When I restart the Kibana service, it won't boot up.
So my question is:
Should ignore the upon Kibana warning as I'm using NGINX for having a secure connection namely with HTTPS? If yes, how to disable the upon warning (only this warning, not all the warnings)?
It’s up to you to decide whether any particular security approach fits for you.
If me:
I would personally answer with a hard NO, if I’m in any sort of corporate/business/paid setting. If some hobby project running in my basement, maybe still no but at least a bit arguable. But that’s me. YMMV.
Jun 25 07:47:07 kibana[950682]: [2025-06-25T07:47:07.656+02:00][ERROR][plugins.encryptedSavedObjects] Failed to decrypt attribute "apiKey" of saved object "alert,74874100-eb51-16te-9344-c185obr74106": Unsupported state or unable to authenticate data
Jun 25 07:47:07 kibana[950682]: [2025-06-25T07:47:07.659+02:00][ERROR][plugins.encryptedSavedObjects] Failed to decrypt attribute "apiKey" of saved object "alert,7442g100-eh71-14ae-9964-c172ubr76566": Unsupported state or unable to authenticate data
Jun 25 07:47:07 kibana[950682]: [2025-06-25T07:47:07.662+02:00][INFO ][plugins.observabilityAIAssistant.index_assets] Found 1 concrete indices for .kibana-observability-ai-assistant-conversations-000001 - [{"index":".kibana-observability-ai-assistant-conversations-000001","alias":".kibana-observability-ai-assistant-conversations","isWriteIndex":true}]
Jun 25 07:47:07 kibana[950682]: [2025-06-25T07:47:07.672+02:00][INFO ][plugins.productDocBase.doc-manager] Task ProductDocBase:EnsureUpToDate scheduled to run soon
Jun 25 07:47:07 kibana[950682]: [2025-06-25T07:47:07.675+02:00][INFO ][plugins.ecsDataQualityDashboard] Updating data streams - .kibana-data-quality-dashboard-results-*
Jun 25 07:47:07 kibana[950682]: [2025-06-25T07:47:07.681+02:00][INFO ][plugins.securitySolution.siemRuleMigrations] Creating index - .kibana-siem-rule-migrations-integrations
Jun 25 07:47:07 kibana[950682]: [2025-06-25T07:47:07.683+02:00][INFO ][plugins.elasticAssistant.service] Updating data streams - .kibana-elastic-ai-assistant-conversations-*
Jun 25 07:47:07 kibana[950682]: [2025-06-25T07:47:07.700+02:00][INFO ][plugins.alerting] Found 1 concrete indices for .internal.alerts-ml.anomaly-detection-health.alerts-default-000001 - [{"index":".internal.alerts-ml.anomaly-detection-health.alerts-default-000001","alias":".alerts-ml.anomaly-detection-health.alerts-default","isWriteIndex":true}]
Jun 25 07:47:07 kibana[950682]: [2025-06-25T07:47:07.706+02:00][ERROR][plugins.alerting.xpack.synthetics.alerts.monitorStatus] Executing Rule default:xpack.synthetics.alerts.monitorStatus:74874100-eb51-16te-9344-c185obr74106 has resulted in Error: Unable to decrypt attribute "apiKey" of saved object "alert,74874100-eb51-16te-9344-c185obr74106" - Error: Unable to decrypt attribute "apiKey" of saved object "alert,74874100-eb51-16te-9344-c185obr74106"
Jun 25 07:47:07 kibana[950682]: at getDecryptedRule (/usr/share/kibana/node_modules/@kbn/alerting-plugin/server/task_runner/rule_loader.js:102:19)
