- Elastic Cloud Serverless
- Elasticsearch
- Elastic Observability
- Get started
- Observability overview
- Elastic Observability Serverless billing dimensions
- Create an Observability project
- Quickstart: Monitor hosts with Elastic Agent
- Quickstart: Monitor your Kubernetes cluster with Elastic Agent
- Quickstart: Monitor hosts with OpenTelemetry
- Quickstart: Unified Kubernetes Observability with Elastic Distributions of OpenTelemetry (EDOT)
- Quickstart: Collect data with AWS Firehose
- Get started with dashboards
- Applications and services
- Application performance monitoring (APM)
- Get started with traces and APM
- Learn about data types
- Collect application data
- View and analyze data
- Act on data
- Use APM securely
- Reduce storage
- Managed intake service event API
- Troubleshooting
- Synthetic monitoring
- Get started
- Scripting browser monitors
- Configure lightweight monitors
- Manage monitors
- Work with params and secrets
- Analyze monitor data
- Monitor resources on private networks
- Use the CLI
- Configure a Synthetics project
- Multifactor Authentication for browser monitors
- Configure Synthetics settings
- Grant users access to secured resources
- Manage data retention
- Scale and architect a deployment
- Synthetics Encryption and Security
- Troubleshooting
- Application performance monitoring (APM)
- Infrastructure and hosts
- Logs
- Inventory
- Incident management
- Data set quality
- Observability AI Assistant
- Machine learning
- Reference
- Get started
- Elastic Security
- Elastic Security overview
- Security billing dimensions
- Create a Security project
- Elastic Security requirements
- Elastic Security UI
- AI for Security
- Ingest data
- Configure endpoint protection with Elastic Defend
- Manage Elastic Defend
- Endpoints
- Policies
- Trusted applications
- Event filters
- Host isolation exceptions
- Blocklist
- Optimize Elastic Defend
- Event capture and Elastic Defend
- Endpoint protection rules
- Identify antivirus software on your hosts
- Allowlist Elastic Endpoint in third-party antivirus apps
- Elastic Endpoint self-protection features
- Elastic Endpoint command reference
- Endpoint response actions
- Cloud Security
- Explore your data
- Dashboards
- Detection engine overview
- Rules
- Alerts
- Advanced Entity Analytics
- Investigation tools
- Asset management
- Manage settings
- Troubleshooting
- Manage your project
- Changelog
Use APM securely
editUse APM securely
editRequired role
The Editor role or higher is required to create and manage API keys. To learn more, refer to Assign user roles and privileges.
When setting up Elastic APM, it’s essential to ensure that the data collected by APM agents is sent to Elastic securely and that sensitive data is protected.
Secure communication with APM agents
editCommunication between APM agents and the managed intake service is both encrypted and authenticated. Requests without a valid API key will be denied.
Create a new API key
editTo create a new API key:
- In your Elastic Observability Serverless project, go to any Applications page.
- Click Settings.
- Select the APM agent keys tab.
- Click Create APM agent key.
- Name the key and assign privileges to it.
- Click Create APM agent key.
- Copy the key now. You will not be able to see it again. API keys do not expire.
Delete an API key
editTo delete an API key:
- From any of the Application pages, click Settings.
- Select the APM agent keys tab.
- Search for the API key you want to delete.
- Click the trash can icon to delete the selected API key.
View existing API keys
editTo view all API keys for your project:
- Expand Project settings.
- Select Management.
- Select API keys.
Data security
editWhen setting up Elastic APM, it’s essential to review all captured data carefully to ensure it doesn’t contain sensitive information like passwords, credit card numbers, or health data.
Some APM agents offer a way to manipulate or drop APM events before they leave your services. Refer to the relevant agent’s documentation for more information and examples:
Java
editinclude_process_args: Remove process arguments from transactions. This option is disabled by default. Read more in the Java agent configuration docs.
.NET
editFilter API: Drop APM events before they are sent to Elastic. Read more in the .NET agent Filter API docs.
Node.js
edit-
addFilter(): Drop APM events before they are sent to Elastic. Read more in the Node.js agent API docs. -
captureExceptions: Remove errors raised by the server-side process by disabling thecaptureExceptionsconfiguration option. Read more in the Node.js agent configuration docs.
Python
editCustom processors: Drop APM events before they are sent to Elastic. Read more in the Python agent Custom processors docs.
Ruby
editadd_filter(): Drop APM events before they are sent to Elastic. Read more in the Ruby agent API docs.
On this page