This documentation contains work-in-progress information for future Elastic Stack and Cloud releases. Use the version selector to view supported release docs. It also contains some Elastic Cloud serverless information. Check out our serverless docs for more details.
Create agent key
editCreate agent key
editCreate an APM agent API key. Specify API key privileges in the request body at creation time.
The user creating an APM agent API key must have at least the manage_own_api_key
cluster privilege
and the APM application-level privileges that it wishes to grant.
The example below uses the Kibana role management API to create a role named apm_agent_key_user
.
Create and assign this role to a user that wishes to create APM agent API keys.
POST /_security/role/apm_agent_key_user { "cluster": ["manage_own_api_key"], "applications": [ { "application": "kibana-.kibana", "privileges": ["feature_apm.all"], "resources": ["*"] }, { "application": "apm", "privileges": ["event:write", "config_agent:read"], "resources": ["*"] } ] }
POST /api/apm/agent_keys
-
name
- (required, string) Name of the APM agent key.
-
privileges
-
(required, array) APM agent key privileges. It can take one or more of the following values:
-
event:write
. Required for ingesting APM agent events. -
config_agent:read
. Required for APM agents to read agent configuration remotely.
-
POST /api/apm/agent_keys { "name": "apm-key", "privileges": ["event:write", "config_agent:read"] }
{ "agentKey": { "id": "3DCLmn0B3ZMhLUa7WBG9", "name": "apm-key", "api_key": "PjGloCGOTzaZr8ilUPvkjA", "encoded": "M0RDTG1uMEIzWk1oTFVhN1dCRzk6UGpHbG9DR09UemFacjhpbFVQdmtqQQ==" } }
Once created, you can copy the API key (Base64 encoded) and use it to to authorize requests from APM agents to the APM Server.