Fleet/Elastic-Agent trusted information from certificate


With 7.14.0 Elasticsearch has started validating agent.id using the .fleet_final_pipeline-1 (see the PR), which greatly improves security.

While using Elastic-Agent to fetch information from servers, e.g. web-logs, we would like to make sure that the hostname of the web-server the agent runs on is trusted and has not been tampered with. This would allow us to confidently link events to servers without looking up the agent.id. The certificate issued to the Elastic-Agent to converse with Fleet has cn=<hostname> as the subject name, so there is a trusted source of this information (the signed certificate).

Is there a way to associate that certificate subject name with the API key given to the Elastic-Agent (in the same way the agent.id is) so the .fleet_final_pipeline-1 can check the hostname or certificate subject name as well as just the agent.id?


I don't think it is something that can be done today. What do you think about opening a Github issue as a feature request for this?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.