Recent works let introduce me some challenges in putting Kibana Dashboard into applications, in secured manner. Hence writing up a quick post for setting it up securely.
Enable X-pack Security
Create credentials for internal communication of Elastic stack:
Random passwords will be created for you:
Changed password for user apm_system PASSWORD apm_system = some-random-password Changed password for user kibana_system PASSWORD kibana_system = some-random-password Changed password for user kibana PASSWORD kibana = some-random-password Changed password for user logstash_system PASSWORD logstash_system = some-random-password Changed password for user beats_system PASSWORD beats_system = some-random-password Changed password for user remote_monitoring_user PASSWORD remote_monitoring_user = some-random-password Changed password for user elastic PASSWORD elastic = some-random-password
elasticsearch.username: "kibana" elasticsearch.password: "<password-generated>"
Create encryption keys for your Kibana:
Then update your
kibana.yml using the keys given in previous step:
xpack.encryptedSavedObjects.encryptionKey: some-random-key xpack.reporting.encryptionKey: some-random-key xpack.security.encryptionKey: some-random-key xpack.reporting.capture.browser.chromium.disableSandbox: true
Then start your Kibana.
Now, you will prompt to enter username and password - use the
elastic user in above steps.
Once you are logged in, go to Stack Management.
Create a new role named as
- Give privileges to indices you want to expose to public.
- Create a kibana privilege as well, by Add a new one. Choose targeted space - i used Default. Then in feature privilege, grant access to read only for Dashboard and Visualise Library.
Once you are done, go create a new user, assign the role as
Then, back to
kibana.yml, append the config as following:
xpack.security.authc.providers: anonymous.anonymous1: order: 0 session: idleTimeout: 1Y credentials: username: "anon" password: "SomeStrongPasswordIGuess" basic.basic1: order: 1
Then restart your Kibana.
By now, you should be able to have a Public URL for your dashboard and be able to embed the dashboard in any of your applications.