Support fleet server hosts secrets #4470
Labels
Team:Elastic-Agent-Control-Plane
Label for the Agent Control Plane team
Comments
3 tasks
kpollich
added
Team:Elastic-Agent-Control-Plane
criamico
added a commit
to elastic/kibana
that referenced
this issue
Mar 3, 2025
Fixes #207322 ## Summary Show SSL options for fleet server host in Fleet server settings section and in add fleet server host flyout - Registered fleet server host as a encrypted save object and the new mappings added under `ssl` property, mirroring what's already existing for `logstash` and `kafka` outputs - The new options are displayed in the UI, both when adding a new fleet server host from the flyout and when editing an existing one. - The values are then added to the full agent policy - The values for `ssh.key` and `ssh.es_key` can additionally be saved as secrets but for now this option is not enabled until [fleet server supports it](elastic/fleet-server#4470) - I used the feature flag `enableSSLSecrets` <details> <summary>Screenshots</summary> <img width="803" alt="Screenshot 2025-02-14 at 10 23 41" src="https://github.com/user-attachments/assets/e1bf8c93-e8c0-4351-b86b-a7f8a8b0ec72" /> <img width="801" alt="Screenshot 2025-02-14 at 10 23 36" src="https://github.com/user-attachments/assets/f96d2a5c-0285-41d1-953b-e662ccdcd514" /> <img width="780" alt="Screenshot 2025-02-04 at 14 34 52" src="https://github.com/user-attachments/assets/e854fc28-d4aa-4b01-8634-e1f37f70419b" /> <img width="804" alt="Screenshot 2025-02-04 at 14 35 00" src="https://github.com/user-attachments/assets/f507c34a-774e-4aa1-94b2-b912539d6143" /> <img width="791" alt="Screenshot 2025-02-04 at 09 25 28" src="https://github.com/user-attachments/assets/82c1f761-7ee5-42d0-8b8f-23848cfc0391" /> Generated policy: <img width="795" alt="Screenshot 2025-02-24 at 16 43 58" src="https://github.com/user-attachments/assets/5ef4e34f-5850-4449-8a70-7de10750bb84" /> <img width="796" alt="Screenshot 2025-02-24 at 16 44 15" src="https://github.com/user-attachments/assets/bdcf70fe-72f0-4df0-9a9e-40346407a1df" /> </details> ### Checklist - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Part of https://github.com/elastic/ingest-dev/issues/3443
Related Kibana issue: Fleet server hosts secrets will be added with elastic/kibana#207322.
The supported field will be
secrets.ssl.key, that maps tossl.key.These fields will contain secret references, same as already happens with outputs. Fleet server needs to fetch the secret and insert the values into the mapped fieds before sending the policy to the agent
The text was updated successfully, but these errors were encountered: