-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disable alerting or alerting APIs when no encryptionKey is set for the encrypted saved objects plugin #56420
Comments
Pinging @elastic/kibana-alerting-services (Team:Alerting Services) |
I'd think the long-term solution would be to have cloud generate an encryption key, so everyone gets one by default. Whether they can change it (for invalidation purposes) is another question :-) Short term, I guess this is kind of a soft-disable on alerting APIs - we can't actually have the plugin itself disabled, it seems like. This is for actions as well, I'd guess? But probably not a 7.6 issue as no one is using actions at all in 7.6. If we need to do this for 7.7 as well though, I'd guess we will need the same for actions. And task manager? Aye-yi-yi ... But maybe there's a blessing there - we can have task manager figure out whether the encryptionKey is set, and then alerting and actions can check that at plugin setup|start time, just so we don't have to calculate it in all the plugins. |
I think SIEM is affected, in that for cloud they will be the only visible place a customer would realize the encryption key isn't set. Because, no Kibana logs :-(. Ie, they're going to have to realize alerting is soft-disabled because of this, and provide a message in the UI directing the user to resolve it. |
Totally agree and the idea is in the works on Cloud's side.
Correct, just the
Task manager should be ok, it doesn't use encrypted saved objects directly.
SIEM is planning to add UX based on a value we expose. They would indicate to the user an encryptionKey isn't set and needs to be in order to use the detection engine. |
Created a discuss issue #56448. The outcome of it will define what to do for 7.6 in this issue. |
I think the create and update action APIs as well, since they write the |
Ah, you're right! Totally forgot about the origin of ESOs 😄 |
Closing as all sub-PRs are merged. |
We may have to change this solution later on to support new platform. We should also expose this so other plugins know they can't use alerting (ex: SIEM).
PRs:
alerting plugin: Disable creating alert client instances when ESO plugin is using an ephemeral encryption key #56676actions plugin: Disable action plugin functionality when ESO plugin is using an ephemeral encryption key #56906Related issue: #56448.
The text was updated successfully, but these errors were encountered: