Grant privileges and roles needed for API key management
editGrant privileges and roles needed for API key management
editThis documentation refers to configuring the standalone (legacy) APM Server. This method of running APM Server will be deprecated and removed in a future release. Please consider upgrading to Fleet and the APM integration.
You can configure API keys to authorize requests to APM Server. To create an APM Server user with the required privileges for creating and managing API keys:
-
Create an API key role, called something like
apm_api_key
, that has the followingcluster
level privileges:Privilege Purpose manage_own_api_key
Allow APM Server to create, retrieve, and invalidate API keys
-
Depending on what the API key role will be used for, also assign the appropriate
apm
application-level privileges:-
To receive Agent configuration, assign
config_agent:read
. -
To ingest agent data, assign
event:write
. -
To upload sourcemaps, assign
sourcemap:write
.
-
To receive Agent configuration, assign
- Assign the API key role role to users that need to create and manage API keys. Users with this role can only create API keys that have the same or lower access rights.
Example API key role
editThe following example assigns the required cluster privileges,
and the ingest agent data apm
API key application privileges to a role named apm_api_key
: