IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.

« Encrypting communications in Kibana X-Pack Settings in Kibana »

› › ›

Security Settings in Kibana

edit

IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

Security Settings in Kibana

edit

You do not need to configure any additional settings to use X-Pack security in Kibana. It is enabled by default.

General Security Settings

edit

xpack.security.enabled

Set to true (default) to enable X-Pack security.

If set to false in kibana.yml, the user and role management options are hidden in this Kibana instance. If xpack.security.enabled is set to true in elasticsearch.yml, however, you can still use the X-Pack security APIs. To disable X-Pack security entirely, see the Elasticsearch Security Settings.

User Interface Security Settings

edit

You can configure the following settings in the kibana.yml file:

xpack.security.cookieName: Sets the name of the cookie used for the session. The default value is "sid"
xpack.security.encryptionKey: An arbitrary string of 32 characters or more that is used to encrypt credentials in a cookie. It is crucial that this key is not exposed to users of Kibana. By default, a value is automatically generated in memory. If you use that default behavior, all sessions are invalidated when Kibana restarts.
xpack.security.secureCookies: Sets the secure flag of the session cookie. The default value is false. It is set to true if server.ssl.certificate and server.ssl.key are set. Set this to true if SSL is configured outside of Kibana (for example, you are routing requests through a load balancer or proxy).
xpack.security.sessionTimeout: Sets the session duration (in milliseconds). By default, sessions stay active until the browser is closed.

« Encrypting communications in Kibana X-Pack Settings in Kibana »