diff --git a/docs/orchestrating-elastic-stack-applications/kibana.asciidoc b/docs/orchestrating-elastic-stack-applications/kibana.asciidoc index 77d01aa739..ddd733c368 100644 --- a/docs/orchestrating-elastic-stack-applications/kibana.asciidoc +++ b/docs/orchestrating-elastic-stack-applications/kibana.asciidoc @@ -206,6 +206,18 @@ To deploy more than one instance of Kibana, all the instances must share a same * `xpack.reporting.encryptionKey` * `xpack.encryptedSavedObjects.encryptionKey` +[TIP] +==== +If you need to access these encryption keys, you can find them using the `kubectl get secrets` command. + +The secret is named after the corresponding Kibana instance. For example, for a Kibana named `my-kibana`, you can run the following command to retrieve the current encryption keys: + +[source,shell,subs="attributes"] +---- +kubectl get secret my-kibana-kb-config -o jsonpath='{ .data.kibana\.yml }' | base64 --decode | grep -A1 encryptedSavedObjects +---- +==== + You can provide your own encryption keys using a secure setting, as described in <<{p}-kibana-secure-settings,Secure settings>>. NOTE: While most reconfigurations of your Kibana instances are carried out in rolling upgrade fashion, all version upgrades will cause Kibana downtime. This happens because you can only run a single version of Kibana at any given time. For more information, check link:https://www.elastic.co/guide/en/kibana/current/upgrade.html[Upgrade Kibana].