3ba268d8a5
* Formats settings into tables * Formatting * Formatting
95 lines
3.1 KiB
Plaintext
95 lines
3.1 KiB
Plaintext
[role="xpack"]
|
|
[[security-settings-kb]]
|
|
=== Security settings in Kibana
|
|
++++
|
|
<titleabbrev>Security settings</titleabbrev>
|
|
++++
|
|
|
|
You do not need to configure any additional settings to use the
|
|
{security-features} in {kib}. They are enabled by default.
|
|
|
|
[float]
|
|
[[general-security-settings]]
|
|
==== General security settings
|
|
|
|
[cols="2*<"]
|
|
|===
|
|
| `xpack.security.enabled`
|
|
| By default, {kib} automatically detects whether to enable the
|
|
{security-features} based on the license and whether {es} {security-features}
|
|
are enabled. +
|
|
+
|
|
Do not set this to `false`; it disables the login form, user and role management
|
|
screens, and authorization using <<kibana-privileges>>. To disable
|
|
{security-features} entirely, see
|
|
{ref}/security-settings.html[{es} security settings].
|
|
|
|
| `xpack.security.audit.enabled`
|
|
| Set to `true` to enable audit logging for security events. By default, it is set
|
|
to `false`. For more details see <<xpack-security-audit-logging>>.
|
|
|
|
|===
|
|
|
|
[float]
|
|
[[security-ui-settings]]
|
|
==== User interface security settings
|
|
|
|
You can configure the following settings in the `kibana.yml` file.
|
|
|
|
[cols="2*<"]
|
|
|===
|
|
| `xpack.security.cookieName`
|
|
| Sets the name of the cookie used for the session. The default value is `"sid"`.
|
|
|
|
| `xpack.security.encryptionKey`
|
|
| An arbitrary string of 32 characters or more that is used to encrypt credentials
|
|
in a cookie. It is crucial that this key is not exposed to users of {kib}. By
|
|
default, a value is automatically generated in memory. If you use that default
|
|
behavior, all sessions are invalidated when {kib} restarts.
|
|
In addition, high-availability deployments of {kib} will behave unexpectedly
|
|
if this setting isn't the same for all instances of {kib}.
|
|
|
|
| `xpack.security.secureCookies`
|
|
| Sets the `secure` flag of the session cookie. The default value is `false`. It
|
|
is automatically set to `true` if `server.ssl.enabled` is set to `true`. Set
|
|
this to `true` if SSL is configured outside of {kib} (for example, you are
|
|
routing requests through a load balancer or proxy).
|
|
|
|
| `xpack.security.session.idleTimeout`
|
|
| Sets the session duration. By default, sessions stay active until the
|
|
browser is closed. When this is set to an explicit idle timeout, closing the
|
|
browser still requires the user to log back in to {kib}.
|
|
|
|
|===
|
|
|
|
[TIP]
|
|
============
|
|
The format is a string of `<count>[ms|s|m|h|d|w|M|Y]`
|
|
(e.g. '70ms', '5s', '3d', '1Y').
|
|
============
|
|
|
|
[cols="2*<"]
|
|
|===
|
|
|
|
| `xpack.security.session.lifespan`
|
|
| Sets the maximum duration, also known as "absolute timeout". By default,
|
|
a session can be renewed indefinitely. When this value is set, a session will end
|
|
once its lifespan is exceeded, even if the user is not idle. NOTE: if `idleTimeout`
|
|
is not set, this setting will still cause sessions to expire.
|
|
|
|
|===
|
|
|
|
[TIP]
|
|
============
|
|
The format is a
|
|
string of `<count>[ms|s|m|h|d|w|M|Y]` (e.g. '70ms', '5s', '3d', '1Y').
|
|
============
|
|
|
|
[cols="2*<"]
|
|
|===
|
|
|
|
| `xpack.security.loginAssistanceMessage`
|
|
| Adds a message to the login screen. Useful for displaying information about maintenance windows, links to corporate sign up pages etc.
|
|
|
|
|===
|