In a production environment, you should restrict access to the X-Pack reporting endpoints to authorized users. This requires that you:
- Enable X-Pack security on your Elasticsearch cluster. For more information, see Getting Started with Security.
- Configure an SSL certificate for Kibana. For more information, see Configuring security.
Configure Watcher to trust the Kibana server’s certificate by adding it to the Watcher truststore on each node:
Import the Kibana server certificate into the Watcher truststore using Java Keytool:
keytool -importcert -keystore watcher-truststore.jks -file server.crt
If the truststore doesn’t already exist, it is created.
- Make sure the
elasticsearch.ymlspecifies the location of the Watcher truststore.
- Add one or more users who have the permissions necessary to use Kibana and X-Pack reporting. For more information, see Reporting and security.
Once you’ve enabled SSL for Kibana, all requests to the X-Pack reporting endpoints
must include valid credentials. For example, see the following page which
includes a watch that submits requests as the built-in
Automating report generation.
For more information about configuring watches, see How Watcher Works.