Add default Elasticsearch credentials to docs #72617
Conversation
💚 Build Succeeded
Expand to view the summary
Build stats
|
sorenlouv
added
release_note:plugin_api_changes
| @@ -13,7 +13,7 @@ This will run a snapshot of {es} that is usually built nightly. Read more about | |||
| ---- | |||
| yarn es snapshot | |||
| ---- | |||
|
|
|||
| The default credentials are `elastic:changeme` (superuser) and `kibana_system:changeme` when connecting from Kibana. | |||
There was a problem hiding this comment.
I think some additional context could be helpful about the difference between the two and when to use which.
| The default credentials are `elastic:changeme` (superuser) and `kibana_system:changeme` when connecting from Kibana. | |
| By default, two users are added to Elasticsearch: | |
| - A superuser with username: `elastic` and password: `changeme`, which can be used to log into Kibana with. | |
| - A user with username: `kibana_system` and password `changeme`. This is what the Kibana system uses to access certain capabilities, even when the logged in user lacks access. These credentials aren't meant to be used by a real user. They can be configured via the kibana.yml file. Read more: <<using-kibana-with-security>>. |
@legrego - is what I wrote accurate?
Just a suggestion!
There was a problem hiding this comment.
It's true enough for now, but we do want to change this in the future: #52036
Running with the elastic user makes it too easy for engineers to develop features which require privileges they aren't aware of, thereby reducing the utility of Feature Controls. Requiring privileges beyond what the Kibana Privilege model permits also leads to frustrating defects, and an even more frustrating user experience.
Ideally, we want to get to a place where we provision feature-specific users and roles for engineers to use on startup, but we aren't there yet.
A user with username:
kibana_systemand passwordchangeme. This is what the Kibana system uses to access certain capabilities, even when the logged in user lacks access. These credentials aren't meant to be used by a real user. They can be configured via the kibana.yml file. Read more: <>.
I'd maybe go with something more direct. What do you think about:
A user with username:
kibana_systemand passwordchangeme. This account is used by the Kibana server to authenticate itself to Elasticsearch, and to perform certain actions on behalf of the end user. These credentials should be specified in yourkibana.ymlas described in <<using-kibana-with-security>>
There was a problem hiding this comment.
Thanks for the suggestions both! Which suggestion should I go with? :)
There was a problem hiding this comment.
The text "A user with username: kibana_system and password changeme." seems like it's missing something. Shouldn't it be "A user with username: kibana_system and password changeme exists" or "The credentials for connecting to Elasticsearch with Kibana are kibana_system / changeme"
There was a problem hiding this comment.
I think it makes sense grammatically because it's a bullet point following the top sentence.
By default, two users are added to Elasticsearch:
- A superuser.
- A Kibana system user.
Larry's suggestion was just to change the text of the second bullet point (I believe anyway).
By default, two users are added to Elasticsearch:
- A superuser with username: `elastic` and password: `changeme`, which can be used to log into Kibana with.
- A user with username: `kibana_system` and password `changeme`. This account is used by the Kibana server to authenticate itself to Elasticsearch, and to perform certain actions on behalf of the end user. These credentials should be specified in your kibana.yml as described in <<using-kibana-with-security>>
There was a problem hiding this comment.
Ahh, now it clicks. Thank you! :)
* master: (111 commits) Remove flaky note from gauge tests (elastic#73240) Convert functional vega tests to ts and unskip tests (elastic#72238) [Graph] Unskip graph tests (elastic#72291) Add default Elasticsearch credentials to docs (elastic#72617) [APM] Read body from indicesStats in upload-telemetry-data (elastic#72732) The directory in the command was missing the /generated directory and would cause all definitions to be regenerated in the wrong place. (elastic#72766) [KP] use new ES client in SO service (elastic#72289) [Security Solution][Exceptions] Prevents value list entries from co-existing with non value list entries (elastic#72995) Return EUI CSS to Shareable Runtime (elastic#72990) Removed useless karma test (elastic#73190) [INGEST_MANAGER] Make package config name blank for endpoint on Package Config create (elastic#73082) [Ingest Manager] Support DEGRADED state in fleet agent event (elastic#73104) [Security Solution][Detections] Change detections breadcrumb title (elastic#73059) [ML] Fixing unnecessary deleting job polling (elastic#73087) [ML] Fixing recognizer wizard create job button (elastic#73025) [Composable template] Preview composite template (elastic#72598) [Uptime] Use manual intervals for ping histogram (elastic#72928) [Security Solution][Endpoint] Task/policy save modal text change, remove duplicate policy details text (elastic#73130) [Maps] fix tile layer attibution text and attribution link validation errors (elastic#73160) skip ingest pipeline api tests ...
sorenlouv
added
release_note:skip
There are currently no credentials to be found in the contributor docs making it harder to get started.