Cannot set xpack.security.secureCookies from environment (through docker-compose.yml)

For Elastic stack 7.6.0, should xpack.security.secureCookies be read from the kibana environment when it starts? I did this test:

added xpack.security.secureCookies=true to kibana.yml
built and deployed docker image
tested with browser -- browser complains if connection lacks TLS

Then I tried setting secureCookies in environment through docker-compose.yml
Here are the lines from from docker-compose.yml

version: "3.7"
services:
  kibana:
    image: lpsd-kibana:${APP_VERSION}
    environment:
      - KIBANA_PASSWORD=${KIBANA_PASSWORD}
      - xpack.security.secureCookies=true

Updated kibana.yml to remove secureCookies:

bash-4.2$ cat kibana.yml
server.name: kibana
server.host: "0.0.0.0"
elasticsearch.hosts: [ "http://elasticsearch:9200" ]
xpack.monitoring.ui.container.elasticsearch.enabled: true
elasticsearch.username: "kibana"
elasticsearch.password: ${KIBANA_PASSWORD}
status.allowAnonymous: true
xpack.security.session.idleTimeout: 900s
#xpack.security.secureCookies: true

Verified that container environment has secureCookies setting:

bash-4.2$ env
ELASTIC_CONTAINER=true
PATH=/usr/share/kibana/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
xpack.security.secureCookies=true
PWD=/usr/share/kibana/config
KIBANA_PASSWORD=abc
HOME=/usr/share/kibana

But, browser had no problem display the site without TLS, leading me to conclude secureCookies is not enabled.

Is my test correct, and should secureCookies setting be read from the environment?

As you can see in the docs, the name of the config should be converted to all uppercase and underscore instead of dots. Could you try XPACK_SECURITY_SECURECOOKIES instead?

yes, that did it. Thanks! I do remember reading that settings in environment need to be converted as you describe. But, I also find that sometimes unconverted works, so it's easy to forget

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.