Enabling anonymous access (fileRealm) in kibana

jane.hwang · December 13, 2022, 8:30am

Hello,
I'm a beginner in using elasticsearch and kibana with ECK.
I have installed elasticsearch and kibana with ECK.

I have already make it possible to login elasticsearch using fileRealm.

elasticsearch.yaml

apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: "test"
  namespace: default
spec:
  version: 8.4.2
  auth:
    fileRealm:
      - secretName: test-user-realm-secret

secret.yaml

kind: Secret
apiVersion: v1
metadata:
  name: test-user-realm-secret
  namespace: default
stringData:
  users: |-
    hello:ECRYPT_PASSWORD(BCRYPT)

I wanted to make it possible to acess anonymous user to kibana.
It was possible to acess anonymous user with raw password using kibana yaml file.

kibana.yaml (with raw password)

apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
  name: test-kibana
  namespace: default
spec:
  version: 8.4.2
  count: 1
  podTemplate:
    metadata:
      labels:
        app: test-kibana
  elasticsearchRef:
    name: "test"
    namespace: default
  config:
    xpack.security.authc.providers:
      basic.basic1:
        order: 0
      anonymous.anonymous1:
        order: 1
        credentials:
          username: "hello"
          password: "password"

But I couldn't find the way to set encrypted password(Bcrypt) for anonymous user.
Is there any way to access anonymous to access anonymous user with encrypted password(Bcrypt)?

For example, I want to put the password in yaml file like this. (bcrypt)

password: "$2a$12$Mc/gFfMwC6ctkeLkqRbd8exhTAFJnJh4C9nurjsw7mR3fGXyfduDe"

Thanks in advance.

jsanz · December 27, 2022, 2:35pm

Hi @jane.hwang welcome to the Elastic discussion forum.

I'm pretty sure you cannot specify the password for anonymous access other than as a raw string as the documentation explains.

Maybe you can inject the password using an environment variable that allows you to store the password elsewhere?

From the configuration docs:

environment variables can be injected into configuration using ${MY_ENV_VAR} syntax

So in your case it would mean to create a pretty ugly env var named:

XPACK_SECURITY_AUTHC_PROVIDERS_ANONYMOUS_ANONYMOUS1_CREDENTIALS_PASSWORD

Hope it helps.

jane.hwang · January 3, 2023, 11:30pm

Hi,@jsanz

Thanks, just wanted to check if it is possible to enable anonymous access.

Regards.

system · January 31, 2023, 11:31pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.