Elasticsearch credentials for Kibana from keystore for ES 5.6

I don't want to put the property elasticsearch.password in my kibana.yml. When I try to add this setting into the keystore, ES won't start up with the following error:

Suppressed: java.lang.IllegalArgumentException: unknown secure setting [elasticsearch.password] please check that any required plugins are installed, or check the breaking changes documentation for removed settings

Is this feature supported for 5.6?

Assuming my ES will actually startup, do I still need to put some property in my kibana.yml? I read somewhere that I need to put the following in the yml file:

elasticsearch.username: ${elasticsearch.username}
elasticsearch.password: ${elasticsearch.password}

Is this still required or do I just omit these from the config file?

To securely store Kibana settings, you should use the Kibana keystore, instead of the Elasticsearch keystore. Every tool in the Elastic Stack has its own keystore.

The Kibana keystore has only been available since version 6.1, so you will have to upgrade first.

Once you apply settings to the Kibana keystore, there is no need to also put those in the kibana.yml file.

1 Like

Thanks! Unfortunately, this ES cluster is a component for a vendor solution where the vendor has said that the application has only been tested and verified with ES 5.x, thus upgrading might not be an option. Are there other ways to secure this password for ES 5.6?

I don't think there's a way to do this in 5.6.

It's time for your vendor to get on the version 6 bandwagon :slightly_smiling_face:. Version 6 has been out for over a year. And an alpha for version 7 has been released already, so it won't be too long until version 7 is out.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.