Elastic Agent environment variablesedit

Use environment variables to configure Elastic Agent when running in a containerized environment. Variables on this page are grouped by action type:

Common variablesedit

To limit the number of environment variables that need to be set, the following common variables are available. These variables can be used across all Elastic Agent actions, but have a lower precedence than action-specific environment variables.

These common variables are useful, for example, when using the same Elasticsearch and Kibana credentials to prepare the Fleet plugin in Kibana, configure Fleet Server, and enroll an Elastic Agent.

Settings Description

ELASTICSEARCH_HOST

(string) The Elasticsearch host to communicate with.

Default: http://elasticsearch:9200

ELASTICSEARCH_USERNAME

(string) The basic authentication username used to connect to Kibana and retrieve a service_token for Fleet.

Default: elastic

ELASTICSEARCH_PASSWORD

(string) The basic authentication password used to connect to Kibana and retrieve a service_token for Fleet.

Default: changeme

ELASTICSEARCH_CA

(string) The path to a certificate authority.

By default, Elastic Agent uses the list of trusted certificate authorities (CA) from the operating system where it is running. If the certificate authority that signed your node certificates is not in the host system’s trusted certificate authorities list, use this config to add the path to the .pem file that contains your CA’s certificate.

Default: ""

KIBANA_HOST

(string) The Kibana host.

Default: http://kibana:5601

KIBANA_USERNAME

(string) The basic authentication username used to connect to Kibana to retrieve a service_token.

Default: elastic

KIBANA_PASSWORD

(string) The basic authentication password used to connect to Kibana to retrieve a service_token.

Default: changeme

KIBANA_CA

(string) The path to a certificate authority.

By default, Elastic Agent uses the list of trusted certificate authorities (CA) from the operating system where it is running. If the certificate authority that signed your node certificates is not in the host system’s trusted certificate authorities list, use this config to add the path to the .pem file that contains your CA’s certificate.

Default: ""

ELASTIC_NETINFO

(bool) When false, disables netinfo.enabled parameter of add_host_metadata processor. Setting this to false is recommended for large scale setups where the host.ip and host.mac fields index size increases.

By default, Elastic Agent initializes the add_host_metadata processor. The netinfo.enabled parameter defines ingestion of IP addresses and MAC addresses as fields host.ip and host.mac. For more information see add_host_metadata

Default: "false"

Prepare Kibana for Fleetedit

Settings used to prepare the Fleet plugin in Kibana.

Settings Description

KIBANA_FLEET_SETUP

(int) Set to 1 to enable Fleet setup. Enabling Fleet is required before Fleet Server will start. When this action is not performed, a user must manually log in to Kibana and visit the Fleet page to enable setup.

Default: none

KIBANA_FLEET_HOST

(string) The Kibana host to enable Fleet on. Overrides FLEET_HOST when set.

Default: http://kibana:5601

KIBANA_FLEET_USERNAME

(string) The basic authentication username used to connect to Kibana and retrieve a service_token to enable Fleet. Overrides ELASTICSEARCH_USERNAME when set.

Default: elastic

KIBANA_FLEET_PASSWORD

(string) The basic authentication password used to connect to Kibana and retrieve a service_token to enable Fleet. Overrides ELASTICSEARCH_PASSWORD when set.

Default: changeme

KIBANA_FLEET_CA

(string) The path to a certificate authority. Overrides KIBANA_CA when set.

By default, Elastic Agent uses the list of trusted certificate authorities (CA) from the operating system where it is running. If the certificate authority that signed your node certificates is not in the host system’s trusted certificate authorities list, use this config to add the path to the .pem file that contains your CA’s certificate.

Default: ""

Bootstrap Fleet Serveredit

Settings used to bootstrap Fleet Server on this Elastic Agent. At least one Fleet Server is required in a deployment.

Settings Description

FLEET_SERVER_ENABLE

(int) Set to 1 to bootstrap Fleet Server on this Elastic Agent. When set to 1, this automatically forces Fleet enrollment as well.

Default: none

FLEET_SERVER_ELASTICSEARCH_HOST

(string) The Elasticsearch host for Fleet Server to communicate with. Overrides ELASTICSEARCH_HOST when set.

Default: http://elasticsearch:9200

FLEET_SERVER_ELASTICSEARCH_CA

(string) The path to a certificate authority. Overrides ELASTICSEARCH_CA when set.

