Keep APM data secure

[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.

Required role

The Editor role or higher is required to create and manage API keys. To learn more, refer to Assign user roles and privileges.

When setting up Elastic APM, it’s essential to ensure that the data collected by APM agents is sent to Elastic securely and that sensitive data is protected.

Secure communication with APM agents

edit

Communication between APM agents and the managed intake service is both encrypted and authenticated. Requests without a valid API key will be denied.

Create a new API key

edit

To create a new API key:

In your Observability project, go to any Applications page.
Click Settings.
Select the APM agent keys tab.
Click Create APM agent key.
Name the key and assign privileges to it.
Click Create APM agent key.
Copy the key now. You will not be able to see it again. API keys do not expire.

Delete an API key

edit

To delete an API key:

From any of the Application pages, click Settings.
Select the APM agent keys tab.
Search for the API key you want to delete.
Click the trash can icon to delete the selected API key.

View existing API keys

edit

To view all API keys for your project:

Expand Project settings.
Select Management.
Select API keys.

Data security

edit

When setting up Elastic APM, it’s essential to review all captured data carefully to ensure it doesn’t contain sensitive information like passwords, credit card numbers, or health data.

Some APM agents offer a way to manipulate or drop APM events before they leave your services. Refer to the relevant agent’s documentation for more information and examples:

Java

edit

include_process_args: Remove process arguments from transactions. This option is disabled by default. Read more in the Java agent configuration docs.

.NET

edit

Filter API: Drop APM events before they are sent to Elastic. Read more in the .NET agent Filter API docs.

Node.js

edit

addFilter(): Drop APM events before they are sent to Elastic. Read more in the Node.js agent API docs.
captureExceptions: Remove errors raised by the server-side process by disabling the captureExceptions configuration option. Read more in the Node.js agent configuration docs.

Python

edit

Custom processors: Drop APM events before they are sent to Elastic. Read more in the Python agent Custom processors docs.

Ruby

edit

add_filter(): Drop APM events before they are sent to Elastic. Read more in the Ruby agent API docs.

« Stacktrace collection Troubleshooting »