elastic · naemono · Oct 3, 2025 · Oct 6, 2025 · Oct 6, 2025 · Oct 6, 2025
@@ -97,6 +97,7 @@ data:
     enable-leader-election: true
     elasticsearch-observation-interval: 10s
     ubi-only: false
+    password-length: 24
 ```
 
 Alternatively, you can edit the `elastic-operator` StatefulSet and add flags to the `args` section of the operator container — which will trigger an automatic restart of the operator pod by the StatefulSet controller.

@@ -62,7 +62,6 @@ kubectl delete secret quickstart-es-elastic-user
 If you are using the `elastic` user credentials in your own applications, they will fail to connect to {{es}} and {{kib}} after you run this command. It is not recommended to use `elastic` user credentials for production use cases. Always [create your own users with restricted roles](../../../deploy-manage/users-roles/cluster-or-deployment-auth/native.md) to access {{es}}.
 ::::
 
-
 To regenerate all auto-generated credentials in a namespace, run the following command:
 
 ```sh
@@ -99,4 +98,36 @@ For more information, refer to [External authentication](/deploy-manage/users-ro
 
 ECK facilitates file-based role management through Kubernetes secrets containing the roles specification. Alternatively, you can use the Role management API or the Role management UI in {{kib}}.
 
-Refer to [Managing custom roles](/deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md#managing-custom-roles) for details and ECK based examples.
+Refer to [Managing custom roles](/deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md#managing-custom-roles) for details and ECK based examples.
+
+## Controlling the length of ECK-generated passwords
+
+```{applies_to}
+  eck: ga 3.2
+```
+
+With an enterprise license users can control the password length of the file-based passwords generated by {{eck}}.
+
+:::{note}
+In {{eck}} 3.1 and earlier all file-based passwords are 24 characters long.
+:::
+
+### Controlling the length of passwords in Helm installations
+
+If you installed {{eck}} through the Helm chart commands listed in [](../../deploy/cloud-on-k8s/install-using-helm-chart.md), you can set `config.policies.passwords.length` to control the length of generated file-based passwords.
+
+Refer to the [operator configuration docs](../../deploy/cloud-on-k8s/configure-eck.md#using-the-operator-helm-chart) for details concerning Helm values management.
+
+::: {note}
+This will not cause existing passwords to be changed. To change existing password refer to [Rotating credentials](#k8s-rotate-credentials)
+:::
+
+### Controlling the length of passwords using the operator manifests
+
+If you installed ECK through using the manifests using the commands listed in [](../../deploy/cloud-on-k8s/install-using-yaml-manifest-quickstart.md), you can set `password-length` in the `elastic-operator` `ConfigMap` to control the length of generated file-based passwords.
+
+Refer to the [operator configuration docs](../../deploy/cloud-on-k8s/configure-eck.md#using-the-operator-yaml-manifests) for details concerning manifest management.
+
+::: {note}
+This will not cause existing passwords to be changed. To change existing password refer to [Rotating credentials](#k8s-rotate-credentials)
+:::