By default, Elastic Agent uses the list of trusted certificate authorities (CA) from the operating system where it is running. If the certificate authority that signed your node certificates is not in the host system’s trusted certificate authorities list, use this config to add the path to the .pem file that contains your CA’s certificate.

Default: ""

FLEET_SERVER_SERVICE_TOKEN

(string) Service token to use for communication with Elasticsearch and Kibana if KIBANA_FLEET_SETUP is enabled. If the service token value and service token path are specified the value may be used for setup and the path is passed to the agent in the container.

Default: none

FLEET_SERVER_SERVICE_TOKEN_PATH

(string) The path to the service token file to use for communication with Elasticsearch and Kibana if KIBANA_FLEET_SETUP is enabled. If the service token value and service token path are specified the value may be used for setup and the path is passed to the agent in the container.

Default: none

FLEET_SERVER_POLICY_NAME

(string) The name of the policy for Fleet Server to use on itself. Overrides FLEET_TOKEN_POLICY_NAME when set.

Default: none

FLEET_SERVER_POLICY_ID

(string) The policy ID for Fleet Server to use on itself.

FLEET_SERVER_HOST

(string) The binding host for Fleet Server HTTP. Overrides the host defined in the policy.

Default: none

FLEET_SERVER_PORT

(string) The binding port for Fleet Server HTTP. Overrides the port defined in the policy.

Default: none

FLEET_SERVER_CERT

(string) The path to the certificate to use for HTTPS.

Default: none

FLEET_SERVER_CERT_KEY

(string) The path to the private key for the certificate used for HTTPS.

Default: none

FLEET_SERVER_CERT_KEY_PASSPHRASE

(string) The path to the private key passphrase for an encrypted private key file.

Default: none

FLEET_SERVER_INSECURE_HTTP

(bool) When true, exposes Fleet Server over HTTP (insecure). Setting this to true is not recommended.

Default: false

FLEET_SERVER_ELASTICSEARCH_CA_TRUSTED_FINGERPRINT

(string) The SHA-256 fingerprint (hash) of the certificate authority used to self-sign Elasticsearch certificates. This fingerprint is used to verify self-signed certificates presented by Fleet Server and any inputs started by Elastic Agent for communication. This flag is required when using self-signed certificates with Elasticsearch.

Default: ""

Enroll Elastic Agentedit

Settings used to enroll an Elastic Agent into a Fleet Server.

Settings Description

ELASTIC_AGENT_TAGS

(string) A comma-separated list of tags to apply to Fleet-managed Elastic Agents. You can use these tags to filter the list of agents in Fleet.

FLEET_ENROLL

(bool) Set to 1 to enroll the Elastic Agent into Fleet Server.

Default: false

FLEET_URL

(string) URL to enroll the Fleet Server into.

Default: ""

FLEET_ENROLLMENT_TOKEN

(string) The token to use for enrollment.

Default: ""

FLEET_TOKEN_NAME

(string) The token name to use to fetch the token from Kibana.

Default: ""

FLEET_TOKEN_POLICY_NAME

(string) The token policy name to use to fetch the token from Kibana.

Default: false

FLEET_CA

(string) The path to a certificate authority. Overrides ELASTICSEARCH_CA when set.

By default, Elastic Agent uses the list of trusted certificate authorities (CA) from the operating system where it is running. If the certificate authority that signed your node certificates is not in the host system’s trusted certificate authorities list, use this config to add the path to the .pem file that contains your CA’s certificate.

Default: false

FLEET_INSECURE

(bool) When true, Elastic Agent communicates with Fleet Server over insecure or unverified HTTP. Setting this to true is not recommended.

Default: false

KIBANA_FLEET_HOST

(string) The Kibana host to enable Fleet on. Overrides FLEET_HOST when set.

Default: http://kibana:5601

KIBANA_FLEET_USERNAME

(string) The basic authentication username used to connect to Kibana and retrieve a service_token to enable Fleet. Overrides ELASTICSEARCH_USERNAME when set.

Default: elastic

KIBANA_FLEET_PASSWORD

(string) The basic authentication password used to connect to Kibana and retrieve a service_token to enable Fleet. Overrides ELASTICSEARCH_PASSWORD when set.

Default: changeme

KIBANA_FLEET_CA

(string) The path to a certificate authority. Overrides KIBANA_CA when set.

By default, Elastic Agent uses the list of trusted certificate authorities (CA) from the operating system where it is running. If the certificate authority that signed your node certificates is not in the host system’s trusted certificate authorities list, use this config to add the path to the .pem file that contains your CA’s certificate.

Default: ""