Hi
Our use case requires us to utilise short(ish) lived API Keys. After reading the documentation I was under the impression that expired / invalidated API Keys would be automatically deleted after a period of time (I think it is 7 days?). However when I looked into the .security index I discovered more the 30000 API Keys (some with quite complex role descriptors) dating back 7 months.
We are using the Elasticsearch Managed Service (8.11.1) hosted on AWS.
Can anyone shed some light on why the API Keys wouldn't be automatically cleaned up?
Thanks