Please ensure that xpack.reporting.encryptionKey is set Error during report creation

Kosmonafft · June 15, 2021, 11:01am

Hi folks,

I am facing following Error. Each time I want to generate new csv Report in kibana I see following:

Error: Failed to decrypt report job data. Please ensure that xpack.reporting.encryptionKey is set and re-generate this report. Error: Unsupported state or unable to authenticate data

My Kibana config looks like this:


server.name: kibana
server.host: "0.0.0.0"
elasticsearch.hosts: "https://elastic.url:9200"  
elasticsearch.username: ${ELASTICSEARCH_USERNAME}
elasticsearch.password: ${ELASTICSEARCH_PASSWORD}
xpack.security.enabled: false
searchguard.auth.type: "basicauth"
xpack.reporting.encryptionKey: 38747239hdjksdkjasdu291834zejhb
xpack.reporting.csv.maxSizeBytes: 1048576000
elasticsearch.ssl:
  certificateAuthorities: /path/to/ca.crt
  verificationMode: full

Do you have any hints?
Do you maybe need specific permissions for doing reports?

Thanks

Edit: Everything is in 7.6.2 Version + respectvice Search Guard version

sirHusky · June 16, 2021, 9:02am

@Kosmonafft Which user/role/permissions are you using to generate report? There would need to be cluster permissions assigned, but if not a different error is generated.

Can you share the role/s definitions assigned to the user and the full kibana.yml if above is not complete (redact any sensitive details)

Kosmonafft · June 30, 2021, 1:50pm

Thanks for the responce. Sorry for late reply:

This is our role mapping. I use the SGS_ALL_ACCESS group which is given by default from search guard. As far as I understood this is the “admin” role.

SGS_ALL_ACCESS:
  reserved: true
  hidden: false
  backend_roles:
  - "admin"
  - "SOME_AD_GROUP_WHERE_I_AM_IN"
  hosts: []
  users: []
  and_backend_roles: []
  description: "Maps admin to SGS_ALL_ACCESS"

sirHusky · July 15, 2021, 8:54am

@Kosmonafft I am not able to reproduce your error using admin user.
Could you DM me your configuration files:
sg_config.yml
elasticsearch.yml
kibana.yml
(redact any sensitive details)

Could you please check if the user is mapped to any other roles, you can do that via kibana if you add “searchguard.accountinfo.enabled: true” to kibana.yml or via curl command below:

curl --insecure -u: -XGET “https://localhost:9200/_searchguard/authinfo?pretty”

Can you please also confirm that you are using v41.0.0 of elasticsearch plugin and v41.1.0 of kibana plugin.

Kosmonafft · August 2, 2021, 3:55pm

After the upgrade to 7.13.2 versions this error seems to not happen anymore

system · August 23, 2021, 3:55pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana Report Generation Failure Search Guard	4	3366	September 24, 2019
When xpack disabled, kibana disabled with searchguard tab Search Guard	4	607	May 1, 2019
When xpack security is disabled, kibana with search-guard became unavailable. Search Guard	4	621	October 22, 2018
x-pack Search Guard	2	605	October 13, 2017
[ELK 6.5.3 - SG 23.2] Issue when log in Kibana Search Guard	4	481	December 22, 2018

Please ensure that xpack.reporting.encryptionKey is set Error during report creation

Related Topics