Jun 25 07:47:07 kibana[950682]: at /usr/share/kibana/node_modules/@kbn/alerting-plugin/server/task_runner/task_runner.js:379:24
Jun 25 07:47:07 kibana[950682]: at TaskRunnerTimer.runWithTimer (/usr/share/kibana/node_modules/@kbn/alerting-plugin/server/task_runner/task_runner_timer.js:49:20)
Jun 25 07:47:07 kibana[950682]: at TaskRunner.prepareToRun (/usr/share/kibana/node_modules/@kbn/alerting-plugin/server/task_runner/task_runner.js:322:12)
Jun 25 07:47:07 kibana[950682]: at TaskRunner.run (/usr/share/kibana/node_modules/@kbn/alerting-plugin/server/task_runner/task_runner.js:539:33)
Jun 25 07:47:07 kibana[950682]: at TaskManagerRunner.run (/usr/share/kibana/node_modules/@kbn/task-manager-plugin/server/task_running/task_runner.js:325:22)
Jun 25 07:47:07 kibana[950682]: [2025-06-25T07:47:07.711+02:00][ERROR][plugins.alerting.xpack.synthetics.alerts.tls] Executing Rule default:xpack.synthetics.alerts.tls:7442g100-eh71-14ae-9964-c172ubr76566 has resulted in Error: Unable to decrypt attribute "apiKey" of saved object "alert,7442g100-eh71-14ae-9964-c172ubr76566" - Error: Unable to decrypt attribute "apiKey" of saved object "alert,7442g100-eh71-14ae-9964-c172ubr76566"
Jun 25 07:47:07 kibana[950682]: at getDecryptedRule (/usr/share/kibana/node_modules/@kbn/alerting-plugin/server/task_runner/rule_loader.js:102:19)
Jun 25 07:47:07 kibana[950682]: at /usr/share/kibana/node_modules/@kbn/alerting-plugin/server/task_runner/task_runner.js:379:24
Jun 25 07:47:07 kibana[950682]: at TaskRunnerTimer.runWithTimer (/usr/share/kibana/node_modules/@kbn/alerting-plugin/server/task_runner/task_runner_timer.js:49:20)
Jun 25 07:47:07 kibana[950682]: at TaskRunner.prepareToRun (/usr/share/kibana/node_modules/@kbn/alerting-plugin/server/task_runner/task_runner.js:322:12)
Jun 25 07:47:07 kibana[950682]: at TaskRunner.run (/usr/share/kibana/node_modules/@kbn/alerting-plugin/server/task_runner/task_runner.js:539:33)
Jun 25 07:47:07 kibana[950682]: at TaskManagerRunner.run (/usr/share/kibana/node_modules/@kbn/task-manager-plugin/server/task_running/task_runner.js:325:22)
[...]
Jun 25 07:47:08 kibana[950682]: [2025-06-25T07:47:08.183+02:00][INFO ][plugins.observabilityAIAssistant.index_assets] Successfully set up index assets
Jun 25 07:47:08 kibana[950682]: [2025-06-25T07:47:08.206+02:00][INFO ][status.plugins.alerting] alerting plugin is now available: Alerting is (probably) ready
Jun 25 07:47:08 kibana[950682]: [2025-06-25T07:47:08.206+02:00][INFO ][status.plugins.fleet] fleet plugin is now available: Fleet is setting up
Jun 25 07:47:08 kibana[950682]: [2025-06-25T07:47:08.207+02:00][INFO ][status.plugins.licensing] licensing plugin is now available: License fetched
Jun 25 07:47:08 kibana[950682]: [2025-06-25T07:47:08.207+02:00][INFO ][status.plugins.taskManager] taskManager plugin is now available: Task Manager is healthy
Jun 25 07:47:08 kibana[950682]: [2025-06-25T07:47:08.286+02:00][INFO ][status] Kibana is now available
[..]
