Skip to content
This repository has been archived by the owner on Mar 15, 2021. It is now read-only.

Latest commit

 

History

History
94 lines (74 loc) · 3.06 KB

security-settings.asciidoc

File metadata and controls

94 lines (74 loc) · 3.06 KB
Raw

Security settings in {kib}

Security settings

You do not need to configure any additional settings to use the {security-features} in {kib}. They are enabled by default.

General security settings

xpack.security.enabled

By default, {kib} automatically detects whether to enable the {security-features} based on the license and whether {es} {security-features} are enabled.

Do not set this to false; it disables the login form, user and role management screens, and authorization using [kibana-privileges]. To disable {security-features} entirely, see {ref}/security-settings.html[{es} security settings].

xpack.security.audit.enabled

Set to true to enable audit logging for security events. By default, it is set to false. For more details see [xpack-security-audit-logging].

User interface security settings

You can configure the following settings in the kibana.yml file.

xpack.security.cookieName

Sets the name of the cookie used for the session. The default value is "sid".

xpack.security.encryptionKey

An arbitrary string of 32 characters or more that is used to encrypt credentials in a cookie. It is crucial that this key is not exposed to users of {kib}. By default, a value is automatically generated in memory. If you use that default behavior, all sessions are invalidated when {kib} restarts. In addition, high-availability deployments of {kib} will behave unexpectedly if this setting isn’t the same for all instances of {kib}.

xpack.security.secureCookies

Sets the secure flag of the session cookie. The default value is false. It is automatically set to true if server.ssl.enabled is set to true. Set this to true if SSL is configured outside of {kib} (for example, you are routing requests through a load balancer or proxy).

xpack.security.session.idleTimeout

Sets the session duration. By default, sessions stay active until the browser is closed. When this is set to an explicit idle timeout, closing the browser still requires the user to log back in to {kib}.
Tip

The format is a string of <count>[ms|s|m|h|d|w|M|Y] (e.g. '70ms', '5s', '3d', '1Y').

xpack.security.session.lifespan

Sets the maximum duration, also known as "absolute timeout". By default, a session can be renewed indefinitely. When this value is set, a session will end once its lifespan is exceeded, even if the user is not idle. NOTE: if idleTimeout is not set, this setting will still cause sessions to expire.
Tip

The format is a string of <count>[ms|s|m|h|d|w|M|Y] (e.g. '70ms', '5s', '3d', '1Y').

xpack.security.loginAssistanceMessage

Adds a message to the login screen. Useful for displaying information about maintenance windows, links to corporate sign up pages etc.