[8.9] [DOCS] Add $ELASTIC_PASSWORD env var to install docs (#98898) (#98934)

Author: jrodewig

docs/reference/setup/install/auto-config-output.asciidoc

@@ -5,16 +5,15 @@ You can test that your {es} node is running by sending an HTTPS request to port
 
 ["source","sh",subs="attributes"]
 ----
-curl --cacert {es-conf}{slash}certs{slash}http_ca.crt -u elastic https://localhost:9200 <1>
+curl --cacert {es-conf}{slash}certs{slash}http_ca.crt -u elastic:$ELASTIC_PASSWORD https://localhost:9200 <1>
 ----
 // NOTCONSOLE
 <1> Ensure that you use `https` in your call, or the request will fail.
 +
 `--cacert`::
 Path to the generated `http_ca.crt` certificate for the HTTP layer.
 
-Enter the password for the `elastic` user that was generated during
-installation, which should return a response like this:
+The call returns a response like this:
 
 ////
 The following hidden request is required before the response. Otherwise, you'll

docs/reference/setup/install/check-running.asciidoc

@@ -10,31 +10,13 @@ the `elastic` built-in superuser.
 * Certificates and keys for TLS are generated for the transport and HTTP layer,
 and TLS is enabled and configured with these keys and certificates.
 
-The password and certificate and keys are output to your terminal. For example:
+The password and certificate and keys are output to your terminal.
+
+We recommend storing the `elastic` password as an environment variable in your shell. Example:
 
 [source,sh]
 ----
-            -------Security autoconfiguration information-------
-
-Authentication and authorization are enabled.
-TLS for the transport and HTTP layers is enabled and configured.
-
-The generated password for the elastic built-in superuser is : <password>
-
-If this node should join an existing cluster, you can reconfigure this with
-'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'
-after creating an enrollment token on your existing cluster.
-
-You can complete the following actions at any time:
-
-Reset the password of the elastic built-in superuser with
-'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.
-
-Generate an enrollment token for Kibana instances with
- '/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.
-
-Generate an enrollment token for Elasticsearch nodes with
-'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.
+export ELASTIC_PASSWORD="your_password"
 ----
 
 ===== Reconfigure a node to join an existing cluster

docs/reference/setup/install/package-security.asciidoc

@@ -18,11 +18,14 @@ and TLS is enabled and configured with these keys and certificates.
 * An enrollment token is generated for {kib}, which is valid for 30 minutes.
 
 The password for the `elastic` user and the enrollment token for {kib} are
-output to your terminal. For example:
+output to your terminal.
 
-:slash:     /
+We recommend storing the `elastic` password as an environment variable in your shell. Example:
 
-include::auto-config-output.asciidoc[]
+[source,sh]
+----
+export ELASTIC_PASSWORD="your_password"
+----
 
 If you have password-protected the {es} keystore, you will be prompted
 to enter the keystore's password. See <<secure-settings>> for more

docs/reference/setup/install/targz-start.asciidoc

@@ -18,11 +18,14 @@ and TLS is enabled and configured with these keys and certificates.
 * An enrollment token is generated for {kib}, which is valid for 30 minutes.
 
 The password for the `elastic` user and the enrollment token for {kib} are
-output to your terminal. For example:
+output to your terminal.
 
-:slash:     \
+We recommend storing the `elastic` password as an environment variable in your shell. Example:
 
-include::auto-config-output.asciidoc[]
+[source,sh]
+----
+$ELASTIC_PASSWORD = "your_password"
+----
 
 If you have password-protected the {es} keystore, you will be prompted to
 enter the keystore's password. See <<secure-settings>> for more details.

docs/reference/setup/install/zip-windows-start.asciidoc

@@ -33,20 +33,17 @@ the `kibana` package distribution for your environment.
 [[stack-start-with-security]]
 === Start {es} and enroll {kib} with security enabled
 
-. From the installation directory, start {es}. A password is generated for the
-`elastic` user and output to the terminal, plus an enrollment token for
-enrolling {kib}.
+. From the installation directory, start {es}.
 +
 [source,shell]
 ----
 bin/elasticsearch
 ----
 +
-TIP: You might need to scroll back a bit in the terminal to view the password
-and enrollment token.
+The command prints the `elastic` user password and an enrollment token for {kib}.
 
-. Copy the generated password and enrollment token and save them in a secure
-location. These values are shown only when you start {es} for the first time.
+. Copy the generated `elastic` password and enrollment token. These credentials
+are only shown when you start {es} for the first time.
 +
 [NOTE]
 ====
@@ -56,14 +53,20 @@ To generate new enrollment tokens for {kib} or {es} nodes, run the
 <<create-enrollment-token,`elasticsearch-create-enrollment-token`>> tool.
 These tools are available in the {es} `bin` directory.
 ====
++
+We recommend storing the `elastic` password as an environment variable in your shell. Example:
++
+[source,sh]
+----
+export ELASTIC_PASSWORD="your_password"
+----
 
 . (Optional) Open a new terminal and verify that you can connect to your {es}
-cluster by making an authenticated call. Enter the password for the `elastic`
-user when prompted:
+cluster by making an authenticated call.
 +
 [source,shell]
 ----
-curl --cacert config/certs/http_ca.crt -u elastic https://localhost:9200
+curl --cacert config/certs/http_ca.crt -u elastic:$ELASTIC_PASSWORD https://localhost:9200
 ----
 // NOTCONSOLE