Add documentation for elastic-agent-cert-key-passphrase option #1413

leehinman · 2024-10-30T20:24:44Z

elastic/elastic-agent#5494 added support for the --elastic-agent-cert-key-passphrase option. This PR adds the missing user facing documentation.

This option is only used if the --elastic-agent-cert-key is encrypted and requires a passphrase to use.

github-actions · 2024-10-30T20:24:57Z

A documentation preview will be available soon.

🔨 Buildkite builds
📚 HTML diff
📙 Preview page

Request a new doc build by commenting

Rebuild this PR: run docs-build
Rebuild this PR and all Elastic docs: run docs-build rebuild

_{run docs-build is much faster than run docs-build rebuild. A rebuild should only be needed in rare situations.}

_{If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status here.}

mergify · 2024-10-30T20:25:18Z

This pull request does not have a backport label. Could you fix it @leehinman? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

backport-/d./d is the label to automatically backport to the /d./d branch. /d is the digit
NOTE: backport-skip has been added to this pull request.

kilfoyle · 2024-10-30T21:26:24Z

@leehinman Thanks a lot for adding this!

I think we need to update the docs in a few spots. If you agree, and if you don't mind my adding a commit or two to your PR, I'll be happy to add these in:

elastic-agent enroll command (syntax diagram and the description further down)
elastic-agent install command (syntax diagram and description further down)
The "Enroll Elastic Agent" section in the list of container environment variables
The command example at the bottom of "Encrypt traffic between Elastic Agents, Fleet Server, and Elasticsearch" as well as the option description below the example
Mutual TLS page (The elastic-agent-cert-key option appears in three places on that page).
This Mutual TLS example

Sorry to complicate things! :-)

leehinman · 2024-10-31T02:43:10Z

@kilfoyle please, add away.

kilfoyle · 2024-10-31T16:35:17Z

docs/en/ingest-management/security/certificates.asciidoc

@@ -231,6 +231,7 @@ sudo ./elastic-agent install \
   --fleet-server-port=8220 \
   --elastic-agent-cert=/tmp/fleet-server.crt \
   --elastic-agent-cert-key=/tmp/fleet-server.key \
+   --elastic-agent-cert-key-passphrase=/tmp/fleet-server ???? \


Probably a dumb question, but what would the path actually look like? I wasn't sure what file format the passphrase would have.

The passphrase file will just be a plain test file, so what you have is fine.

kilfoyle · 2024-10-31T16:37:01Z

@leehinman I've added the setting description in the places I mentioned above. I included This option is only used if the --elastic-agent-cert-key is encrypted and requires a passphrase to use. since that seems important for folks to know.

Example:

Also, I had a question about the path example in my comment above.

leehinman · 2024-10-31T21:53:51Z

LGTM

docs/en/ingest-management/security/certificates.asciidoc

kilfoyle · 2024-11-04T14:02:56Z

docs/en/ingest-management/security/certificates.asciidoc

@@ -231,6 +231,7 @@ sudo ./elastic-agent install \
   --fleet-server-port=8220 \
   --elastic-agent-cert=/tmp/fleet-server.crt \
   --elastic-agent-cert-key=/tmp/fleet-server.key \
+   --elastic-agent-cert-key-passphrase=/tmp/fleet-server/passphrase-file \


The comment thread seems to be gone, so just for reference I changed the ????? to passphrase-file for clarity.

kilfoyle

LGTM! 🚀
Thanks a lot Lee!

docs/en/ingest-management/commands.asciidoc

karenzone

LGTM

docs/en/ingest-management/elastic-agent/configuration/env/shared-env.asciidoc

…ed-env.asciidoc

docs/en/ingest-management/security/certificates.asciidoc

karenzone

LGTM

* Add documentation for elastic-agent-cert-key-passphrase option * Add the setting throughout the docs * Update docs/en/ingest-management/security/certificates.asciidoc * Update docs/en/ingest-management/commands.asciidoc * Update docs/en/ingest-management/commands.asciidoc * Update docs/en/ingest-management/elastic-agent/configuration/env/shared-env.asciidoc * Update docs/en/ingest-management/security/certificates.asciidoc --------- Co-authored-by: David Kilfoyle <[email protected]> Co-authored-by: David Kilfoyle <[email protected]> (cherry picked from commit f9b079d)

#1424) * Add documentation for elastic-agent-cert-key-passphrase option * Add the setting throughout the docs * Update docs/en/ingest-management/security/certificates.asciidoc * Update docs/en/ingest-management/commands.asciidoc * Update docs/en/ingest-management/commands.asciidoc * Update docs/en/ingest-management/elastic-agent/configuration/env/shared-env.asciidoc * Update docs/en/ingest-management/security/certificates.asciidoc --------- Co-authored-by: David Kilfoyle <[email protected]> Co-authored-by: David Kilfoyle <[email protected]> (cherry picked from commit f9b079d) Co-authored-by: Lee E Hinman <[email protected]>

