Support new SSL secrets fields #4470
Labels
Team:Elastic-Agent-Control-Plane
Label for the Agent Control Plane team
Comments
3 tasks
kpollich
added
Team:Elastic-Agent-Control-Plane
criamico
added a commit
to elastic/kibana
that referenced
this issue
Mar 3, 2025
Fixes #207322 ## Summary Show SSL options for fleet server host in Fleet server settings section and in add fleet server host flyout - Registered fleet server host as a encrypted save object and the new mappings added under `ssl` property, mirroring what's already existing for `logstash` and `kafka` outputs - The new options are displayed in the UI, both when adding a new fleet server host from the flyout and when editing an existing one. - The values are then added to the full agent policy - The values for `ssh.key` and `ssh.es_key` can additionally be saved as secrets but for now this option is not enabled until [fleet server supports it](elastic/fleet-server#4470) - I used the feature flag `enableSSLSecrets` <details> <summary>Screenshots</summary> <img width="803" alt="Screenshot 2025-02-14 at 10 23 41" src="https://github.com/user-attachments/assets/e1bf8c93-e8c0-4351-b86b-a7f8a8b0ec72" /> <img width="801" alt="Screenshot 2025-02-14 at 10 23 36" src="https://github.com/user-attachments/assets/f96d2a5c-0285-41d1-953b-e662ccdcd514" /> <img width="780" alt="Screenshot 2025-02-04 at 14 34 52" src="https://github.com/user-attachments/assets/e854fc28-d4aa-4b01-8634-e1f37f70419b" /> <img width="804" alt="Screenshot 2025-02-04 at 14 35 00" src="https://github.com/user-attachments/assets/f507c34a-774e-4aa1-94b2-b912539d6143" /> <img width="791" alt="Screenshot 2025-02-04 at 09 25 28" src="https://github.com/user-attachments/assets/82c1f761-7ee5-42d0-8b8f-23848cfc0391" /> Generated policy: <img width="795" alt="Screenshot 2025-02-24 at 16 43 58" src="https://github.com/user-attachments/assets/5ef4e34f-5850-4449-8a70-7de10750bb84" /> <img width="796" alt="Screenshot 2025-02-24 at 16 44 15" src="https://github.com/user-attachments/assets/bdcf70fe-72f0-4df0-9a9e-40346407a1df" /> </details> ### Checklist - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
3 tasks
criamico
changed the title
|
Examples of generated policies containing the new secret fields: ES and remote ES Outputs
Agent binary sourceUnder |
criamico
added a commit
to elastic/kibana
that referenced
this issue
Mar 12, 2025
closes #207324 follow up of #207322 ## Summary Add ssl fields to agent binary source settings. The new fields allow users to set a TLS connection to the agent binary source uri. - The cert key will be stored either as an encrypted SO or a secret (latter option will be available once fleet server will have this functionality: elastic/fleet-server#4470). - The secret field is only available when the feature flag `enableSSLSecrets` is enabled, otherwise the cert key is saved as an encrypted SO. <details> <summary>Screenshots</summary> <img width="809" alt="Screenshot 2025-03-11 at 14 53 44" src="https://github.com/user-attachments/assets/e93a04cf-c699-4e13-8cb6-870986197f92" /> <img width="804" alt="Screenshot 2025-03-11 at 14 53 34" src="https://github.com/user-attachments/assets/c2c13c8f-e65c-4843-a538-d317e1359bf0" /> Generated policy: <img width="797" alt="Screenshot 2025-03-06 at 17 43 02" src="https://github.com/user-attachments/assets/12411fea-9a8b-4ee9-aa7c-123c6aefea4a" /> </details> ### Checklist - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
6 tasks
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this issue
Mar 22, 2025
Fixes elastic#207322 ## Summary Show SSL options for fleet server host in Fleet server settings section and in add fleet server host flyout - Registered fleet server host as a encrypted save object and the new mappings added under `ssl` property, mirroring what's already existing for `logstash` and `kafka` outputs - The new options are displayed in the UI, both when adding a new fleet server host from the flyout and when editing an existing one. - The values are then added to the full agent policy - The values for `ssh.key` and `ssh.es_key` can additionally be saved as secrets but for now this option is not enabled until [fleet server supports it](elastic/fleet-server#4470) - I used the feature flag `enableSSLSecrets` <details> <summary>Screenshots</summary> <img width="803" alt="Screenshot 2025-02-14 at 10 23 41" src="https://github.com/user-attachments/assets/e1bf8c93-e8c0-4351-b86b-a7f8a8b0ec72" /> <img width="801" alt="Screenshot 2025-02-14 at 10 23 36" src="https://github.com/user-attachments/assets/f96d2a5c-0285-41d1-953b-e662ccdcd514" /> <img width="780" alt="Screenshot 2025-02-04 at 14 34 52" src="https://github.com/user-attachments/assets/e854fc28-d4aa-4b01-8634-e1f37f70419b" /> <img width="804" alt="Screenshot 2025-02-04 at 14 35 00" src="https://github.com/user-attachments/assets/f507c34a-774e-4aa1-94b2-b912539d6143" /> <img width="791" alt="Screenshot 2025-02-04 at 09 25 28" src="https://github.com/user-attachments/assets/82c1f761-7ee5-42d0-8b8f-23848cfc0391" /> Generated policy: <img width="795" alt="Screenshot 2025-02-24 at 16 43 58" src="https://github.com/user-attachments/assets/5ef4e34f-5850-4449-8a70-7de10750bb84" /> <img width="796" alt="Screenshot 2025-02-24 at 16 44 15" src="https://github.com/user-attachments/assets/bdcf70fe-72f0-4df0-9a9e-40346407a1df" /> </details> ### Checklist - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this issue
Mar 22, 2025
closes elastic#207324 follow up of elastic#207322 ## Summary Add ssl fields to agent binary source settings. The new fields allow users to set a TLS connection to the agent binary source uri. - The cert key will be stored either as an encrypted SO or a secret (latter option will be available once fleet server will have this functionality: elastic/fleet-server#4470). - The secret field is only available when the feature flag `enableSSLSecrets` is enabled, otherwise the cert key is saved as an encrypted SO. <details> <summary>Screenshots</summary> <img width="809" alt="Screenshot 2025-03-11 at 14 53 44" src="https://github.com/user-attachments/assets/e93a04cf-c699-4e13-8cb6-870986197f92" /> <img width="804" alt="Screenshot 2025-03-11 at 14 53 34" src="https://github.com/user-attachments/assets/c2c13c8f-e65c-4843-a538-d317e1359bf0" /> Generated policy: <img width="797" alt="Screenshot 2025-03-06 at 17 43 02" src="https://github.com/user-attachments/assets/12411fea-9a8b-4ee9-aa7c-123c6aefea4a" /> </details> ### Checklist - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Part of https://github.com/elastic/ingest-dev/issues/3443
Related Kibana issue New secrets added to agent policies with the following tickets:
The new fields to support are:
secrets.ssl.key(under fleet serverinputssection of agent policy)agent.download.secrets.ssl.keyfleet.secrets.ssl.keyThese fields will contain secret references, same as already happens with outputs. Fleet server needs to fetch the secret and insert the values into the mapped fieds before sending the policy to the agent.
The text was updated successfully, but these errors were encountered: