Invalidated / Expired API Keys not being cleaned up

Hi

Our use case requires us to utilise short(ish) lived API Keys. After reading the documentation I was under the impression that expired / invalidated API Keys would be automatically deleted after a period of time (I think it is 7 days?). However when I looked into the .security index I discovered more the 30000 API Keys (some with quite complex role descriptors) dating back 7 months.

We are using the Elasticsearch Managed Service (8.11.1) hosted on AWS.

Can anyone shed some light on why the API Keys wouldn't be automatically cleaned up?

Thanks

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.