- Observability: other versions:
- Get started
- What is Elastic Observability?
- What’s new in 8.17
- Quickstart: Monitor hosts with Elastic Agent
- Quickstart: Monitor your Kubernetes cluster with Elastic Agent
- Quickstart: Monitor hosts with OpenTelemetry
- Quickstart: Unified Kubernetes Observability with Elastic Distributions of OpenTelemetry (EDOT)
- Quickstart: Collect data with AWS Firehose
- Add data from Splunk
- Applications and services
- Application performance monitoring (APM)
- Get started
- Learn about data types
- Collect application data
- View and analyze data
- Act on data
- Use APM securely
- Manage storage
- Configure APM Server
- Monitor APM Server
- APM APIs
- Troubleshooting
- Upgrade
- Release notes
- Known issues
- Synthetic monitoring
- Get started
- Scripting browser monitors
- Configure lightweight monitors
- Manage monitors
- Work with params and secrets
- Analyze monitor data
- Monitor resources on private networks
- Use the CLI
- Configure projects
- Multi-factor Authentication
- Configure Synthetics settings
- Grant users access to secured resources
- Manage data retention
- Use Synthetics with traffic filters
- Migrate from the Elastic Synthetics integration
- Scale and architect a deployment
- Synthetics support matrix
- Synthetics Encryption and Security
- Troubleshooting
- Real user monitoring
- Uptime monitoring (deprecated)
- Tutorial: Monitor a Java application
- Application performance monitoring (APM)
- CI/CD
- Cloud
- Infrastructure and hosts
- Logs
- Troubleshooting
- Incident management
- Data set quality
- Observability AI Assistant
- Reference
Secret token
editSecret token
editSecret tokens are sent as plain-text, so they only provide security when used in combination with TLS.
When defined, secret tokens are used to authorize requests to the APM Server. Both the APM agent and APM Server must be configured with the same secret token for the request to be accepted.
To secure the communication between APM agents and the APM Server with a secret token:
- Make sure TLS is enabled
- Create a secret token
- Configure the secret token in your APM agents
Secret tokens are not applicable for the RUM Agent, as there is no way to prevent them from being publicly exposed.
Create a secret token
editElasticsearch Service and Elastic Cloud Enterprise deployments provision a secret token when the deployment is created. The secret token can be found and reset in the Elastic Cloud console under Deployments — APM & Fleet.
Create or update a secret token in Fleet.
Configure and customize Fleet-managed APM settings directly in Kibana:
- In Kibana, find Fleet in the main menu or use the global search field.
- Under the Agent policies tab, select the policy you would like to configure.
- Find the Elastic APM integration and select Actions > Edit integration.
- Navigate to Agent authorization > Secret token and set the value of your token.
- Click Save integration. The APM Server will restart before the change takes effect.
Set the secret token in apm-server.yaml
:
apm-server.auth.secret_token: <secret-token>
Configure the secret token in your APM agents
editEach Elastic APM agent has a configuration option to set the value of the secret token:
-
Android agent:
secretToken
-
Go agent:
ELASTIC_APM_SECRET_TOKEN
-
iOS agent:
secretToken
-
Java agent:
secret_token
-
.NET agent:
ELASTIC_APM_SECRET_TOKEN
-
Node.js agent:
Secret Token
-
PHP agent:
secret_token
-
Python agent:
secret_token
-
Ruby agent:
secret_token
In addition to setting the secret token, ensure the configured server URL uses HTTPS
instead of HTTP
:
-
Go agent:
ELASTIC_APM_SERVER_URL
-
Java agent:
server_urls
-
.NET agent:
ServerUrl
-
Node.js agent:
serverUrl
-
PHP agent:
server_url
-
Python agent:
server_url
-
Ruby agent:
server_url