Jun 25 07:47:09 kibana[950682]: [2025-06-25T07:47:09.694+02:00][WARN ][plugins.fleet] Uploaded package needs to be manually reinstalled security_detection_engine. Cannot reinstall an uploaded package
Jun 25 07:47:09 kibana[950682]: [2025-06-25T07:47:09.711+02:00][ERROR][plugins.encryptedSavedObjects] Failed to decrypt attribute "passphrase" of saved object "fleet-message-signing-keys,87a1e940-ea81-11ee-9734-c100ebb50806": Unsupported state or unable to authenticate data
Jun 25 07:47:09 kibana[950682]: [2025-06-25T07:47:09.713+02:00][WARN ][plugins.fleet.messageSigningService] failed to get message signing key pair. retrying attempt: 1
Jun 25 07:47:09 kibana[950682]: [2025-06-25T07:47:09.789+02:00][ERROR][plugins.encryptedSavedObjects] Failed to decrypt attribute "passphrase" of saved object "fleet-message-signing-keys,87a1e940-ea81-11ee-9734-c100ebb50806": Unsupported state or unable to authenticate data
Jun 25 07:47:09 kibana[950682]: [2025-06-25T07:47:09.792+02:00][WARN ][plugins.fleet.messageSigningService] failed to get message signing key pair. retrying attempt: 2
Jun 25 07:47:11 kibana[950682]: [2025-06-25T07:47:11.404+02:00][ERROR][plugins.encryptedSavedObjects] Failed to decrypt attribute "passphrase" of saved object "fleet-message-signing-keys,87a1e940-ea81-11ee-9734-c100ebb50806": Unsupported state or unable to authenticate data
Jun 25 07:47:11 kibana[950682]: [2025-06-25T07:47:11.407+02:00][WARN ][plugins.fleet.messageSigningService] failed to get message signing key pair. retrying attempt: 3
Jun 25 07:47:12 kibana[950682]: [2025-06-25T07:47:12.846+02:00][ERROR][plugins.encryptedSavedObjects] Failed to decrypt attribute "passphrase" of saved object "fleet-message-signing-keys,87a1e940-ea81-11ee-9734-c100ebb50806": Unsupported state or unable to authenticate data
Jun 25 07:47:12 kibana[950682]: [2025-06-25T07:47:12.847+02:00][WARN ][plugins.fleet.messageSigningService] failed to get message signing key pair. retrying attempt: 4
Jun 25 07:47:14 kibana[950682]: [2025-06-25T07:47:14.555+02:00][ERROR][plugins.encryptedSavedObjects] Failed to decrypt attribute "passphrase" of saved object "fleet-message-signing-keys,87a1e940-ea81-11ee-9734-c100ebb50806": Unsupported state or unable to authenticate data
Jun 25 07:47:14 kibana[950682]: [2025-06-25T07:47:14.557+02:00][WARN ][plugins.fleet.messageSigningService] failed to get message signing key pair. retrying attempt: 5
Jun 25 07:47:17 kibana[950682]: [2025-06-25T07:47:17.010+02:00][ERROR][plugins.encryptedSavedObjects] Failed to decrypt attribute "passphrase" of saved object "fleet-message-signing-keys,87a1e940-ea81-11ee-9734-c100ebb50806": Unsupported state or unable to authenticate data
Jun 25 07:47:17 kibana[950682]: [2025-06-25T07:47:17.012+02:00][WARN ][plugins.fleet.messageSigningService] failed to get message signing key pair. retrying attempt: 6
Jun 25 07:47:18 kibana[950682]: [2025-06-25T07:47:18.621+02:00][ERROR][plugins.encryptedSavedObjects] Failed to decrypt attribute "passphrase" of saved object "fleet-message-signing-keys,87a1e940-ea81-11ee-9734-c100ebb50806": Unsupported state or unable to authenticate data
Jun 25 07:47:18 kibana[950682]: [2025-06-25T07:47:18.623+02:00][WARN ][plugins.fleet.messageSigningService] failed to get message signing key pair. retrying attempt: 7
Jun 25 07:47:18 kibana[950682]: [2025-06-25T07:47:18.844+02:00][ERROR][plugins.encryptedSavedObjects] Failed to decrypt attribute "passphrase" of saved object "fleet-message-signing-keys,87a1e940-ea81-11ee-9734-c100ebb50806": Unsupported state or unable to authenticate data
