Kibana: [dev experience] Security on by default locally
We've recently enabled security by default for local development, which has received some minor pushback because of its impact on the developer experience, so I thought it might be a good idea to collect some information about how it impacts local development and how we might be able to workaround/improve some of those impacts.
spalger
All 6 comments
Pinging @elastic/kibana-operations
elasticmachine
on 10 May 2019
Pinging @elastic/kibana-security
elasticmachine
on 10 May 2019
✅ login required
This one is kind of unavoidable I think, but it's worth mentioning. I also think it's possible that we could do something about this by logging in automatically perhaps.
spalger
on 10 May 2019
✅ random encryption keys
Cookies use encryption keys that are reset every time the server changes. developers can define them in their kibana.dev.yml file, but I suspect not many people do this.
Perhaps we should consider using a standard default value when running from source?
spalger
on 10 May 2019
I think the login required thing becomes essentially a non-issue with a default kibana user and with a dev-only persistent encryption key since a dev could log in one time in the morning and never have to log in again.
epixa
on 10 May 2019
If others come up with problems that justify disabling security, please list them here and reopen the issue/
spalger
on 10 May 2019
Related issues
timroes
·
3Comments
MaartenUreel
·
3Comments
LukeMathWalker
·
3Comments
stacey-gammon
·
3Comments
ctindel
·
3Comments
Most helpful comment
I think the login required thing becomes essentially a non-issue with a default kibana user and with a dev-only persistent encryption key since a dev could log in one time in the morning and never have to log in again.