DEV Community

Cover image for Setting up Anonymous User to Embed Kibana Dashboard to Your Application
Nasrul Hazim Bin Mohamad
Nasrul Hazim Bin Mohamad

Posted on

Setting up Anonymous User to Embed Kibana Dashboard to Your Application

Recent works let introduce me some challenges in putting Kibana Dashboard into applications, in secured manner. Hence writing up a quick post for setting it up securely.

Elasticsearch

Enable X-pack Security

xpack.security.enabled: true
Enter fullscreen mode Exit fullscreen mode

Create credentials for internal communication of Elastic stack:

/usr/share/elasticsearch/bin/elasticsearch-setup-password auto
Enter fullscreen mode Exit fullscreen mode

Random passwords will be created for you:

Changed password for user apm_system
PASSWORD apm_system = some-random-password

Changed password for user kibana_system
PASSWORD kibana_system = some-random-password

Changed password for user kibana
PASSWORD kibana = some-random-password

Changed password for user logstash_system
PASSWORD logstash_system = some-random-password

Changed password for user beats_system
PASSWORD beats_system = some-random-password

Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = some-random-password

Changed password for user elastic
PASSWORD elastic = some-random-password
Enter fullscreen mode Exit fullscreen mode

Kibana

Configure your kibana.yml:

elasticsearch.username: "kibana"
elasticsearch.password: "<password-generated>"
Enter fullscreen mode Exit fullscreen mode

Create encryption keys for your Kibana:

/usr/share/kibana/bin/kibana-encryption-keys generate
Enter fullscreen mode Exit fullscreen mode

Then update your kibana.yml using the keys given in previous step:

xpack.encryptedSavedObjects.encryptionKey: some-random-key
xpack.reporting.encryptionKey: some-random-key
xpack.security.encryptionKey: some-random-key
xpack.reporting.capture.browser.chromium.disableSandbox: true
Enter fullscreen mode Exit fullscreen mode

Then start your Kibana.

Now, you will prompt to enter username and password - use the elastic user in above steps.

Once you are logged in, go to Stack Management.

Create a new role named as embed_dashboard. Then:

  1. Give privileges to indices you want to expose to public.
  2. Create a kibana privilege as well, by Add a new one. Choose targeted space - i used Default. Then in feature privilege, grant access to read only for Dashboard and Visualise Library.

Now save.

Once you are done, go create a new user, assign the role as embed_dashboard role.

Then, back to kibana.yml, append the config as following:

xpack.security.authc.providers:
  anonymous.anonymous1:
    order: 0
    session:
      idleTimeout: 1Y
    credentials:
       username: "anon"
       password: "SomeStrongPasswordIGuess"
  basic.basic1:
    order: 1
Enter fullscreen mode Exit fullscreen mode

Then restart your Kibana.

By now, you should be able to have a Public URL for your dashboard and be able to embed the dashboard in any of your applications.

Photo by Chris Liverani on Unsplash

Discussion (0)