I'm on Elastic Cloud 8.9.1 using the Kibana Fleet APIs to pull agent information. In trying to figure out the minimum permissions needed for /api/fleet/agents, I have created a user account with a custom role with permissions:
- Elasticsearch - none
- Kibana - All Spaces: Fleet - All, Integrations - Read
Submitting requests to [my_kibana_endpoint]/api/fleet/agents using that account is returning correct results. I am wondering if it is possible to create an API key with those same minimum permissions rather than user:password authentication for scripting.
Examples at Kibana Fleet APIs | Fleet and Elastic Agent Guide [8.10] | Elastic show using an API Key in the sample requests. However, with role descriptors for API keys I'm unsure how to specify Kibana only permissions but maybe that's not possible? Can someone point me in the right direction?