Skip to content

Update ECK documentation for rotating credentials. #3488

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Update ECK documentation for rotating credentials. #3488

wants to merge 3 commits into from
+6 −2

Conversation

@naemono
Copy link
Contributor

@naemono naemono commented Oct 15, 2025
edited
Loading

Question

  • Do we want to also document how to rotate the Kibana encryption keys?

Related: elastic/cloud-on-k8s#8839

@naemono naemono requested a review from a team as a code owner October 15, 2025 14:48
Copilot AI reviewed Oct 15, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Updates ECK documentation to improve the credential rotation process by preventing accidental deletion of Kibana encryption keys. The change refines the kubectl command to exclude Kibana secrets and adds a warning note about previous documentation.

  • Modified kubectl command to exclude Kibana secrets when rotating credentials
  • Added explanatory note about why Kibana config secrets should not be deleted

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@github-actions
Copy link

github-actions bot commented Oct 15, 2025
edited
Loading

🔍 Preview links for changed docs

shainaraskas
shainaraskas approved these changes Oct 15, 2025
View reviewed changes
Copy link
Collaborator

@shainaraskas shainaraskas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approved with a suggestion

pebrc
pebrc reviewed Oct 28, 2025
View reviewed changes
deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md

```sh
kubectl delete secret -l eck.k8s.elastic.co/credentials=true
kubectl delete secret -l eck.k8s.elastic.co/credentials=true,common.k8s.elastic.co/type!=kibana
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will no longer be true since ECK 3.2. We are automatically excluding the Kibana form the credentials label.

deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md
::::

:::{note}
When deleting secrets so they can be regenerated, make sure to exclude {{kib}} secrets by specifying `type!=kibana`. {{kib}} secrets contain encryption keys, which should not be deleted.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should qualify this statement to be true up to version 3.2.

@shainaraskas do you have a recommendation how we should best include instructions that only pertain to older versions of the software, without cluttering the whole docs page with exceptions?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd suggest:

  • use an applies switch and put your code snippets in there. one tab for 3.0 and one for 3.2 - put your 3.2 tab first.

  • in your note, just preface it with 'In ECK versions 3.1 and earlier ...' 'In ECK versions prior to 3.2 ...'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pebrc pebrc pebrc left review comments

@shainaraskas shainaraskas shainaraskas approved these changes

Copilot code review Copilot Copilot left review comments

@barkbay barkbay Awaiting requested review from barkbay

@rhr323 rhr323 Awaiting requested review from rhr323

@kvalliyurnatt kvalliyurnatt Awaiting requested review from kvalliyurnatt

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@naemono @pebrc @shainaraskas