From df69825e5affc2dacf0ef45e8545f24ce18798ae Mon Sep 17 00:00:00 2001 From: David Kilfoyle <41695641+kilfoyle@users.noreply.github.com> Date: Mon, 28 Oct 2024 12:40:17 -0400 Subject: [PATCH] [docs] Add note on how to access generated Kibana encryptionKeys (#8150) This updates the Advanced configuration page with a tip about how to access the operator-generated encryption keys. --------- Co-authored-by: Stef Nestor <26751266+stefnestor@users.noreply.github.com> Co-authored-by: Peter Brachwitz Co-authored-by: Thibault Richard --- .../kibana.asciidoc | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/docs/orchestrating-elastic-stack-applications/kibana.asciidoc b/docs/orchestrating-elastic-stack-applications/kibana.asciidoc index 77d01aa739..ddd733c368 100644 --- a/docs/orchestrating-elastic-stack-applications/kibana.asciidoc +++ b/docs/orchestrating-elastic-stack-applications/kibana.asciidoc @@ -206,6 +206,18 @@ To deploy more than one instance of Kibana, all the instances must share a same * `xpack.reporting.encryptionKey` * `xpack.encryptedSavedObjects.encryptionKey` +[TIP] +==== +If you need to access these encryption keys, you can find them using the `kubectl get secrets` command. + +The secret is named after the corresponding Kibana instance. For example, for a Kibana named `my-kibana`, you can run the following command to retrieve the current encryption keys: + +[source,shell,subs="attributes"] +---- +kubectl get secret my-kibana-kb-config -o jsonpath='{ .data.kibana\.yml }' | base64 --decode | grep -A1 encryptedSavedObjects +---- +==== + You can provide your own encryption keys using a secure setting, as described in <<{p}-kibana-secure-settings,Secure settings>>. NOTE: While most reconfigurations of your Kibana instances are carried out in rolling upgrade fashion, all version upgrades will cause Kibana downtime. This happens because you can only run a single version of Kibana at any given time. For more information, check link:https://www.elastic.co/guide/en/kibana/current/upgrade.html[Upgrade Kibana].