Jun 25 07:47:18 kibana[950682]: [2025-06-25T07:47:18.846+02:00][WARN ][plugins.fleet.messageSigningService] failed to get message signing key pair. retrying attempt: 8
Jun 25 07:47:19 kibana[950682]: [2025-06-25T07:47:19.052+02:00][ERROR][plugins.encryptedSavedObjects] Failed to decrypt attribute "passphrase" of saved object "fleet-message-signing-keys,87a1e940-ea81-11ee-9734-c100ebb50806": Unsupported state or unable to authenticate data
Jun 25 07:47:19 kibana[950682]: [2025-06-25T07:47:19.054+02:00][WARN ][plugins.fleet.messageSigningService] failed to get message signing key pair. retrying attempt: 9
Jun 25 07:47:19 kibana[950682]: [2025-06-25T07:47:19.481+02:00][ERROR][plugins.encryptedSavedObjects] Failed to decrypt attribute "passphrase" of saved object "fleet-message-signing-keys,87a1e940-ea81-11ee-9734-c100ebb50806": Unsupported state or unable to authenticate data
Jun 25 07:47:19 kibana[950682]: [2025-06-25T07:47:19.483+02:00][WARN ][plugins.fleet.messageSigningService] failed to get message signing key pair. retrying attempt: 10
Jun 25 07:47:19 kibana[950682]: [2025-06-25T07:47:19.504+02:00][INFO ][plugins.fleet] Encountered non fatal errors during Fleet setup
Jun 25 07:47:19 kibana[950682]: [2025-06-25T07:47:19.505+02:00][INFO ][plugins.fleet] {"name":"MessageSigningError","message":"Cannot read existing Message Signing Key pair"}
Jun 25 07:47:19 kibana[950682]: [2025-06-25T07:47:19.505+02:00][INFO ][plugins.fleet] Fleet setup completed
Jun 25 07:47:19 kibana[950682]: [2025-06-25T07:47:19.523+02:00][INFO ][plugins.securitySolution] Dependent plugin setup complete
Jun 25 07:47:19 kibana[950682]: [2025-06-25T07:47:19.523+02:00][INFO ][plugins.securitySolution] Starting ManifestTask
Jun 25 07:47:19 kibana[950682]: [2025-06-25T07:47:19.541+02:00][INFO ][plugins.securitySolution.endpoint.policyProtectionsComplianceChecks] All relevant features are enabled. Nothing to do!
Jun 25 07:47:19 kibana[950682]: [2025-06-25T07:47:19.542+02:00][INFO ][plugins.securitySolution.endpoint.agentPolicyFeatures] App feature [endpoint_agent_tamper_protection] is enabled. Nothing to do!
Jun 25 07:47:19 kibana[950682]: [2025-06-25T07:47:19.554+02:00][INFO ][plugins.securitySolution.startupPolicyIndicesChecker] Checking to ensure [0] endpoint policies have backing indices
Jun 25 07:47:20 kibana[950682]: [2025-06-25T07:47:20.534+02:00][ERROR][plugins.fleet] Failed to fetch latest version of synthetics from registry: Error connecting to package registry: request to https://epr.elastic.co/search?package=synthetics&prerelease=true&kibana.version=9.0.1&spec.min=2.3&spec.max=3.3 failed, reason: getaddrinfo ENOTFOUND epr.elastic.co
Jun 25 07:47:20 kibana[950682]: [2025-06-25T07:47:20.539+02:00][INFO ][plugins.synthetics] Installed synthetics index templates
Jun 25 07:47:22 kibana[950682]: [2025-06-25T07:47:22.612+02:00][INFO ][plugins.fleet] Found 0 package policies that need agent policy revision bump
Jun 25 07:47:24 kibana[950682]: [2025-06-25T07:47:24.133+02:00][INFO ][plugins.securitySolution.telemetry_events.sender.task] outdated task
Jun 25 07:47:24 kibana[950682]: [2025-06-25T07:47:24.134+02:00][INFO ][plugins.fleet.fleet:delete-unenrolled-agents-task:1.0.0] [runTask()] started
Jun 25 07:47:24 kibana[950682]: [2025-06-25T07:47:24.138+02:00][INFO ][plugins.securitySolution.telemetry_events.sender.task] Telemetry is not opted-in
Jun 25 07:47:24 kibana[950682]: [2025-06-25T07:47:24.139+02:00][INFO ][plugins.securitySolution.telemetry_events.sender.task] Telemetry is not opted-in
