0.0] Deprecated in 8.0.0. Behaviour will change in upcoming release.

Default: changeme

KIBANA_FLEET_CA

(string) The path to a certificate authority. Overrides KIBANA_CA when set.

By default, Elastic Agent uses the list of trusted certificate authorities (CA) from the operating system where it is running. If the certificate authority that signed your node certificates is not in the host system’s trusted certificate authorities list, use this config to add the path to the .pem file that contains your CA’s certificate.

Default: ""

Bootstrap Fleet Server
edit

Settings used to bootstrap Fleet Server on this Elastic Agent. At least one Fleet Server is required in a deployment.

Settings Description

FLEET_SERVER_ENABLE

(int) Set to 1 to bootstrap Fleet Server on this Elastic Agent. When set to 1, this automatically forces Fleet enrollment as well.

Default: none

FLEET_SERVER_ELASTICSEARCH_HOST

(string) The Elasticsearch host for Fleet Server to communicate with. Overrides ELASTICSEARCH_HOST when set.

Default: http://elasticsearch:9200

FLEET_SERVER_ELASTICSEARCH_USERNAME

(string) The basic authentication username used to connect to Elasticsearch. Overrides ELASTICSEARCH_USERNAME when set. This user needs the privileges required to publish events to Elasticsearch.

[8.0.0] Deprecated in 8.0.0. Use FLEET_SERVER_SERVICE_TOKEN instead.

Default: elastic

FLEET_SERVER_ELASTICSEARCH_PASSWORD

(string) The basic authentication password used to connect to Elasticsearch. Overrides ELASTICSEARCH_PASSWORD when set.

[8.0.0] Deprecated in 8.0.0. Use FLEET_SERVER_SERVICE_TOKEN instead.

Default: changeme

FLEET_SERVER_ELASTICSEARCH_CA

(string) The path to a certificate authority. Overrides ELASTICSEARCH_CA when set.

By default, Elastic Agent uses the list of trusted certificate authorities (CA) from the operating system where it is running. If the certificate authority that signed your node certificates is not in the host system’s trusted certificate authorities list, use this config to add the path to the .pem file that contains your CA’s certificate.

Default: ""

FLEET_SERVER_SERVICE_TOKEN

(string) Service token to use for communication with Elasticsearch.

Default: none

FLEET_SERVER_POLICY_NAME

(string) The name of the policy for Fleet Server to use on itself. Overrides FLEET_TOKEN_POLICY_NAME when set.

Default: none

FLEET_SERVER_POLICY_ID

(string) The policy ID for Fleet Server to use on itself.

Default: When undefined, the "Default Fleet Server policy" is used.

FLEET_SERVER_HOST

(string) The binding host for Fleet Server HTTP. Overrides the host defined in the policy.

Default: none

FLEET_SERVER_PORT

(string) The binding port for Fleet Server HTTP. Overrides the port defined in the policy.

Default: none

FLEET_SERVER_CERT

(string) The path to the certificate to use for HTTPS.

Default: none

FLEET_SERVER_CERT_KEY

(string) The path to the private key for the certificate used for HTTPS.

Default: none

FLEET_SERVER_INSECURE_HTTP

(bool) When true, exposes Fleet Server over HTTP (insecure). Setting this to true is not recommended.

Default: false

Enroll Elastic Agent
edit

Settings used to enroll an Elastic Agent into a Fleet Server.

Settings Description

FLEET_ENROLL

(bool) Set to 1 to enroll the Elastic Agent into Fleet Server.

Default: false

FLEET_URL

(string) URL to enroll the Fleet Server into.

Default: ""

FLEET_ENROLLMENT_TOKEN

(string) The token to use for enrollment.

Default: ""

FLEET_TOKEN_NAME

(string) The token name to use to fetch the token from Kibana.

Default: ""

FLEET_TOKEN_POLICY_NAME

(string) The token policy name to use to fetch the token from Kibana.

Default: false

FLEET_CA

(string) The path to a certificate authority. Overrides ELASTICSEARCH_CA when set.

By default, Elastic Agent uses the list of trusted certificate authorities (CA) from the operating system where it is running. If the certificate authority that signed your node certificates is not in the host system’s trusted certificate authorities list, use this config to add the path to the .pem file that contains your CA’s certificate.

Default: false

FLEET_INSECURE

(bool) When true, Elastic Agent communicates with Fleet Server over insecure or unverified HTTP. Setting this to true is not recommended.

Default: false

KIBANA_FLEET_HOST

(string) The Kibana host to enable Fleet on. Overrides FLEET_HOST when set.

Default: http://kibana:5601

KIBANA_FLEET_USERNAME

(string) The basic authentication username used to connect to Kibana and enable Fleet. Overrides KIBANA_USERNAME when set.

[8.0.0] Deprecated in 8.0.0. Behaviour will change in upcoming release.

Default: elastic

KIBANA_FLEET_PASSWORD

(string) The basic authentication password used to connect to Kibana and enable Fleet. Overrides KIBANA_PASSWORD when set.

[8.0.0] Deprecated in 8.0.0. Behaviour will change in upcoming release.

Default: changeme

KIBANA_FLEET_CA

(string) The path to a certificate authority. Overrides KIBANA_CA when set.

By default, Elastic Agent uses the list of trusted certificate authorities (CA) from the operating system where it is running. If the certificate authority that signed your node certificates is not in the host system’s trusted certificate authorities list, use this config to add the path to the .pem file that contains your CA’s certificate.

Default: ""