mirror of
https://github.com/elastic/elasticsearch.git
synced 2025-06-29 09:54:06 -04:00
100 lines
3 KiB
Text
100 lines
3 KiB
Text
[role="xpack"]
|
|
[[security-api-get-service-credentials]]
|
|
=== Get service account credentials API
|
|
++++
|
|
<titleabbrev>Get service account credentials</titleabbrev>
|
|
++++
|
|
|
|
.New API reference
|
|
[sidebar]
|
|
--
|
|
For the most up-to-date API details, refer to {api-es}/group/endpoint-security[Security APIs].
|
|
--
|
|
|
|
Retrieves all service credentials for a <<service-accounts,service account>>.
|
|
|
|
[[security-api-get-service-credentials-request]]
|
|
==== {api-request-title}
|
|
|
|
`GET /_security/service/<namespace>/<service>/credential`
|
|
|
|
[[security-api-get-service-credentials-prereqs]]
|
|
==== {api-prereq-title}
|
|
|
|
* To use this API, you must have at least the `read_security`
|
|
<<privileges-list-cluster,cluster privilege>> (or a greater privilege
|
|
such as `manage_service_account` or `manage_security`).
|
|
|
|
[[security-api-get-service-credentials-desc]]
|
|
==== {api-description-title}
|
|
|
|
Use this API to retrieve a list of credentials for a service account.
|
|
The response includes service account tokens that were created with the
|
|
<<security-api-create-service-token,create service account tokens API>>
|
|
as well as file-backed tokens from all nodes of the cluster.
|
|
|
|
NOTE: For tokens backed by the `service_tokens` file, the API collects
|
|
them from all nodes of the cluster. Tokens with the same name from
|
|
different nodes are assumed to be the same token and are only counted once
|
|
towards the total number of service tokens.
|
|
|
|
[[security-api-get-service-credentials-path-params]]
|
|
==== {api-path-parms-title}
|
|
|
|
`namespace`::
|
|
(Required, string) Name of the namespace.
|
|
|
|
`service`::
|
|
(Required, string) Name of the service name.
|
|
|
|
[[security-api-get-service-credentials-example]]
|
|
==== {api-examples-title}
|
|
The following request uses the <<security-api-create-service-token,create service account token API>> to create a service account token named `token1`
|
|
in the `elastic/fleet-server` service account:
|
|
|
|
[source,console]
|
|
----
|
|
POST /_security/service/elastic/fleet-server/credential/token/token1
|
|
----
|
|
|
|
The following request returns all credentials for the `elastic/fleet-server`
|
|
service account:
|
|
|
|
[source,console]
|
|
----
|
|
GET /_security/service/elastic/fleet-server/credential
|
|
----
|
|
// TEST[continued]
|
|
|
|
The response includes all credentials related to the specified service account:
|
|
|
|
[source,js]
|
|
----
|
|
{
|
|
"service_account": "elastic/fleet-server",
|
|
"count": 3,
|
|
"tokens": {
|
|
"token1": {}, <1>
|
|
"token42": {} <2>
|
|
},
|
|
"nodes_credentials": { <3>
|
|
"_nodes": { <4>
|
|
"total": 3,
|
|
"successful": 3,
|
|
"failed": 0
|
|
},
|
|
"file_tokens": { <5>
|
|
"my-token": {
|
|
"nodes": [ "node0", "node1" ] <6>
|
|
}
|
|
}
|
|
}
|
|
}
|
|
----
|
|
// NOTCONSOLE
|
|
<1> A new service account token backed by the `.security` index
|
|
<2> An existing service account token backed by the `.security` index
|
|
<3> This section contains service account credentials collected from all nodes of the cluster
|
|
<4> General status showing how nodes respond to the above collection request
|
|
<5> File-backed tokens collected from all nodes
|
|
<6> List of nodes that (file-backed) `my-token` is found
|