[DOCS] Add 'secrets' to Fleet settings page (#172637)

This updates the list of available Fleet settings in the Kibana docs, as follows: - Moves the `config` and `proxy_id` settings from the Required to the Optional section of `xpack.fleet.outputs`. CC @nchaulet since the settings were added to the docs via #158771). [See orange highlight] - Adds the `ssl` setting with the `certificate` property (this setting is already available but doesn't appear to have been documented). [See red highlight] - Adds the new `secrets` setting, with SSL `key` as a property. [See blue highlight] - Adds an example output configuration. [See green highlight] Rel: elastic/ingest-docs#692 See [docs preview](https://kibana_172637.docs-preview.app.elstc.co/guide/en/kibana/master/fleet-settings-kb.html) --- ![Screenshot 2023-12-05 at 4 22 42 PM](https://github.com/elastic/kibana/assets/41695641/a547bad7-57aa-4470-8328-30b80f257973) (cherry picked from commit c7fabda)
elastic · Dec 14, 2023 · 5cc4aa2 · 5cc4aa2
1 parent 477132e
commit 5cc4aa2
Showing 1 changed file with 46 additions and 6 deletions.
diff --git a/docs/settings/fleet-settings.asciidoc b/docs/settings/fleet-settings.asciidoc
@@ -13,7 +13,10 @@ In {ecloud}, {fleet} flags are already configured.
 You can configure `xpack.fleet` settings in your `kibana.yml`.
 By default, {fleet} is enabled. To use {fleet}, you also need to configure {kib} and {es} hosts.
 
-See the {fleet-guide}/index.html[{fleet}] docs for more information.
+Many {fleet} settings can also be configured directly through the {fleet} UI.
+See {fleet-guide}/fleet-settings.html[Fleet UI settings] for details.
+
+See the {fleet-guide}/index.html[{fleet}] docs for more information about {fleet}.
 
 [[general-fleet-settings-kb]]
 ==== General {fleet} settings
@@ -174,6 +177,8 @@ xpack.fleet.agentPolicies:
 `xpack.fleet.outputs`::
 List of outputs that are configured when the {fleet} app starts.
 +
+Certain types of outputs have additional required and optional settings. Refer to {fleet-guide}/fleet-settings.html#output-settings[Output settings] in the {fleet} and {agent} Guide for the full list of settings for each output type.
++
 If configured in your `kibana.yml`, output settings are grayed out and
 unavailable in the {fleet} UI. To make these settings editable in the UI, do not
 configure them in the configuration file. 
@@ -188,13 +193,9 @@ NOTE: The `xpack.fleet.outputs` settings are intended for advanced configuration
   `name`::: 
     Output name.
   `type`::: 
-    Type of Output. Currently we support "elasticsearch", "logstash", "kafka".
+    Type of Output. Currently we support "elasticsearch", "logstash", "kafka", and "remote_elasticsearch".
   `hosts`::: 
     Array that contains the list of host for that output.
-  `config`::: 
-    Extra config for that output.
-  `proxy_id`:::
-    Unique ID of a proxy to access the output.
 =====
 +
 .Optional properties of `xpack.fleet.outputs`
@@ -204,7 +205,46 @@ NOTE: The `xpack.fleet.outputs` settings are intended for advanced configuration
     If `true`, the output specified in `xpack.fleet.outputs` will be the one used to send agent data unless there is another one configured specifically for the agent policy.
   `is_default_monitoring`::: 
     If `true`, the output specified in `xpack.fleet.outputs` will be the one used to send agent monitoring data unless there is another one configured specifically for the agent policy.
+  `config`::: 
+    Extra config for that output.
+  `proxy_id`:::
+    Unique ID of a proxy to access the output.
+  `ssl`:::
+    Set to enable authentication using the Secure Sockets Layer (SSL) protocol.
++
+.Properties of `ssl`
+[%collapsible%open]
+=======
+  `certificate`:::: 
+    The SSL certificate that {agents} use to authenticate with the output. Include the full contents of the certificate here.
+=======
+
+  `secrets`::: 
+    Include here any values for preconfigured outputs that should be stored as secrets. A secret value is replaced in the `kibana.yml` settings file with a reference, with the original value stored externally as a secure hash. Note that this type of secret storage requires all configured {fleet-server}s to be on version 8.12.0 or later.
++
+.Properties of `secrets`
+[%collapsible%open]
+=======
+  `key`:::::
+    The private certificate key that {agents} use to authenticate with the output.
+=======
 =====
++
+Example `xpack.fleet.outputs` configuration:
++
+[source,yaml]
+----
+xpack.fleet.outputs:
+  - id: my-logstash-output-with-a-secret
+    name: preconfigured logstash output with a secret
+    type:  logstash
+    hosts: ["localhost:9999"]
+    ssl:
+      certificate: xxxxxxxxxx
+    secrets:
+      ssl:
+        key: securekey
+----
 
 `xpack.fleet.fleetServerHosts`::
 List of {fleet-server} hosts that are configured when the {fleet} app starts.