Apikeys and elastic cloud

Hi all.
We use elastic cloud 7.12. We have also metricbeat and filebeat running on node and k8s cluster and for their configurations I use cloud.id and cloud.auth has ta user (beats_setup) with those privileges.
Now I'd like to change the cloud.auth with the apikeys.
How can I do that?
Should I create an apikey for the beats_setup user then simply replace cloud.auth the the apikeys entry?
Is that correct?
Cheers

There should be some steps here that should be straight forward to follow, let me know if its working out :slight_smile:

There is an example API call you can run from the kibana dev tools console to create the API key, instead of creating the key for the user, you are creating it for the role.

After that, as in the documentation, you can use the api_key instead of your cloud.id and cloud.auth:

    output.elasticsearch:
      api_key: TiNAGG4BaaMdaH1tRfuU:KnR6yE41RrSowb0kQ0HWoA

though you would still need to specify the hostname, in the cloud UI you can click on the specific cluster you want to connect to, and choose "Copy Endpoint" for Elasticsearch to get the endpoint if you want to.

Thanks heaps Marius.
I will give it a try but do you think I can still use cloud.id and then under output.elasticsearch the apikeys?
I find cloud.id a bit more secure then the hosts, which is the endpoint for elastic!

Cheers

I don't remember that out of my head unfortunately, in the documentation it states that:

cloud.id overwrites output.elasticsearch.hosts
cloud.auth overwrites output.elasticsearch.username and password

It does not say that you have to use both at the same time, but I honestly did not test that, as I usually use one or the other, so give it a try.

If using cloud.id + api key does not work, and you do not feel its secure to hardcode the ES endpoint, you could always store the elasticsearch endpoint in a environment variable, and use the environment variable in the config, similar to how its often done with passwords and api_keys as well.

Hope this helps! :slight_smile:

Ok thanks. I ve been using clou.id and cloud.auth for a while now but I was wondering if I can user cloud.id and then elasticsearch.host with apikey.

Do you think I can use only apikeys without cloud.id and cloud.auth?

Cheers

That won't be possible unfortunately, but you could try to use cloud.id and apikey, or you will have to use apikey and hosts.
The API key does not include the destination in any way, so it will have to get the host from either cloud.id or elasticsearch.host, though I have yet to try to use cloud.id without cloud.auth, so you would have to just give it a try :slight_smile:

For example:

cloud.id: CLOUDID
output.elasticsearch.api_key: APIKEY

perfect. Thanks
I will give it a try soon and let you know

Cheers

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.