Authentication in elastic agent

Hi,
I am trying to understand how the authentication is handled in elastic agent for Elasticsearch. just like we have multiple options to configure beats to send data to Elasticsearch by giving api_key, id/pass or certificate so which option does the fleet server configure and which option is more secure?

With fleet-server and managed mode, the only option is API Keys as these will be generated for you automatically. In the case of standalone elastic agent it is up to you on what to use.

@ruflin even if I use production based and provide certificates, will fleet still use API_key based authentication? if yes, isn't this API_key based authentication less secure then certificate based authentication?