IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Grant privileges and roles needed for API key management
editGrant privileges and roles needed for API key management
editYou can configure API keys to authorize requests to APM Server. To create an APM Server user with the required privileges for creating and managing API keys:
-
Create an API key role, called something like
apm_api_key, that has the followingclusterlevel privileges:Privilege Purpose manage_own_api_keyAllow APM Server to create, retrieve, and invalidate API keys
-
Depending on what the API key role will be used for, also assign the appropriate
apmapplication-level privileges:-
To receive Agent configuration, assign
config_agent:read. -
To ingest agent data, assign
event:write. -
To upload source maps, assign
sourcemap:write.
-
To receive Agent configuration, assign
- Assign the API key role to users that need to create and manage API keys. Users with this role can only create API keys that have the same or lower access rights.
Example API key role
editThe following example assigns the required cluster privileges,
and the ingest agent data apm API key application privileges to a role named apm_api_key: