Enabling anonymous access (fileRealm) in kibana

Hello,
I'm a beginner in using elasticsearch and kibana with ECK.
I have installed elasticsearch and kibana with ECK.

I have already make it possible to login elasticsearch using fileRealm.

elasticsearch.yaml

apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: "test"
  namespace: default
spec:
  version: 8.4.2
  auth:
    fileRealm:
      - secretName: test-user-realm-secret

secret.yaml

kind: Secret
apiVersion: v1
metadata:
  name: test-user-realm-secret
  namespace: default
stringData:
  users: |-
    hello:ECRYPT_PASSWORD(BCRYPT)

I wanted to make it possible to acess anonymous user to kibana.
It was possible to acess anonymous user with raw password using kibana yaml file.

kibana.yaml (with raw password)

apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
  name: test-kibana
  namespace: default
spec:
  version: 8.4.2
  count: 1
  podTemplate:
    metadata:
      labels:
        app: test-kibana
  elasticsearchRef:
    name: "test"
    namespace: default
  config:
    xpack.security.authc.providers:
      basic.basic1:
        order: 0
      anonymous.anonymous1:
        order: 1
        credentials:
          username: "hello"
          password: "password"

But I couldn't find the way to set encrypted password(Bcrypt) for anonymous user.
Is there any way to access anonymous to access anonymous user with encrypted password(Bcrypt)?

For example, I want to put the password in yaml file like this. (bcrypt)

password: "$2a$12$Mc/gFfMwC6ctkeLkqRbd8exhTAFJnJh4C9nurjsw7mR3fGXyfduDe"

Thanks in advance.

Hi @jane.hwang welcome to the Elastic discussion forum.

I'm pretty sure you cannot specify the password for anonymous access other than as a raw string as the documentation explains.

Maybe you can inject the password using an environment variable that allows you to store the password elsewhere?

From the configuration docs:

environment variables can be injected into configuration using ${MY_ENV_VAR} syntax

So in your case it would mean to create a pretty ugly env var named:

XPACK_SECURITY_AUTHC_PROVIDERS_ANONYMOUS_ANONYMOUS1_CREDENTIALS_PASSWORD

Hope it helps.

1 Like

Hi,@jsanz

Thanks, just wanted to check if it is possible to enable anonymous access.

Regards.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.