Doc: FIPS for Ingest tools 8.19 #1833
Conversation
|
A documentation preview will be available soon. Request a new doc build by commenting
If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status here. |
karenzone
force-pushed
the
1735-fips-8.19
branch
from
878f349 to
ac83954
Compare
|
Looking for suggestions on where to put the FIPS Ingest content for 8.19. For 9.1 in new docs system, it's under Security. 
|
simitt
requested review from
cmacknz,
ebeahan,
kruskall,
michel-laterman,
raultorrecilla and
ycombinator
|
For adding a link from APM Server, I would place a FIPS page linking to this in https://www.elastic.co/guide/en/observability/8.18/apm-securing-apm-server.html. |
|
|
||
| preview::[] | ||
|
|
||
| {agent}, {fleet}, {filebeat}, {metricbeat}, and APM Server binaries are built and can be configured to use FIPS 140-2 compliant cryptography. |
There was a problem hiding this comment.
@simitt @ycombinator nit: should we say can be configured or are configured? Aren't the defaults using FIPS compliant crypto for these builds?
There was a problem hiding this comment.
I think "are configured" is more accurate.
There was a problem hiding this comment.
Good... because I already made the change. :-)
|
|
||
| - link:https://www.elastic.co/docs/reference/integrations/azure/events[Azure Logs Integration (v2 preview)] | ||
| - link:https://www.elastic.co/docs/reference/integrations/azure/eventhub[Azure Event Hub Input] | ||
| - link:https://www.elastic.co/docs/reference/integrations/sql[SQL Input] |
There was a problem hiding this comment.
New addition from @shmsr
| FIPS compatible binaries for {agent}, {fleet}, {filebeat}, {metricbeat}, and APM Server are available for link:https://www.elastic.co/downloads[download]. | ||
| Look for the `Linux 64-bit (FIPS)` or `Linux aarch64 (FIPS)` platform option on the product download pages for {agent} and {fleet}, {filebeat}, and {metricbeat}. | ||
| Look for the `Linux x86_64 (FIPS)` or `Linux aarch64 (FIPS)` platform option on the APM Server download page. |
There was a problem hiding this comment.
These read like discrete instructions. I wonder if they could be structured like a list.
| Support for encrypted private keys is not available, as the cryptographic modules used for decrypting password protected keys are not FIPS validated. If an output or any other component with an SSL key that is password protected is configured, the components will fail to load the key. When running in FIPS mode, you must provide non-encrypted keys. | ||
| Be sure to enforce security in your FIPS environments through other means, such as strict file permissions and access controls on the key file itself, for example. |
There was a problem hiding this comment.
Same thing here. Could this be presented as a list of recommendations / considerations?
|
29630 |
5 participants
Expands docs for FIPS compliance to include FIPS mode for Ingest tools
In this PR, we take the content created and reviewed in docs-content#2136 , convert it to MD, and replace links from new docs system with classic doc links. There's no comparable file location in pre-9.0 docs, and the Fleet and Agent Guide seemed like the best fit.
PREVIEW: https://ingest-docs_bk_1833.docs-preview.app.elstc.co/guide/en/fleet/8.19/fips-ingest.html
Related issue:
Related PR:
Remaining work