Kibana: set xpack.security.encryptionKey

[jordansissel]

Per the docs:

By default, a value is automatically generated in memory. If you use that default behavior, all sessions are invalidated when Kibana restarts.

The unspoken note here is that with 2 or more instances, each Kibana will generate its own key. This causes all kibana instances to reject eachother's login cookies.

The user experience when this happens goes like this:

• Visit kibana, receive login prompt.
• Login correctly
• Get redirected to whatever landing page is appropriate
• Get a 403/redirected back to the login prompt because your 2nd request actually went to a different Kibana which rejected the previous Kibana instance's session cookie, insisting that you need to login.

To resolve this, set xpack.security.encryptionKey the same on all Kibana instances.

Recommend ECK sets this value for the Kibana resource.