WARNING: Version 6.0 of Kibana has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Security Settings in Kibana
editSecurity Settings in Kibana
editYou do not need to configure any additional settings to use X-Pack security in Kibana. It is enabled by default.
General Security Settings
edit-
xpack.security.enabled
-
Set to
true
(default) to enable X-Pack security.
If set to
false
inkibana.yml
, the user and role management options are hidden in this Kibana instance. Ifxpack.security.enabled
is set totrue
inelasticsearch.yml
, however, you can still use the X-Pack security APIs. To disable X-Pack security entirely, see the Elasticsearch Security Settings.
User Interface Security Settings
editYou can configure the following settings in the kibana.yml
file:
-
xpack.security.cookieName
-
Sets the name of the cookie used for the session. The default value is
"sid"
-
xpack.security.encryptionKey
- An arbitrary string of 32 characters or more that is used to encrypt credentials in a cookie. It is crucial that this key is not exposed to users of Kibana. By default, a value is automatically generated in memory. If you use that default behavior, all sessions are invalidated when Kibana restarts.
-
xpack.security.secureCookies
-
Sets the
secure
flag of the session cookie. The default value isfalse
. It is set totrue
ifserver.ssl.certificate
andserver.ssl.key
are set. Set this totrue
if SSL is configured outside of Kibana (for example, you are routing requests through a load balancer or proxy). -
xpack.security.sessionTimeout
- Sets the session duration (in milliseconds). By default, sessions stay active until the browser is closed.