Skip to content

Generate Kibana encryption keys on startup#18

Open
smith wants to merge 2 commits into
mainfrom
feat/generate-kibana-encryption-keys
Open

Generate Kibana encryption keys on startup#18
smith wants to merge 2 commits into
mainfrom
feat/generate-kibana-encryption-keys

Conversation

@smith

@smith smith commented Feb 18, 2026

Copy link
Copy Markdown
Owner

Summary

  • Removes hardcoded encryption keys from config/kibana.yml
  • Adds scripts/generate-kibana-keys.sh that generates three 32-character hex keys on first run
  • Adds setup_kibana_keys service that runs before Kibana starts
  • Generated keys persist on the etc Docker volume across restarts
  • Kibana merges base config with generated keys at startup via command override

Closes #6

Test plan

  • docker compose down -v && docker compose up — verify Kibana starts successfully
  • docker compose logs setup_kibana_keys — should show "Kibana encryption keys generated"
  • docker compose restart kibana — should reuse existing keys (no regeneration)
  • Verify encrypted saved objects work (e.g., create an alert rule)

🤖 Generated with Claude Code

smith and others added 2 commits February 18, 2026 11:15
Replaces hardcoded encryption keys with dynamically generated ones.
A new setup_kibana_keys service generates three 32-char hex keys on
first run and persists them on the etc volume. Kibana merges the
generated keys into its config at startup.

Closes #6

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace `cat /dev/urandom | tr | head` pipeline with `dd | xxd`
to avoid SIGPIPE exit code 141 when used with `set -eo pipefail`.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Generate Kibana encryption keys

1 participant