- Legacy APM Server Reference:
- Overview
- Get started
- Set up
- How-to guides
- Configure
- Secure
- Monitor
- API
- Explore data in Elasticsearch
- Exported fields
- General APM fields
- APM Error fields
- APM Profile fields
- APM Sourcemap fields
- APM Span fields
- APM Span Metrics fields
- APM Transaction fields
- APM Transaction Metrics fields
- APM Transaction Metrics fields
- Beat fields
- Cloud provider metadata fields
- Docker fields
- ECS fields
- Host fields
- Kubernetes fields
- Process fields
- System Metrics fields
- Troubleshoot
- Upgrade
- Release notes
- APM Server version 7.10
- APM Server version 7.9
- APM Server version 7.8
- APM Server version 7.7
- APM Server version 7.6
- APM Server version 7.5
- APM Server version 7.4
- APM Server version 7.3
- APM Server version 7.2
- APM Server version 7.1
- APM Server version 7.0
- APM Server version 6.8
- APM Server version 6.7
- APM Server version 6.6
- APM Server version 6.5
- APM Server version 6.4
- APM Server version 6.3
- APM Server version 6.2
- APM Server version 6.1
Secure communication with APM Agentsedit
Communication between APM agents and APM Server can be both encrypted and authenticated. Encryption is achievable through SSL/TLS communication.
Authentication can be achieved in two main ways:
Both options can be enabled at the same time, allowing Elastic APM agents to chose whichever mechanism they support. In addition, since both mechanisms involve sending a secret as plain text, they should be used in combination with SSL/TLS encryption.
As soon as an authenticated communication is enabled, requests without a valid token or API key will be denied by APM Server. As RUM endpoints cannot be secured through these mechanisms, they are exempt from this rule.
In addition, there is a less straightforward and more restrictive way to authenticate clients through SSL/TLS client authentication, which is currently a mainstream option only for the RUM agent (through the browser) and the Jaeger agent.