- Legacy APM Server Reference:
- Overview
- Getting Started With APM Server
- Setting up APM Server
- Upgrading APM Server
- Configuring APM Server
- General configuration options
- Configure the output
- Parse data using ingest node pipelines
- SSL/TLS settings
- Load the Elasticsearch index template
- Index lifecycle management (ILM)
- Configure logging
- Configure the Kibana endpoint
- Set up Real User Monitoring (RUM) support
- Use environment variables in the configuration
- Configure project paths
- Securing APM Server
- Monitoring APM Server
- Real User Monitoring (RUM)
- Tune Data Ingestion
- Storage Management
- Intake API
- Exploring data in Elasticsearch
- Exported fields
- Troubleshooting
- Release notes
Configure authentication credentialsedit
When sending data to a secured cluster through the elasticsearch
output, APM Server must either provide basic authentication credentials
or present a client certificate.
Before you begin: Grant users access to secured resources.
You specify authentication credentials in the APM Server configuration file:
-
To use basic authentication, specify the
username
andpassword
settings underoutput.elasticsearch
. For example:Let’s assume this user has the privileges required to publish events to Elasticsearch.
The example shows a hard-coded password, but you should store sensitive values in the secrets keystore.
-
To use Public Key Infrastructure (PKI) certificates to authenticate users, configure the
certificate
andkey
settings. These settings assume that the distinguished name (DN) in the certificate is mapped to the appropriate roles in therole_mapping.yml
file on each node in the Elasticsearch cluster. For more information, see Using Role Mapping Files.output.elasticsearch: hosts: ["localhost:9200"] ssl.certificate: "/etc/pki/client/cert.pem" ssl.key: "/etc/pki/client/cert.key"
To learn more about Elastic Stack security features and other types of authentication, see Securing the Elastic Stack.