-
Notifications
You must be signed in to change notification settings - Fork 24.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[DOCS] Overview page for API keys #89115
Comments
Pinging @elastic/es-docs (Team:Docs) |
Pinging @elastic/es-security (Team:Security) |
I've labeled this @lockewritesdocs just wanted to confirm: putting together an ES-specific API keys overview page still makes sense, correct? I'm raising this now, since I will soon work on documentation for the new bulk update route; putting together an overview page first potentially lets us avoid duplicating yet more concepts in the new API docs. |
@n1v0lg, I absolutely think that an overview of API keys makes sense, and is necessary. I'm putting together an outline for an updated security guide, and authenticating with API keys is part of a section that I'm currently calling Machine authentication. The main content that's missing for a discussion of API keys is:
I think that the answer of when to use them is for when you're authenticating between machines, but we need to put more context around that usage. |
Related: #70702 |
This has become more important with the release of API key based remote cluster security in 8.10. We now have three types of API key (ES, cross cluster, and ESS). This can be confusing, so some guidance on when to use which type of key, and how to create it, would be useful. This doc would also be a good place to discuss how privileges work for the different keys. |
Description
We currently only have documentation around concrete APIs for API keys, and no general overview page.
API keys are nuanced, both in terms when they should be used, as well as how their access scope is determined and configured.
We should introduce an overview page addressing (at a minimum):
role_descriptors
vs.limited_by_role_descriptors
)?This would furthermore allow us to move conceptual (and currently duplicated) information from concrete API docs (e.g. the
role_descriptors
explanation in the create API key API docs) into the overview page and converge on a single source of truth for these concepts (within ES docs, at least).Relates: #88499 (comment)
The text was updated successfully, but these errors were encountered: