Get service account credentials API
editGet service account credentials API
editRetrieves all service credentials for a service account.
Request
editGET /_security/service/<namespace>/<service>/credential
Prerequisites
edit-
To use this API, you must have at least the
read_security
cluster privilege (or a greater privilege such asmanage_service_account
ormanage_security
).
Description
editUse this API to retrieve a list of credentials for a service account. The response includes service account tokens that were created with the create service account tokens API as well as file-backed tokens from all nodes of the cluster.
For tokens backed by the service_tokens
file, the API collects
them from all nodes of the cluster. Tokens with the same name from
different nodes are assumed to be the same token and are only counted once
towards the total number of service tokens.
Path parameters
edit-
namespace
- (Required, string) Name of the namespace.
-
service
- (Required, string) Name of the service name.
Examples
editThe following request uses the create service account token API to create a service account token named token1
in the elastic/fleet-server
service account:
resp = client.security.create_service_token( namespace="elastic", service="fleet-server", name="token1", ) print(resp)
const response = await client.security.createServiceToken({ namespace: "elastic", service: "fleet-server", name: "token1", }); console.log(response);
POST /_security/service/elastic/fleet-server/credential/token/token1
The following request returns all credentials for the elastic/fleet-server
service account:
resp = client.security.get_service_credentials( namespace="elastic", service="fleet-server", ) print(resp)
const response = await client.security.getServiceCredentials({ namespace: "elastic", service: "fleet-server", }); console.log(response);
GET /_security/service/elastic/fleet-server/credential
The response includes all credentials related to the specified service account:
{ "service_account": "elastic/fleet-server", "count": 3, "tokens": { "token1": {}, "token42": {} }, "nodes_credentials": { "_nodes": { "total": 3, "successful": 3, "failed": 0 }, "file_tokens": { "my-token": { "nodes": [ "node0", "node1" ] } } } }
A new service account token backed by the |
|
An existing service account token backed by the |
|
This section contains service account credentials collected from all nodes of the cluster |
|
General status showing how nodes respond to the above collection request |
|
File-backed tokens collected from all nodes |
|
List of nodes that (file-backed) |