Keep APM data secure
editKeep APM data secure
edit[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
Required role
The Editor role or higher is required to create and manage API keys. To learn more, refer to Assign user roles and privileges.
When setting up Elastic APM, it’s essential to ensure that the data collected by APM agents is sent to Elastic securely and that sensitive data is protected.
Secure communication with APM agents
editCommunication between APM agents and the managed intake service is both encrypted and authenticated. Requests without a valid API key will be denied.
Create a new API key
editTo create a new API key:
- In your Observability project, go to any Applications page.
- Click Settings.
- Select the APM agent keys tab.
- Click Create APM agent key.
- Name the key and assign privileges to it.
- Click Create APM agent key.
- Copy the key now. You will not be able to see it again. API keys do not expire.
Delete an API key
editTo delete an API key:
- From any of the Application pages, click Settings.
- Select the APM agent keys tab.
- Search for the API key you want to delete.
- Click the trash can icon to delete the selected API key.
View existing API keys
editTo view all API keys for your project:
- Expand Project settings.
- Select Management.
- Select API keys.
Data security
editWhen setting up Elastic APM, it’s essential to review all captured data carefully to ensure it doesn’t contain sensitive information like passwords, credit card numbers, or health data.
Some APM agents offer a way to manipulate or drop APM events before they leave your services. Refer to the relevant agent’s documentation for more information and examples:
Java
editinclude_process_args
: Remove process arguments from transactions. This option is disabled by default. Read more in the Java agent configuration docs.
.NET
editFilter API: Drop APM events before they are sent to Elastic. Read more in the .NET agent Filter API docs.
Node.js
edit-
addFilter()
: Drop APM events before they are sent to Elastic. Read more in the Node.js agent API docs. -
captureExceptions
: Remove errors raised by the server-side process by disabling thecaptureExceptions
configuration option. Read more in the Node.js agent configuration docs.
Python
editCustom processors: Drop APM events before they are sent to Elastic. Read more in the Python agent Custom processors docs.
Ruby
editadd_filter()
: Drop APM events before they are sent to Elastic. Read more in the Ruby agent API docs.