#1425) * Add documentation for elastic-agent-cert-key-passphrase option * Add the setting throughout the docs * Update docs/en/ingest-management/security/certificates.asciidoc * Update docs/en/ingest-management/commands.asciidoc * Update docs/en/ingest-management/commands.asciidoc * Update docs/en/ingest-management/elastic-agent/configuration/env/shared-env.asciidoc * Update docs/en/ingest-management/security/certificates.asciidoc --------- Co-authored-by: David Kilfoyle <[email protected]> Co-authored-by: David Kilfoyle <[email protected]> (cherry picked from commit f9b079d) Co-authored-by: Lee E Hinman <[email protected]>

Add documentation for elastic-agent-cert-key-passphrase option

7acf425

leehinman requested a review from a team as a code owner October 30, 2024 20:24

leehinman added the 8.16-request label Oct 30, 2024

mergify bot added the backport-skip label Oct 30, 2024

leehinman requested a review from kilfoyle October 30, 2024 20:57

kilfoyle self-assigned this Oct 30, 2024

Add the setting throughout the docs

9ff9012

kilfoyle reviewed Oct 31, 2024

View reviewed changes

kilfoyle reviewed Nov 4, 2024

View reviewed changes

docs/en/ingest-management/security/certificates.asciidoc Outdated Show resolved Hide resolved

Update docs/en/ingest-management/security/certificates.asciidoc

8917211

kilfoyle reviewed Nov 4, 2024

View reviewed changes

kilfoyle previously approved these changes Nov 4, 2024

View reviewed changes

kilfoyle added backport-8.x backport-8.16 and removed backport-skip labels Nov 4, 2024

kilfoyle reviewed Nov 4, 2024

View reviewed changes

docs/en/ingest-management/commands.asciidoc Outdated Show resolved Hide resolved

kilfoyle reviewed Nov 4, 2024

View reviewed changes

docs/en/ingest-management/commands.asciidoc Outdated Show resolved Hide resolved

kilfoyle dismissed their stale review via ede4772 November 4, 2024 14:37

kilfoyle added 2 commits November 4, 2024 09:37

Update docs/en/ingest-management/commands.asciidoc

ede4772

Update docs/en/ingest-management/commands.asciidoc

f7d3776

karenzone previously approved these changes Nov 4, 2024

View reviewed changes

kilfoyle reviewed Nov 4, 2024

View reviewed changes

docs/en/ingest-management/elastic-agent/configuration/env/shared-env.asciidoc Outdated Show resolved Hide resolved

kilfoyle dismissed karenzone’s stale review via 9d2cc3a November 4, 2024 14:38

Update docs/en/ingest-management/elastic-agent/configuration/env/shar…

9d2cc3a

…ed-env.asciidoc

kilfoyle reviewed Nov 4, 2024

View reviewed changes

docs/en/ingest-management/security/certificates.asciidoc Outdated Show resolved Hide resolved

Update docs/en/ingest-management/security/certificates.asciidoc

b760b46

karenzone approved these changes Nov 4, 2024

View reviewed changes

kilfoyle merged commit f9b079d into elastic:main Nov 4, 2024
3 checks passed

mergify bot mentioned this pull request Nov 4, 2024

[8.x] Add documentation for elastic-agent-cert-key-passphrase option (backport #1413) #1424

Merged

mergify bot mentioned this pull request Nov 4, 2024

[8.16] Add documentation for elastic-agent-cert-key-passphrase option (backport #1413) #1425

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add documentation for elastic-agent-cert-key-passphrase option #1413

Add documentation for elastic-agent-cert-key-passphrase option #1413

leehinman commented Oct 30, 2024

github-actions bot commented Oct 30, 2024

mergify bot commented Oct 30, 2024

kilfoyle commented Oct 30, 2024 •

edited

Loading

leehinman commented Oct 31, 2024

kilfoyle Oct 31, 2024

leehinman Oct 31, 2024

kilfoyle commented Oct 31, 2024 •

edited

Loading

leehinman commented Oct 31, 2024

kilfoyle Nov 4, 2024

kilfoyle left a comment

karenzone left a comment

karenzone left a comment

Add documentation for elastic-agent-cert-key-passphrase option #1413

Add documentation for elastic-agent-cert-key-passphrase option #1413

Conversation

leehinman commented Oct 30, 2024

github-actions bot commented Oct 30, 2024

mergify bot commented Oct 30, 2024

kilfoyle commented Oct 30, 2024 • edited Loading

leehinman commented Oct 31, 2024

kilfoyle Oct 31, 2024

Choose a reason for hiding this comment

leehinman Oct 31, 2024

Choose a reason for hiding this comment

kilfoyle commented Oct 31, 2024 • edited Loading

leehinman commented Oct 31, 2024

kilfoyle Nov 4, 2024

Choose a reason for hiding this comment

kilfoyle left a comment

Choose a reason for hiding this comment

karenzone left a comment

Choose a reason for hiding this comment

karenzone left a comment

Choose a reason for hiding this comment

kilfoyle commented Oct 30, 2024 •

edited

Loading

kilfoyle commented Oct 31, 2024 •

edited

Loading