Clear service account token caches API
editClear service account token caches API
editThis functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.
Evicts a subset of all entries from the service account token caches.
Request
editPOST /_security/service/{namespace}/{service}/credential/token/{token_name}/_clear_cache
Prerequisites
edit-
To use this API, you must have at least the
manage_security
cluster privilege.
Description
editTwo, separate caches exist for service account tokens: one cache for tokens
backed by the service_tokens
file, and another for tokens backed by the
.security
index. This API clears matching entries from both caches.
The cache for service account tokens backed by the .security
index is cleared
automatically on state changes of the security index. The cache for tokens
backed by the service_tokens
file is cleared automatically on file changes.
See Service accounts for more information.
Path parameters
edit-
namespace
- (Required, string) Name of the namespace.
-
service
- (Required, string) Name of the service name.
-
token_name
-
(Required, string) Comma-separated list of token names to evict from the
service account token caches. Use a wildcard (
*
) to evict all tokens that belong to a service account. Does not support other wildcard patterns.
Examples
editThe following request clears the service account token cache for the token1
token:
POST /_security/service/elastic/fleet-server/credential/token/token1/_clear_cache
Specify multiple token names as a comma-separated list:
POST /_security/service/elastic/fleet-server/credential/token/token1,token2/_clear_cache
To clear all entries from the service account token caches, use a wildcard
(*
) in place of token names:
POST /_security/service/elastic/fleet-server/credential/token/*/_clear_cache