API to clean up not decryptable saved objects #97453
Labels
enhancement
New value added to drive a business result
Feature:Saved Objects
Feature:Security/Encrypted Saved Objects
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Comments
azasypkin
added
enhancement
|
Pinging @elastic/kibana-security (Team:Security) |
exalate-issue-sync
bot
added
impact:low
legrego
removed
EnableJiraSync
loe:small
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the feature:
There are few cases where saved objects should be cleaned up from the Kibana indices.
Saved Objects which cannot be decrypted due to the fact the key has been lost or was not explicitly set (consequence of #81511).
The API should ask for confirmation as there is data loss.
I wouldn't do this automatically as a user might have the encryption key and is just adding the key to the rotation keys.
Describe a specific use case for the feature:
A user created encrypted saved objects on 7.11 with the auto-generated encryption key.
On 7.12, we stop generating it and the user might no more be able to read those objects.
There will be objects kept in Kibana indices which cannot be recovered anymore and those can affect saved object migrations or in any case increase the size of Kibana index.
The text was updated successfully, but these errors were encountered: