Kibana's configuration documentation mentions the non-existent xpack.security.enabled property

[linghengqian]

• I came from https://discuss.elastic.co/t/why-is-the-non-existent-xpack-security-enabled-mentioned-in-kibanas-configuration-documentation/366131?u=linghengqian , in order to avoid the original discussion being closed due to no reply for 28 days, I opened the current github issue.
• See https://www.elastic.co/guide/en/elasticsearch/reference/current/run-elasticsearch-locally.html#local-dev-run-kib .

Start the Kibana container with the following command:

docker run -p 127.0.0.1:5601:5601 -d --name kibana --network elastic-net \
  -e ELASTICSEARCH_URL=http://elasticsearch:9200 \
  -e ELASTICSEARCH_HOSTS=http://elasticsearch:9200 \
  -e ELASTICSEARCH_USERNAME=kibana_system \
  -e ELASTICSEARCH_PASSWORD=$KIBANA_PASSWORD \
  -e "xpack.security.enabled=false" \
  -e "xpack.license.self_generated.type=trial" \
  docker.elastic.co/kibana/kibana:8.15.0

• But the problem is, xpack.security.enabled is not declared in https://www.elastic.co/guide/en/kibana/current/settings.html .
• According to https://www.elastic.co/guide/en/kibana/current/release-notes-8.0.0-beta1.html#platform-breaking-changes-8.0.0-beta1 and Remove deprecated xpack.security.enabled config option #111681 , the xpack.security.enabled property has been removed.
• So what does setting xpack.security.enabled to false do in the Kibana container?

[elasticmachine]

Pinging @elastic/kibana-security (Team:Security)

[SiddharthMantri]

Hi @linghengqian! The -e flag in the docker command is adding the xpack.security.enabled=false flag to the container environment. From here, it's not being passed to the Kibana config which means its just an unused environment variable in the container at which point it'll do nothing and the docker container doesn't have any logic (afaict) to warn about unknown env variables.

[linghengqian]

Hi @linghengqian! The -e flag in the docker command is adding the xpack.security.enabled=false flag to the container environment. From here, it's not being passed to the Kibana config which means its just an unused environment variable in the container at which point it'll do nothing and the docker container doesn't have any logic (afaict) to warn about unknown env variables.

• From this perspective, should the documentation at https://github.com/elastic/elasticsearch/tree/main be updated? I'm not sure if this issue should be moved to another git.
• 

[linghengqian]

• I have noticed https://discuss.elastic.co/t/why-is-the-non-existent-xpack-security-enabled-mentioned-in-kibanas-configuration-documentation/366131/3?u=linghengqian . [docs] Remove xpack.security.enabled Kibana reference elasticsearch#113894 should be able to close the current issue? But the issue and PR don't seem to be connected.

[SiddharthMantri]

But the issue and PR don't seem to be connected.

Which issue do you refer to?

[linghengqian]

But the issue and PR don't seem to be connected.

Which issue do you refer to?

• The current issue I am referring to is Kibana's configuration documentation mentions the non-existent xpack.security.enabled property #194243 .

[linghengqian]

• https://www.elastic.co/guide/en/elasticsearch/reference/current/run-elasticsearch-locally.html has been updated to use https://github.com/elastic/start-local , should the current issue be closed?

[SiddharthMantri]

@linghengqian Yes, let's close this one. Thank you!