Secure settings
Some settings are sensitive, and relying on filesystem permissions to protect their values is not sufficient. For this use case, Kibana provides a keystore, and the kibana-keystore
tool to manage the settings in the keystore.
All commands here should be run as the user which will run Kibana.
Create the keystore
To create the kibana.keystore
, use the create
command:
bin/kibana-keystore create
The file kibana.keystore
will be created in the directory defined by the path.data
configuration setting.
List settings in the keystore
A list of the settings in the keystore is available with the list
command:
bin/kibana-keystore list
Add string settings
Sensitive string settings, like authentication credentials for Elasticsearch can be added using the add
command:
bin/kibana-keystore add the.setting.name.to.set
Once added to the keystore, these setting will be automatically applied to this instance of Kibana when started. For example if you do
bin/kibana-keystore add elasticsearch.username
you will be prompted to provide the value for elasticsearch.username. (Your input will show as asterisks.)
The tool will prompt for the value of the setting. To pass the value through stdin, use the --stdin
flag:
cat /file/containing/setting/value | bin/kibana-keystore add the.setting.name.to.set --stdin
Remove settings
To remove a setting from the keystore, use the remove
command:
bin/kibana-keystore remove the.setting.name.to.remove