Jun 25 07:47:24 kibana[950682]: [2025-06-25T07:47:24.139+02:00][INFO ][plugins.securitySolution.telemetry_events.sender.task] Telemetry is not opted-in
Jun 25 07:47:24 kibana[950682]: [2025-06-25T07:47:24.139+02:00][INFO ][plugins.securitySolution.telemetry_events.sender.task] Telemetry is not opted-in
Jun 25 07:47:24 kibana[950682]: [2025-06-25T07:47:24.148+02:00][INFO ][plugins.securitySolution.endpoint:metadata-check-transforms-task:0.0.1] no endpoint installation found
Jun 25 07:47:24 kibana[950682]: [2025-06-25T07:47:24.151+02:00][INFO ][plugins.fleet.fleet:delete-unenrolled-agents-task:1.0.0] [DeleteUnenrolledAgentsTask] runTask ended: Delete unenrolled agents is disabled
Jun 25 07:47:24 kibana[950682]: [2025-06-25T07:47:24.162+02:00][INFO ][plugins.fleet] Fleet Usage: {"agents_enabled":true,"agents":{"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"inactive":0,"unenrolled":0,"total_all_statuses":0,"updating":0},"fleet_server":{"total_all_statuses":0,"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"updating":0,"inactive":0,"unenrolled":0,"num_host_urls":0},"license_issued_to":"elasticsearch"}
Jun 25 07:47:26 kibana[950682]: [2025-06-25T07:47:26.611+02:00][INFO ][plugins.fleet] Running Fleet Usage telemetry send task
Jun 25 07:47:27 kibana[950682]: [2025-06-25T07:47:27.125+02:00][INFO ][plugins.fleet.fleet:unenroll-inactive-agents-task:1.0.0] [runTask()] started
Jun 25 07:47:27 kibana[950682]: [2025-06-25T07:47:27.135+02:00][INFO ][plugins.fleet.fleet:unenroll-inactive-agents-task:1.0.0] [UnenrollInactiveAgentsTask] runTask ended: success
Jun 25 07:47:27 kibana[950682]: [2025-06-25T07:47:27.630+02:00][INFO ][plugins.securitySolution.telemetry_events.sender.task] outdated task
Jun 25 07:47:27 kibana[950682]: [2025-06-25T07:47:27.633+02:00][INFO ][plugins.securitySolution.telemetry_events.sender.task] Telemetry is not opted-in
[..]
Jun 25 07:48:07 kibana[950682]: [2025-06-25T07:48:07.323+02:00][ERROR][plugins.encryptedSavedObjects] Failed to decrypt attribute "apiKey" of saved object "alert,74874100-eb51-16te-9344-c185obr74106": Unsupported state or unable to authenticate data
Jun 25 07:48:07 kibana[950682]: [2025-06-25T07:48:07.325+02:00][ERROR][plugins.encryptedSavedObjects] Failed to decrypt attribute "apiKey" of saved object "alert,7442g100-eh71-14ae-9964-c172ubr76566": Unsupported state or unable to authenticate data
Jun 25 07:48:07 kibana[950682]: [2025-06-25T07:48:07.530+02:00][ERROR][plugins.alerting.xpack.synthetics.alerts.monitorStatus] Executing Rule default:xpack.synthetics.alerts.monitorStatus:74874100-eb51-16te-9344-c185obr74106 has resulted in Error: Unable to decrypt attribute "apiKey" of saved object "alert,74874100-eb51-16te-9344-c185obr74106" - Error: Unable to decrypt attribute "apiKey" of saved object "alert,74874100-eb51-16te-9344-c185obr74106"
Jun 25 07:48:07 kibana[950682]: at getDecryptedRule (/usr/share/kibana/node_modules/@kbn/alerting-plugin/server/task_runner/rule_loader.js:102:19)
Jun 25 07:48:07 kibana[950682]: at /usr/share/kibana/node_modules/@kbn/alerting-plugin/server/task_runner/task_runner.js:379:24
Jun 25 07:48:07 kibana[950682]: at TaskRunnerTimer.runWithTimer (/usr/share/kibana/node_modules/@kbn/alerting-plugin/server/task_runner/task_runner_timer.js:49:20)
Jun 25 07:48:07 kibana[950682]: at TaskRunner.prepareToRun (/usr/share/kibana/node_modules/@kbn/alerting-plugin/server/task_runner/task_runner.js:322:12)
Jun 25 07:48:07 kibana[950682]: at TaskRunner.run (/usr/share/kibana/node_modules/@kbn/alerting-plugin/server/task_runner/task_runner.js:539:33)
