How to delete revoked Fleet enrolment tokens

djkprojects · January 26, 2023, 1:11pm

Hi,

Is there a way to delete revoked Fleet enrolment tokens?

Thank you

stephenb · January 27, 2023, 12:19am

Hi @djkprojects Perhaps Read this...

Cristina_Amico · January 30, 2023, 10:32am

Hi @dkprojects,

Currently the delete enrollment tokens endpoints only allows to invalidate them, not to delete. It basically works as a soft delete.

What's your use case for deleting them?

Thanks,
Cristina

djkprojects · January 30, 2023, 10:45am

Hi,

The reason for deleting is simple. We have too many tokens that are not being used and they are cluttering the list making it hard to manage.

Thanks

Cristina_Amico · January 30, 2023, 11:11am

If you need a way to delete the inactive enrollment keys, you can use this workaround. First create a user with the system_indices superuser role, e.g.

Then, via Kibana dev tools in a session for the user with the above role, run the following delete_by_query operation

POST .fleet-enrollment-api-keys/_delete_by_query
{
  "query": {
    "match": { 
      "active": false
    }
  }
}

You could also simply filter the inactive enrollment keys out in the UI by adding active: false to the KQL search bar on the enrollment keys page.

--

Thanks,
Cristina

system · February 27, 2023, 11:12am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Enrollment Token deletion Elastic Agent fleet	11	1206	January 9, 2023
[SOLVED] Can not delete fleet enrollement tokens Elastic Search	0	13	October 28, 2024
Is it possible to remove unenrolled Agents from Fleet? Kibana fleet	2	849	November 15, 2023
Fleet: Unable to decrypt attribute "fleet_enroll_username" Kibana fleet	5	407	June 1, 2021
Elastic Agent Unenrollment Endpoint Security fleet	3	568	April 29, 2021

How to delete revoked Fleet enrolment tokens

Related topics