How to disable Kibana security warning message

Kibana shows this message:

Elasticsearch built-in security features are not enabled. Without authentication, your cluster could be accessible to anyone. See https://www.elastic.co/guide/en/elasticsearch/reference/7.13/security-minimal-setup.html to enable security.

I cannot find any way of disabling this message. Is there an option on kibana.yml settings to disable that message warning ?

NOTE: obviously activating ElasticSearch security will fix it but I have the servers behind a VPN and two firewall layers so adding SSL/TLS is not necessary and it only will make it slow)
IMPORTANT: do NOT disable ElasticSearch security if you are not on a sandboxed secure context

4 Likes

Welcome to our community! :smiley:
I don't know how to disable this other than by setting up Security. But,

Uhhh, huh?

What does your Kibana config look like? Have you tried enabling security in Kibana but not in Elasticsearch?

Thanks !! ... it's a nice community.

Let me explain that more:

HTTPS is slower than HTTP (the CPU suffers encrypting and decrypting all the time) ... the use of HTTPS is mandatory in the traditional ElasticSearch security recommendations (for example with user and password authentication) ... but with VPN (and other encryption and security options like IPSEC) the tradicional ElasticSearch is not required and even slower (if forced with HTTPS encryption on top of the already VPN encryption) ... thus my question -> how to disable the security warning of the traditional ElasticSearch message

Good idea, I will try to add security on the Kibana piece only, thanks !!

Kibana security relies on Elasticsearch security which in turn requires TLS to be enabled within the cluster for multi-node clusters. The reason I asked about Kibana config was to ee if you had any setting requiring security to be enabled.

no, nothing about security activated on Kibana, just the plain vanilla installation pointing to my ElasticSearch cluster.

I'm trying to follow these instructions -> Securing access to Kibana | Kibana Guide [7.13] | Elastic but I cannot find the Security > Roles section on my Kibana installation.

I'm using Kibana 7.13 and this is my config/kibana.yml file:

elasticsearch.hosts: ["http://cs-es-node1:9200", "http://cs-es-node2:9200", "http://cs-es-node3:9200"]
telemetry.enabled: false

Thanks for your help

Are you using Elasticsearch 7.13 as well?

Yes, ElasticSearch 7.13 too

Here a snapshot of the Stack Management mentioned at Securing access to Kibana | Kibana Guide [7.13] | Elastic

where I cannot find the Secure > Roles section nor the Secure > Users section

So, question -> How can I add users to Kibana 7.13 ?

For sure I'm missing something very obvious but I'm lost now.

Or even better how can I just remove the security warning message ... everything is working nice now with VPN.

Thank you for your help !!

1 Like

@csaltos In short, you can disable the warning message by explicitly turning off security, i.e. add the following in elasticsearch.yml:

xpack.security.enabled: false

Some more context
The warning is shown when the security is implicitly disabled, that is, there is no config for xpack.security.enabled in elasticsearch.yml, and your license is either basic or trial. This is new in 7.13. You can remove the warning by either enable or disable security explicitly. We'd recommend you to enable security since it gives you better protection. But in the meantime, you can choose to opt out explicilty. Again, we recommend enabling security since your data could be at risk without it. The new step-by-step guide should provide you a straightforward path. Thanks!

2 Likes

Great !! ... that does the trick !! ... thank you very much Yang and Christian and Mark for your help and support, a great community indeed ... now I just need to ensure the IPSec and the VPN works correctly for having all this actually secure for production.

Best regards,

Carlos

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.