Kibana.yml elasticsearch username and password

misiakj · May 8, 2019, 5:05pm

I’m setting up OpenDistro Kibana and Elasticsearch, but my Config files/Code will be in a company wide code repository.

Because of this I don’t want plaintext (or even hashed) username/password combos in our config files.

The kibana.yml file requires the following be set for Kibana to access ES

elasticsearch.username: “admin”
elasticsearch.password: “admin”

Is there a way to modify this to allow a cert file?

Hugo · May 8, 2019, 7:17pm

rt711 · May 9, 2019, 9:05pm

Use configuration management tool to encrypt the password. AES-256 encrypted data can be stored in repository.

With Ansible the variables are encrypted with vault, and I’m pretty sure encryption can be applied with Chef databags or Puppet Hiera.
I already implemented encrypted passwords feature here: GitHub - rt711/opendistro-for-elasticsearch-ansible: OpenDistro for ElasticSearch Ansible deployment

Topic		Replies	Views
Elasticsearch-keystore for opendistro config.yml Security	2	2751	May 5, 2021
Kibana Server authentication overrides Kibana USER authentication Security	5	928	July 12, 2022
OpenDistro Kibana Login Allowing any login Security	9	5674	May 27, 2020
How can I send logs to elasticsearch without username and password. But with enabled security plugin Security	7	1652	August 25, 2021
Variables for production environment Open Source Elasticsearch and Kibana	1	544	June 15, 2020