[7.17] Adding info logging to display the hashed encryptionKey & addi…

…ng test… (elastic#139874) (elastic#140759) * Adding info logging to display the hashed encryptionKey & adding test… (elastic#139874) * Adding info logging to display the hashed encryptionKey & adding test cases * [CI] Auto-commit changed files from 'node scripts/precommit_hook.js --ref HEAD~1..HEAD --fix' * Fixing test logger * [CI] Auto-commit changed files from 'node scripts/precommit_hook.js --ref HEAD~1..HEAD --fix' * Adding config path for message * [CI] Auto-commit changed files from 'node scripts/eslint --no-cache --fix' Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> (cherry picked from commit b474a45) # Conflicts: # x-pack/plugins/encrypted_saved_objects/server/plugin.test.ts * Fixing type issue Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
pmuellr · Sep 19, 2022 · 2f13a1b · 2f13a1b
1 parent f25e525
commit 2f13a1b
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 5 deletions.
diff --git a/x-pack/plugins/encrypted_saved_objects/server/plugin.test.ts b/x-pack/plugins/encrypted_saved_objects/server/plugin.test.ts
@@ -5,7 +5,8 @@
  * 2.0.
  */
 
-import { coreMock } from 'src/core/server/mocks';
+import { coreMock, loggingSystemMock } from 'src/core/server/mocks';
+// import { loggingSystemMock } from '@kbn/core/server/mocks';
 
 import { securityMock } from '../../security/server/mocks';
 import { ConfigSchema } from './config';
@@ -28,11 +29,12 @@ describe('EncryptedSavedObjects Plugin', () => {
     });
 
     it('exposes proper contract when encryption key is set', () => {
-      const plugin = new EncryptedSavedObjectsPlugin(
-        coreMock.createPluginInitializerContext(
-          ConfigSchema.validate({ encryptionKey: 'z'.repeat(32) }, { dist: true })
-        )
+      const mockInitializerContext = coreMock.createPluginInitializerContext(
+        ConfigSchema.validate({ encryptionKey: 'z'.repeat(32) }, { dist: true })
       );
+
+      const plugin = new EncryptedSavedObjectsPlugin(mockInitializerContext);
+
       expect(plugin.setup(coreMock.createSetup(), { security: securityMock.createSetup() }))
         .toMatchInlineSnapshot(`
         Object {
@@ -41,6 +43,13 @@ describe('EncryptedSavedObjects Plugin', () => {
           "registerType": [Function],
         }
       `);
+
+      const infoLogs = loggingSystemMock.collect(mockInitializerContext.logger).info;
+
+      expect(infoLogs.length).toBe(1);
+      expect(infoLogs[0]).toEqual([
+        `Hashed 'xpack.encryptedSavedObjects.encryptionKey' for this instance: WLbjNGKEm7aA4NfJHYyW88jHUkHtyF7ENHcF0obYGBU=`,
+      ]);
     });
   });
 

diff --git a/x-pack/plugins/encrypted_saved_objects/server/plugin.ts b/x-pack/plugins/encrypted_saved_objects/server/plugin.ts
@@ -6,6 +6,7 @@
  */
 
 import nodeCrypto from '@elastic/node-crypto';
+import { createHash } from 'crypto';
 
 import type { CoreSetup, Logger, Plugin, PluginInitializerContext } from 'src/core/server';
 
@@ -64,6 +65,14 @@ export class EncryptedSavedObjectsPlugin
         'Saved objects encryption key is not set. This will severely limit Kibana functionality. ' +
           'Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.'
       );
+    } else {
+      const hashedEncryptionKey = createHash('sha3-256')
+        .update(config.encryptionKey || '')
+        .digest('base64');
+
+      this.logger.info(
+        `Hashed 'xpack.encryptedSavedObjects.encryptionKey' for this instance: ${hashedEncryptionKey}`
+      );
     }
 
     const primaryCrypto = config.encryptionKey