API Key delete by mistake in stack Management

Hi ,
I have by mistake deleted API keys (while doing some manipulations following a test to add a Linux server on the SIEM).
I would like to know if it is possible to restore his keys?
I have Veeam backups .
I would like to know where his keys are stored and wich agent restore ?
there is no key history?

Thanks in advance

You would need to restore the security index from a recent snapshot, but you can't do that from a Veeam backup. From the docs:

Taking a snapshot is the only reliable and supported way to back up a cluster. You cannot back up an Elasticsearch cluster by making copies of the data directories of its nodes. There are no supported methods to restore any data from a filesystem-level backup. If you try to restore a cluster from such a backup, it may fail with reports of corruption or missing files or other data inconsistencies, or it may appear to have succeeded having silently lost some of your data.

thank you for answering me if I don't have snapshots included in my Elasticsearch it won't be possible for me to recover them? is that what you are telling me?

Yes, if you do not have snapshots of your security index you will not able to recover the deleted key.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.