IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« API keys Anonymous authentication »
Elastic Docs Elastic Observability [8.13] Application performance monitoring (APM) Secure communication with the Elastic Stack Secure communication with APM agents

Secret token

edit

Secret token

edit

Secret tokens are sent as plain-text, so they only provide security when used in combination with TLS.

When defined, secret tokens are used to authorize requests to the APM Server. Both the APM agent and APM Server must be configured with the same secret token for the request to be accepted.

To secure the communication between APM agents and the APM Server with a secret token:

  1. Make sure TLS is enabled
  2. Create a secret token
  3. Configure the secret token in your APM agents

Secret tokens are not applicable for the RUM Agent, as there is no way to prevent them from being publicly exposed.

Create a secret token
edit

Elasticsearch Service and Elastic Cloud Enterprise deployments provision a secret token when the deployment is created. The secret token can be found and reset in the Elastic Cloud console under Deployments — APM & Fleet.

Create or update a secret token in Fleet.

Configure and customize Fleet-managed APM settings directly in Kibana:

  1. Open Kibana and navigate to Fleet.
  2. Under the Agent policies tab, select the policy you would like to configure.
  3. Find the Elastic APM integration and select Actions > Edit integration.
  4. Navigate to Agent authorization > Secret token and set the value of your token.
  5. Click Save integration. The APM Server will restart before the change takes effect.
Configure the secret token in your APM agents
edit

Each Elastic APM agent has a configuration option to set the value of the secret token:

In addition to setting the secret token, ensure the configured server URL uses HTTPS instead of HTTP:

« API keys Anonymous authentication »