I use elasticstack 8.5.3 and have 2 Logstash, 5 ELS and 1 Kibana nodes.
I was cleaning the older kibana system indices ( upgraded from 7.17.7) and deleted .security_7 index also and had to create all built in users again.
I had to also create new encryption key for kibana by using this :
xpack.security.encryptionKey: "xxx" xpack.encryptedSavedObjects.encryptionKey: "xxx" xpack.reporting.encryptionKey: "xxx"
But after that I keep getting this error:
Failed to decrypt "apiKey" attribute: Unsupported state or unable to authenticate data
Error: Unable to decrypt attribute "apiKey" at loadRule (/../kibana-8.5.3/x-pack/plugins/alerting/server/task_runner/rule_loader.js:43:11) at TaskRunner.prepareToRun (/../kibana-8.5.3/x-pack/plugins/alerting/server/task_runner/task_runner.js:494:12) at TaskRunnerTimer.runWithTimer (/../kibana-8.5.3/x-pack/plugins/alerting/server/task_runner/task_runner_timer.js:57:20) at TaskRunner.run (/../kibana-8.5.3/x-pack/plugins/alerting/server/task_runner/task_runner.js:611:30) at TaskManagerRunner.run (/../kibana-8.5.3/x-pack/plugins/task_manager/server/task_running/task_runner.js:299:22)
It is flooding my logs.
I read this documentation: xpack-security-secure-saved-objects
If I try to use just
xpack.encryptedSavedObjects: encryptionKey: "newKey" keyRotation: decryptionOnlyKeys: ["oldKey"]
I get this error:
Re-authentication can not be handled
I deleted all saved objects on kibana.
I do not have any rules, alers etc.
It is just empty kibana but still get these errors.
I also deleted old version indices
but still get this error.
Is this is a kibana bug as stated here?
"unable to decrypt" error