Clear service account token caches API

edit

Clear service account token caches API

edit

This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.

Evicts a subset of all entries from the service account token caches.

Request

edit

POST /_security/service/{namespace}/{service}/credential/token/{token_name}/_clear_cache

Prerequisites

edit

Description

edit

Two, separate caches exist for service account tokens: one cache for tokens backed by the service_tokens file, and another for tokens backed by the .security index. This API clears matching entries from both caches.

The cache for service account tokens backed by the .security index is cleared automatically on state changes of the security index. The cache for tokens backed by the service_tokens file is cleared automatically on file changes.

See Service accounts for more information.

Path parameters

edit
namespace
(Required, string) Name of the namespace.
service
(Required, string) Name of the service name.
token_name
(Required, string) Comma-separated list of token names to evict from the service account token caches. Use a wildcard (*) to evict all tokens that belong to a service account. Does not support other wildcard patterns.

Examples

edit

The following request clears the service account token cache for the token1 token:

POST /_security/service/elastic/fleet-server/credential/token/token1/_clear_cache

Specify multiple token names as a comma-separated list:

POST /_security/service/elastic/fleet-server/credential/token/token1,token2/_clear_cache

To clear all entries from the service account token caches, use a wildcard (*) in place of token names:

POST /_security/service/elastic/fleet-server/credential/token/*/_clear_cache