Hello,
im struggle to delete old enrollment tokens under: Kibana -> Fleet -> Enrollment Tokens
Neither in the ui nor via the api i'm able to delete them.
In the ui they just are flagged as inactive and via the api "api/v1/platform/configuration/security/enrollment-tokens/" i always receive a 404.
Does anybody know how i can delete the old tokens to that they are no longer visible in the ui?
Best regards
Fabian
Nobody?
Hi @FabianEidner Welcome to the Community.
As far as I can see there is no API to delete revoked enrollment tokens the Fleet API is fairly new, but it may be for a design reason that I am unaware of...
This should work.. it does for me BUT It is a Kibana API so if you want to run it from the Kibana -> Dev Tools
GET kbn:api/fleet/enrollment_api_keys
....^^^
That kbn says run the Kibana API not the default Elasticsearch Endpoint
Results
{
"list": [
{
"id": "d6f28b60-af85-467c-95ae-8c80004be22f",
"active": false,
"api_key_id": "JdcYB4UBeQ07SZYpp2KR",
"api_key": "SmRjWUI0VUJlUTA3U1pZcHAyS1I6aFVPQWJUR25TaVdET2l2R2NhcnhJdw==",
"name": "test-policy-to-delete (d6f28b60-af85-467c-95ae-8c80004be22f)",
"policy_id": "26ee3b10-f3e5-11ec-9d53-bf3420b4ec75",
"created_at": "2022-12-12T16:08:55.233Z"
},
{
"id": "b6784aa6-853a-4e72-9853-5e8a0b6328c2",
"active": true,
"api_key_id": "_Nz0coQBq24Jqo2-zNbX",
"api_key": "X056MGNvUUJxMjRKcW8yLXpOYlg6N0dna2VPY2JReWUzUU1kaEpHYVZHUQ==",
"name": "Default (b6784aa6-853a-4e72-9853-5e8a0b6328c2)",
"policy_id": "8d6a37f0-639c-11ed-a8ff-cbf0d36ff2a1",
"created_at": "2022-11-13T21:45:57.693Z"
},
....
If you run from curl / command line then you need to run the Kibana API per the docs to the Kibana Endpoint (not Elasticsearch Endpoint) see here you can use basic auth too.
curl --request GET \
--url 'https://my-kibana-host:9243/api/fleet/enrollment_api_keys' \
--header 'Authorization: ApiKey N2VLRDA0TUJIQ05MaGYydUZrN1Y6d2diMUdwSkRTWGFlSm1rSVZlc2JGQQ==' \
--header 'Content-Type: application/json' \
--header 'kbn-xsrf: true'
Hi @stephenb ,
thank you for the reply. Yes the GET is working, i did try a DELETE because i would like to delete the old tokens which are not longer usable.
Regarding the documentation: Delete enrollment token | Elastic Cloud Enterprise Reference [2.3] | Elastic
A DELETE should be possible as well, sadly i always get 404 
Best regards
Fabian
That is not the correct API ...
That is a completely separate API / Capability about adding / enrolling new Servers into Elastic Cloud Enterprise environment ... are you running Elastic Cloud Enterprise? I suspect Not, you would know if you were.
What are you running Self Managed or Elastic Cloud?
That API has nothing to do with Fleet / Agent Enrollment Tokens, similar names etc but not Fleet / Agent.
The only Fleet APIs are here:
Hi @stephenb,
ah okay maybe i did read the wrong docs. But in the docs provided by you there is a swagger documentation linked which do show a get and a delete for the enrollment api keys.
When i try to use the path provided by swagger i receive a:
{
"error": "no handler found for uri [/api/fleet/enrollment-api-keys] and method [GET]"
}
Is there a way in the ui to check which API url to use? Maybe the API url i use is wrong.
Awesome!! I did not see that so I just ran this
From Kibana - Dev Tools I just ran
DELETE kbn:api/fleet/enrollment_api_keys/d6f28b60-af85-467c-95ae-8c80004be22f
And it Worked,
{
"action": "deleted"
}
So Today I Learned from You!
So that API IS Valid and does work...
So the DELETE Curl would be something like
curl --request DELETE \
--url 'https://my-kibana-host:9243/api/fleet/enrollment_api_keys/d6f28b60-af85-467c-95ae-8c80004be22f' \
--header 'Authorization: ApiKey N2VLRDA0TUJIQ05MaGYydUZrN1Y6d2diMUdwSkRTWGFlSm1rSVZlc2JGQQ==' \
--header 'Content-Type: application/json' \
--header 'kbn-xsrf: true'
Show me EXACTLY how you are running the command... from what tool? from Kibana? From Curl, From some other tool ... the APIs work ... you just showed me 
I tested Postman it worked too!
Hi @stephenb,
yes this is working for me as well in the Dev Tools, thank you very much.
I only need to figure out why it won't work via postman
I bet i have the wrong url but i will figure it out!
Thank you very much!
Make sure you set those AND you are pointing to Kibana not Elasticsearch
Kibana APIs must point to Kibana : The Kibana endpoint is whatever you have our Browser pointed to for Kibana.
All the Elasticsearch APIs point to Elasticsearch... that is a common problem.
Hi @stephenb ,
i did tried it now multiple times, the response says "deleted" but is it still visible in the ui
It is also strange that when i execute the query multiple times for the same keyid it always returns with "deleted" 200
Looks broken to me
So the call can be executed in the DEV Tools but it does not do anything sadly.
But still thanks a lot for the help.
I think i will open a bug ticket.
Yup I see the same thing... I learned more
Yes Open a ticket BUT... I suspect support is going to tell you this about the API
Kibana Fleet APIs
This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
But I would submit it anyways so it shows up as a Bug.
And only Revoke is supported in the UI today not delete so that is supported, I suspect the Delete will come in the future...
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.