Secure Settings

edit

Some settings are sensitive, and relying on filesystem permissions to protect their values is not sufficient. For this use case, Kibana provides a keystore, and the kibana-keystore tool to manage the settings in the keystore.

All commands here should be run as the user which will run Kibana.

Creating the keystore

edit

To create the kibana.keystore, use the create command:

bin/kibana-keystore create

The file kibana.keystore will be created in the directory defined by the path.data configuration setting.

Listing settings in the keystore

edit

A list of the settings in the keystore is available with the list command:

bin/kibana-keystore list

Adding string settings

edit

Sensitive string settings, like authentication credentials for Elasticsearch can be added using the add command:

bin/kibana-keystore add the.setting.name.to.set

The tool will prompt for the value of the setting. To pass the value through stdin, use the --stdin flag:

cat /file/containing/setting/value | bin/kibana-keystore add the.setting.name.to.set --stdin

Removing settings

edit

To remove a setting from the keystore, use the remove command:

bin/kibana-keystore remove the.setting.name.to.remove