[docs] Add note on how to access generated Kibana encryptionKeys #8150
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
stefnestor
reviewed
Oct 22, 2024
Co-authored-by: Stef Nestor <26751266+stefnestor@users.noreply.github.com>
|
@elasticmachine run docs-build |
stefnestor
reviewed
Oct 23, 2024
stefnestor
reviewed
Oct 23, 2024
stefnestor
reviewed
Oct 23, 2024
|
I realized after testing that the ECK operator does not automatically set the decryptionKey for users, so added in addendums so if users are looking manually set these values but have previously used Kibana that they need to set the decryptionKey manually before rotating it. |
Co-authored-by: Stef Nestor <26751266+stefnestor@users.noreply.github.com>
Co-authored-by: Stef Nestor <26751266+stefnestor@users.noreply.github.com>
Co-authored-by: Stef Nestor <26751266+stefnestor@users.noreply.github.com>
kilfoyle
commented
Oct 23, 2024
pebrc
reviewed
Oct 24, 2024
pebrc
reviewed
Oct 24, 2024
pebrc
reviewed
Oct 24, 2024
Co-authored-by: Peter Brachwitz <peter.brachwitz@gmail.com>
Co-authored-by: Peter Brachwitz <peter.brachwitz@gmail.com>
Co-authored-by: Peter Brachwitz <peter.brachwitz@gmail.com>
|
Thanks @pebrc! |
thbkrkr
reviewed
Oct 25, 2024
Co-authored-by: Thibault Richard <thbkrkr@users.noreply.github.com>
thbkrkr
reviewed
Oct 28, 2024
|
|
||
| [source,shell,subs="attributes"] | ||
| ---- | ||
| kubectl get secret my-kibana-kb-config -o jsonpath '{ .data.kibana\.yml }' | base64 --decode | grep -B 1 encryptionKey |
There was a problem hiding this comment.
This command fails with error: template format specified but no template given. An = is important to assign the jsonpath.
Suggested change
| kubectl get secret my-kibana-kb-config -o jsonpath '{ .data.kibana\.yml }' | base64 --decode | grep -B 1 encryptionKey | |
| kubectl get secret my-kibana-kb-config -o jsonpath='{ .data.kibana\.yml }' | base64 --decode | grep -B 1 encryptionKey |
Now it works, I feel that it can be confusing because there are several encryptionKey.
> kubectl get secret test-kb-config -o jsonpath='{ .data.kibana\.yml }' | base64 --decode | grep -B 1 encryptionKey
encryptedSavedObjects:
encryptionKey: K8MYAwOohLrviRp4tXlQqS7Gb7AWPe6DsRI9TUs0PoyHAdmpKDjupE8Q3ms4lwmQ
--
reporting:
encryptionKey: EcZHDgOz5BJqLdp26t6ittWg3tCJHkCIraciRUqDU2NncYbpO5DNJ4pt1Ayb5VEV
--
realm: oidc1
encryptionKey: PIhbYdOg76JfzhnhzNpTz2JOasEj7oh1hpmZ47ZMEeTRR7Un1akRHVmA0pnDEBswI guess you don't want to provide an example using yq?
Then here is a proposal to continue using grep:
> kubectl get secret c14-kb-config -o jsonpath='{ .data.kibana\.yml }' | base64 --decode | grep -A1 encryptedSavedObjects
encryptedSavedObjects:
encryptionKey: K8MYAwOohLrviRp4tXlQqS7Gb7AWPe6DsRI9TUs0PoyHAdmpKDjupE8Q3ms4lwmQ
There was a problem hiding this comment.
Thanks @thbkrkr!
@stefnestor Please let me know if you like the proposal.
(I've added it in already but if you disagree, please let us know)
There was a problem hiding this comment.
@thbkrkr I see that Stef will be offline for a couple of days, so I think it's safe to merge this. If she'd like anything changed I can open a new PR.
pebrc
reviewed
Oct 28, 2024
Co-authored-by: Peter Brachwitz <peter.brachwitz@gmail.com>
kilfoyle
commented
Oct 28, 2024
thbkrkr
reviewed
Oct 28, 2024
thbkrkr
approved these changes
Oct 28, 2024
thbkrkr
approved these changes
Oct 28, 2024
thbkrkr
changed the title
thbkrkr
pushed a commit
that referenced
this pull request
Oct 28, 2024
This updates the Advanced configuration page with a tip about how to access the operator-generated encryption keys. --------- Co-authored-by: Stef Nestor <26751266+stefnestor@users.noreply.github.com> Co-authored-by: Peter Brachwitz <peter.brachwitz@gmail.com> Co-authored-by: Thibault Richard <thbkrkr@users.noreply.github.com>
thbkrkr
added a commit
that referenced
this pull request
Oct 28, 2024
…) (#8160) This updates the Advanced configuration page with a tip about how to access the operator-generated encryption keys. --------- Co-authored-by: Stef Nestor <26751266+stefnestor@users.noreply.github.com> Co-authored-by: Peter Brachwitz <peter.brachwitz@gmail.com> Co-authored-by: Thibault Richard <thbkrkr@users.noreply.github.com> Co-authored-by: David Kilfoyle <41695641+kilfoyle@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This updates the Advanced configuration page with a tip about how to access the operator-generated encryption keys.
Closes: #8129