In order to drop the requirement to use superuser credentials to call the Fleet setup API in Kibana, we'd like to switch to using a elastic/fleet-server service account token instead of username & password to authenticate against Kibana.
We should allow specifying a KIBANA_FLEET_SERVICE_TOKEN env var that takes precedence over KIBANA_FLEET_USERNAME and KIBANA_FLEET_PASSWORD. We should also fallback to FLEET_SERVER_SERVICE_TOKEN if provided as well.
I've have a draft branch of what this change may look like, but haven't taken it to completion yet with necessary testing: master...joshdover:fleet-setup-token
This change is targeting 7.16 and is dependent on some work in Kibana (elastic/kibana#112648), however a working draft would help us test this end-to-end before the work is complete on the Kibana side.
In order to drop the requirement to use superuser credentials to call the Fleet setup API in Kibana, we'd like to switch to using a elastic/fleet-server service account token instead of username & password to authenticate against Kibana.
We should allow specifying a
KIBANA_FLEET_SERVICE_TOKENenv var that takes precedence overKIBANA_FLEET_USERNAMEandKIBANA_FLEET_PASSWORD. We should also fallback toFLEET_SERVER_SERVICE_TOKENif provided as well.I've have a draft branch of what this change may look like, but haven't taken it to completion yet with necessary testing: master...joshdover:fleet-setup-token
This change is targeting 7.16 and is dependent on some work in Kibana (elastic/kibana#112648), however a working draft would help us test this end-to-end before the work is complete on the Kibana side.