Get service account credentials | Elasticsearch API documentation

Get service account credentials Added in 7.13.0

GET /_security/service/{namespace}/{service}/credential

To use this API, you must have at least the read_security cluster privilege (or a greater privilege such as manage_service_account or manage_security).

The response includes service account tokens that were created with the create service account tokens API as well as file-backed tokens from all nodes of the cluster.

NOTE: For tokens backed by the service_tokens file, the API collects them from all nodes of the cluster. Tokens with the same name from different nodes are assumed to be the same token and are only counted once towards the total number of service tokens.

External documentation

Path parameters

namespace string Required

The name of the namespace.
service string Required

The service name.

Responses

200 application/json
Hide response attributes Show response attributes object
- service_account string Required
- count number Required
- tokens object Required
  
  Hide tokens attribute Show tokens attribute object
  
  * object
  
  Hide * attribute Show * attribute object
  
  * object Additional properties
- nodes_credentials object Required
  
  Hide nodes_credentials attributes Show nodes_credentials attributes object
  
  _nodes object Required
  
  Hide _nodes attributes Show _nodes attributes object
  
  failures array[object]
  
  Hide failures attributes Show failures attributes object
  
  type string Required
  
  The type of error
  
  reason string
  
  A human-readable explanation of the error, in English.
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  root_cause array[object]
  
  suppressed array[object]
  
  total number Required
  
  Total number of nodes selected by the request.
  
  successful number Required
  
  Number of nodes that responded successfully to the request.
  
  failed number Required
  
  Number of nodes that rejected the request or failed to respond. If this value is not 0, a reason for the rejection or failure is included in the response.
  
  file_tokens object Required
  
  File-backed tokens collected from all nodes
  
  Hide file_tokens attribute Show file_tokens attribute object
  
  * object Additional properties
  
  Hide * attribute Show * attribute object
  
  nodes array[string] Required

GET /_security/service/{namespace}/{service}/credential

curl \
 --request GET 'http://api.example.com/_security/service/{namespace}/{service}/credential' \
 --header "Authorization: $API_KEY"

Response examples (200)

A successful response from `GET /_security/service/elastic/fleet-server/credential`. The response contains all credentials for the `elastic/fleet-server` service account.

{
  "service_account": "elastic/fleet-server",
  "count": 3,
  "tokens": {
    "token1": {},        
    "token42": {}        
  },
  "nodes_credentials": { 
    "_nodes": {          
      "total": 3,
      "successful": 3,
      "failed": 0
    },
    "file_tokens": {      
      "my-token": {
        "nodes": [ "node0", "node1" ] 
      }
    }
  }
}