Jun 25 07:48:07 kibana[950682]: at TaskManagerRunner.run (/usr/share/kibana/node_modules/@kbn/task-manager-plugin/server/task_running/task_runner.js:325:22)
Jun 25 07:48:07 kibana[950682]: [2025-06-25T07:48:07.542+02:00][ERROR][plugins.alerting.xpack.synthetics.alerts.tls] Executing Rule default:xpack.synthetics.alerts.tls:7442g100-eh71-14ae-9964-c172ubr76566 has resulted in Error: Unable to decrypt attribute "apiKey" of saved object "alert,7442g100-eh71-14ae-9964-c172ubr76566" - Error: Unable to decrypt attribute "apiKey" of saved object "alert,7442g100-eh71-14ae-9964-c172ubr76566"
Jun 25 07:48:07 kibana[950682]: at getDecryptedRule (/usr/share/kibana/node_modules/@kbn/alerting-plugin/server/task_runner/rule_loader.js:102:19)
Jun 25 07:48:07 kibana[950682]: at /usr/share/kibana/node_modules/@kbn/alerting-plugin/server/task_runner/task_runner.js:379:24
Jun 25 07:48:07 kibana[950682]: at TaskRunnerTimer.runWithTimer (/usr/share/kibana/node_modules/@kbn/alerting-plugin/server/task_runner/task_runner_timer.js:49:20)
Jun 25 07:48:07 kibana[950682]: at TaskRunner.prepareToRun (/usr/share/kibana/node_modules/@kbn/alerting-plugin/server/task_runner/task_runner.js:322:12)
Jun 25 07:48:07 kibana[950682]: at TaskRunner.run (/usr/share/kibana/node_modules/@kbn/alerting-plugin/server/task_runner/task_runner.js:539:33)
Jun 25 07:48:07 kibana[950682]: at TaskManagerRunner.run (/usr/share/kibana/node_modules/@kbn/task-manager-plugin/server/task_running/task_runner.js:325:22)
Maybe something related with the apiKey? I have two API keys configured (before settings the Kibana ssl settings)
Yes sure, I also want to secure the connection (indipendently if a private or business project, security goes first), but the settings that I'm configuring inside the Kibana config file, are similiar settings already set inside the nginx.conf file. The NGINX does already do the reverse proxy from an unsecure connection namely HTTP to HTTPS. The nginx configuration file does already contain the path of the ssl cert, key and key passphrase.
For this reason, as I'm using NGINX, configuraring the upon Kibana ssl settings, would secure at a very high level the security of the ELK Stack instance (I mean Kibana ssl + NGINX ssl) or the NGINX reverse proxy does already do what the ssl settings inside the Kibana config file will already do?
Is Kibana with SSL working when you try to connect direct to it, without having Nginx in front of it?
You need to make sure that the SSL configuration in Kibana is working when you connect direct to it, then you can see what you need to configure in Nginx if you still want to use it.
Nginx is not required, you can use just Kibana if you want.
Yes. Locks on these doors are all sort of similar. Stretching the metaphor somewhat, and ignoring a number of nuances, you are asking if it’s ok to leave an internal door semi-open, cos you have a decent lock on the main door. Your call. Let’s hope the bad guys only try to go thru the main door. Personally, I’d likely lock both doors. But I’ve no idea on your internals, and in end it’s your decision to weigh the risks.
No, I stopped the nginx and after restarting only the Kibana service inside the logs I see the same error as before of apiKey:
Failed to decrypt attribute \"apiKey\" of saved object \"alert,74874100-eb51-16te-9344-c185obr74106\": Unsupported state or unable to authenticate data
Could be something related to the API key? In my instance I have already created two API keys, maybe need to be removed and recreated it, after activating the ssl feature inside the Kibana config file?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
