Hello all, we're doing a POC with Windows servers running *beat agents sending perf and event log data to a Linux VM running ELK Stack. Everything is latest version. We want to standardize on agents authenticating using API key, and don't see much need to go beyond out of the box user roles.
Metricbeat agent authenticates fine when metricbeat.yml uses the builtin elastic superuser account/password. Great. I then created an API key with no role defined while logged in as elastic. Documentation states the key should effectively have rights of the user creating it, so superuser rights. A bit much, but I just need to see it work.
After editing Elasticsearch.yml to use the API key, the agent service starts/stops. The error is a 401, failure to authenticate to Kibana. During troubleshooting, discovered I can work around this by adding the elastic username and password under the setup.kibana section. That is obviously not secure and unusable. I can't find documentation showing where you must use an Elasticsearch user/password under setup.kibana in order to authenticate to Kibana when choosing to use API key to authenticate with Beats. I also don't see any kind of API key setting for Kibana in kibana.yml
Advice is greatly appreciated, and thank you in advance!