Secret tokenedit
Secret tokens are sent as plain-text, so they only provide security when used in combination with TLS.
Define a secret token in the APM integration settings. When defined, secret tokens are used to authorize requests to the APM Server. Both the APM agent and APM integration must be configured with the same secret token for the request to be accepted.
To secure the communication between APM agents and the APM Server with a secret token:
- Make sure TLS is enabled
- Create a secret token
- Configure the secret token in your APM agents
Secret tokens are not applicable for the RUM Agent, as there is no way to prevent them from being publicly exposed.
Create a secret tokenedit
Define a secret token in the APM integration settings. Alternatively, Elasticsearch Service and Elastic Cloud Enterprise deployments provision a secret token when the deployment is created. The secret token can be found and reset in the Elastic Cloud console under Deployments — APM & Fleet.
Configure the secret token in your APM agentsedit
Each Elastic APM agent has a configuration option to set the value of the secret token:
-
Go agent:
ELASTIC_APM_SECRET_TOKEN
-
iOS agent:
secretToken
-
Java agent:
secret_token
-
.NET agent:
ELASTIC_APM_SECRET_TOKEN
-
Node.js agent:
Secret Token
-
PHP agent:
secret_token
-
Python agent:
secret_token
-
Ruby agent:
secret_token
In addition to setting the secret token, ensure the configured server URL uses HTTPS
instead of HTTP
:
-
Go agent:
ELASTIC_APM_SERVER_URL
-
Java agent:
server_urls
-
.NET agent:
ServerUrl
-
Node.js agent:
serverUrl
-
PHP agent:
server_url
-
Python agent:
server_url
-
Ruby agent:
server_url