github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-06-27 18:51:07 -04:00
Code Issues Projects Releases Packages Wiki Activity

[DOCS] Updating API key page in Kibana docs (#165599)

Browse source 
## Summary

This PR adds the new cross-cluster API key option to the [API Keys
page](https://www.elastic.co/guide/en/kibana/current/api-keys.html) and
makes some further edits to the page.

Relates to: #162363 & #163566

---------

Co-authored-by: István Zoltán Szabó <istvan.szabo@elastic.co>
This commit is contained in:
amyjtechwriter 2023-09-08 12:05:35 +01:00 committed by GitHub
parent 7d333f77d6
commit 4ffd7562ff
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 27 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
docs/user/security/api-keys/images/api-keys-details.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 362 KiB

BIN
docs/user/security/api-keys/images/api-keys.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 60 KiB

After

Width:  |  Height:  |  Size: 311 KiB

Before After
Before After

BIN
docs/user/security/api-keys/images/create-ccr-api-key.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 345 KiB

61
docs/user/security/api-keys/index.asciidoc
View file

@ -3,18 +3,17 @@
=== API Keys === API Keys
API keys enable you to create secondary credentials so that you can send API keys are security mechanisms used to authenticate and authorize access to {es} resources. They ensure that only authorized users or applications interact with {es}.
requests on behalf of a user. Secondary credentials have
the same or lower access rights.
For example, if you extract data from an {es} cluster on a daily For example, if you extract data from an {es} cluster on a daily basis, you might create an API key tied to your credentials, configure it with minimum access, and then put the API credentials into a cron job. Or you might create API keys to automate ingestion of new data from remote sources, without a live user interaction.
basis, you might create an API key tied to your credentials,
configure it with minimum access,
and then put the API credentials into a cron job.
Or, you might create API keys to automate ingestion of new data from
remote sources, without a live user interaction.
To manage API keys, open the main menu, then click *Stack Management > API Keys*. You can use {kib} to manage your different API keys:
* Personal API key: allows external services to access the Elastic Stack on behalf of a user.
* Cross-Cluster API key: allows remote clusters to connect to your local cluster.
* Managed API key: created and managed by Kibana to correctly run background tasks.
To manage API keys, open the main menu, then click *Stack Management > Security > API Keys*.
[role="screenshot"] [role="screenshot"]
image:images/api-keys.png["API Keys UI"] image:images/api-keys.png["API Keys UI"]
@ -23,51 +22,45 @@ image:images/api-keys.png["API Keys UI"]
[[api-keys-security-privileges]] [[api-keys-security-privileges]]
=== Security privileges === Security privileges
You must have the `manage_security`, `manage_api_key`, or the `manage_own_api_key` * To use API keys in {kib}, you must have the `manage_security`, `manage_api_key`, or the `manage_own_api_key` cluster privileges.
cluster privileges to use API keys in {kib}. API keys can also be seen in a readonly view with access to the page and the `read_security` cluster privilege. To manage roles, open the main menu, then click * To delete API keys, you must have the `manage_api_key` or `manage_own_api_key` privileges.
*Stack Management > Roles*, or use the <<role-management-api, {kib} Role Management API>>. * To create or update a *personal API key*, you must have the `manage_api_key` or the `manage_own_api_key` privilege.
* To create or update a *cross-cluster API key*, you must have the `manage_security` privilege and an Enterprise license.
* To have a read-only view on the API keys, you must have access to the page and the `read_security` cluster privilege.
To manage roles, open the main menu, then click *Stack Management > Security > Roles*, or use the <<role-management-api, {kib} Role Management API>>.
[float] [float]
[[create-api-key]] [[create-api-key]]
=== Create an API key === Create an API key
To create an API key, open the main menu, then click *Stack Management > API Keys > Create API key*. To create an API key, open the main menu, then click *Stack Management > Security > API Keys > Create API key*.
[role="screenshot"] [role="screenshot"]
image:images/create-api-key.png["Create API Key UI"] image:images/create-ccr-api-key.png["Create API Key UI"]
Once created, you can copy the API key (Base64 encoded) and use it to send requests to {es} on your behalf. For example:
[source,bash]
curl --location --request GET 'http://localhost:5601/api/security/role' \
--header 'Content-Type: application/json;charset=UTF-8' \
--header 'kbn-xsrf: true' \
--header 'Authorization: ApiKey aVZlLUMzSUJuYndxdDJvN0k1bU46aGxlYUpNS2lTa2FKeVZua1FnY1VEdw==' \
[IMPORTANT] Refer to the {ref}/security-api-create-api-key.html[create API key] documentation to learn more about creating personal API keys.
============================================================================
API keys are intended for programmatic access to {kib} and {es}. Do not use API keys to authenticate access via a web browser. Refer to the {ref}/security-api-create-cross-cluster-api-key.html[create cross-cluster API key] documentation to learn more about creating cross-cluster API keys.
============================================================================
[float] [float]
[[udpate-api-key]] [[udpate-api-key]]
=== Update an API key === Update an API key
To update an API key, open the main menu, click *Stack Management > API Keys*, and then click on the name of the key. To update an API key, open the main menu, click *Stack Management > Security > API Keys*, and then click on the name of the key. You cannot update the name or the type of API key.
You can only update the `Restrict privileges` and `metadata` fields. Refer to the {ref}/security-api-update-api-key.html[update API key] documentation to learn more about updating personal API keys.
Refer to the {ref}/security-api-update-cross-cluster-api-key.html[update cross-cluster API key] documentation to learn more about updating cross-cluster API keys.
[float] [float]
[[view-api-keys]] [[view-api-keys]]
=== View and delete API keys === View and delete API keys
The *API Keys* feature in Kibana lists your API keys, including the name, date created, and status. If an API key expires, its status changes from `Active` to `Expired`. The *API Keys* feature in {kib} lists your API keys, including the name, date created, and status. If an API key expires, its status changes from `Active` to `Expired`.
If you have `manage_security` or `manage_api_key` permissions, If you have `manage_security` or `manage_api_key` permissions, you can view the API keys of all users, and see which API key was created by which user in which realm.
you can view the API keys of all users, and see which API key was
created by which user in which realm.
If you have only the `manage_own_api_key` permission, you see only a list of your own keys. If you have only the `manage_own_api_key` permission, you see only a list of your own keys.
You can delete API keys individually or in bulk. You can delete API keys individually or in bulk, but you need the `manage_api_keys` or `manage_own_api_key` privileges.