Activation key retrival mode - File


In order to have an automated deploy of our environment, we need to load the activation key of the Enterprise license using a local file.

I have tried the following configuration:

readonlyrest_kbn.license.activationKeyRetrievalModes: ["file"]
readonlyrest_kbn.license.activationKeyFilePath: '/root/plugins/readonlyrestkbn/ROR_ACTIVATION_KEY.txt'

But it is not working. The logs shows:

[14:51:07:000] [info][plugins][ReadonlyREST][preElasticsearchProxy] Pre-Elasticsearch-proxy will listen on
[14:51:07:054] [error][plugins][ReadonlyREST][LicenseService] Cannot decrypt activation key {"_index":".readonlyrest_license","_type":"_doc","_id":"token","_version":2,"_seq_no":1,"_primary_term":1,"_ignored":["encrypted.keyword"],"found":true,"_source":{"encrypted":"XXXX"}}
[14:51:07:058] [info][plugins][ReadonlyREST][LicenseService] No Activation Key found. That's OK. Defaulting to Free license.You can add your own Activation Key later.

Thanks in advance.

Hi Gustavo!

If you try to set in kibana.yml readonlyrest_kbn.logLevel: trace you will be able to read one of these two lines in the logs:


   logger.trace(`File was empty: ${path}`);


   logger.trace(`File not found: ${path}`);

Both coming from LicenseService

@gustavo.yoshizaki were you able to chase this down with the extra log info?

Hi @sscarduzio

This is the requested log:

[11:54:23:055] [info][plugins][ReadonlyREST][preElasticsearchProxy] Pre-Elasticsearch-proxy will listen on
[11:54:23:056] [trace][plugins][ReadonlyREST][preKibanaProxy] Pre-kibana-proxy will listen on
[11:54:23:113] [info][plugins][ReadonlyREST][LicenseService] Cannot get the encrypted activation key from Kibana... Status code: 404
[11:54:23:113] [trace][plugins][ReadonlyREST][LicenseService] File not found: /usr/share/kibana/ROR_ACTIVATION_KEY.txt
[11:54:23:117] [trace][plugins][ReadonlyREST][LicenseService] ✅ Checked ES cluster_uuid in license activation key matches

It looks like the option:


Is not been used.

Thanks in advance.

What version of ROR do you have? In the current one it works all right.

Unless mistaken, I am using the version 1.46.0

OK, I got my environment to load my key using the develop version of ROR Enterprise. I added some more logs and enhancements.

I will send you this pre build, so we share the very same code (a few fixes were merged in the past weeks) as soon as it pops out from the CI (it takes around 45m).

What Kibana version is this?

Hi @sscarduzio

Sorry, I did not see your question.

We are using kibana 7.16.3


Hey, np. Here is the build for you!

Note for the future googler: this fix is available on ROR Kibana >= 1.47.0-pre3

Well, I have just got time to test it back and now it works :slight_smile:

[19:27:44:180] [info][plugins][ReadonlyREST][LicenseService] Found valid activation key in file /etc/kibana/ROR_ACTIVATION_KEY.txt:  {
  exp: CENSORED,
  iat: CENSORED,
  jti: 'CENSORED',
  sub: 'CENSORED',
  licensor: { name: 'Beshu Limited t/a ReadonlyREST Security' },
  licensee: { name: 'Avature Limited', buying_for: null },
  license: {
    cluster_uuid: '*',
    edition: 'kbn_ent',
    edition_name: 'Enterprise',
    isTrial: true

The only difference is that the file is in a different path.

1 Like