From 87c0c2c8306f37760f8887f06c6f6f299689c418 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 20 May 2026 20:34:56 +0000 Subject: [PATCH 1/3] Initial plan From be062d04062b4cb6fd68d20b1f4c280acc2326c8 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 20 May 2026 20:36:56 +0000 Subject: [PATCH 2/3] docs: rename API key toggle to Control security privileges Agent-Logs-Url: https://github.com/elastic/docs-content/sessions/594d6934-9ca4-415f-a12d-42bc784beddb Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> --- deploy-manage/api-keys/serverless-project-api-keys.md | 2 +- serverless/pages/api-keys.asciidoc | 6 +++--- solutions/observability/apm/grant-access-using-api-keys.md | 4 ++-- ...tor-amazon-web-services-aws-with-amazon-data-firehose.md | 2 +- .../cloud/monitor-aws-network-firewall-logs.md | 2 +- solutions/observability/cloud/monitor-cloudtrail-logs.md | 2 +- solutions/observability/cloud/monitor-cloudwatch-logs.md | 2 +- .../cloud/monitor-web-application-firewall-waf-logs.md | 2 +- 8 files changed, 11 insertions(+), 11 deletions(-) diff --git a/deploy-manage/api-keys/serverless-project-api-keys.md b/deploy-manage/api-keys/serverless-project-api-keys.md index 8dffcada24..9cced38437 100644 --- a/deploy-manage/api-keys/serverless-project-api-keys.md +++ b/deploy-manage/api-keys/serverless-project-api-keys.md @@ -79,7 +79,7 @@ For the `role_descriptors` object schema, check out the [`/_security/api_key` en ## Update an API key [api-keys-update-an-api-key] -In **API keys**, click on the name of the key. You can update only **Restrict privileges** and **Include metadata**. +In **API keys**, click on the name of the key. You can update only **Control security privileges** and **Include metadata**. ## View and delete API keys [api-keys-view-and-delete-api-keys] diff --git a/serverless/pages/api-keys.asciidoc b/serverless/pages/api-keys.asciidoc index d3a1519db0..4efac0cdd1 100644 --- a/serverless/pages/api-keys.asciidoc +++ b/serverless/pages/api-keys.asciidoc @@ -60,9 +60,9 @@ authenticate access using a web browser. [discrete] [[api-keys-restrict-privileges]] -=== Restrict privileges +=== Control security privileges -When you create or update an API key, use **Restrict privileges** to limit the permissions. Define the permissions using a JSON `role_descriptors` object, where you specify one or more roles and the associated privileges. +When you create or update an API key, use **Control security privileges** to limit the permissions. Define the permissions using a JSON `role_descriptors` object, where you specify one or more roles and the associated privileges. For example, the following `role_descriptors` object defines a `books-read-only` role that limits the API key to `read` privileges on the `books` index. @@ -94,7 +94,7 @@ For the `role_descriptors` object schema, check out the {ref}/security-api-creat == Update an API key In **{api-keys-app}**, click on the name of the key. -You can update only **Restrict privileges** and **Include metadata**. +You can update only **Control security privileges** and **Include metadata**. // TBD: Refer to the update API key documentation to learn more about updating personal API keys. diff --git a/solutions/observability/apm/grant-access-using-api-keys.md b/solutions/observability/apm/grant-access-using-api-keys.md index 45fb8a11ee..207a99a1df 100644 --- a/solutions/observability/apm/grant-access-using-api-keys.md +++ b/solutions/observability/apm/grant-access-using-api-keys.md @@ -30,7 +30,7 @@ To create an API key: :screenshot: ::: -3. Enter a name for your API key and select **Restrict privileges**. In the role descriptors box, assign the appropriate privileges to the new API key. For example: +3. Enter a name for your API key and enable **Control security privileges**. In the role descriptors box, assign the appropriate privileges to the new API key. For example: ```json { @@ -101,7 +101,7 @@ To open the **API keys** management page, find it in the navigation menu or use :screenshot: ::: -Enter a name for your API key and select **Restrict privileges**. In the role descriptors box, assign the appropriate privileges to the new API key. For example: +Enter a name for your API key and enable **Control security privileges**. In the role descriptors box, assign the appropriate privileges to the new API key. For example: ```json { diff --git a/solutions/observability/cloud/monitor-amazon-web-services-aws-with-amazon-data-firehose.md b/solutions/observability/cloud/monitor-amazon-web-services-aws-with-amazon-data-firehose.md index e5f08b3f27..040a0fda81 100644 --- a/solutions/observability/cloud/monitor-amazon-web-services-aws-with-amazon-data-firehose.md +++ b/solutions/observability/cloud/monitor-amazon-web-services-aws-with-amazon-data-firehose.md @@ -56,7 +56,7 @@ For advanced use cases, source records can be transformed by invoking a custom L From the **Destination settings** panel, specify the following settings: * **Elastic endpoint URL**: Enter the Elastic endpoint URL of your Elasticsearch cluster. To find the Elasticsearch endpoint, go to the {{ecloud}} Console and select **Connection details**. Make sure the endpoint is in the following format: `https://.es...elastic-cloud.com`. -* **API key**: Enter the encoded Elastic API key. This can be created in Kibana by following the instructions under [API Keys](/deploy-manage/api-keys.md). If you are using an API key with **Restrict privileges**, make sure to review the Indices privileges to provide at least "auto_configure" & "write" permissions for the indices you will be using with this delivery stream. +* **API key**: Enter the encoded Elastic API key. This can be created in Kibana by following the instructions under [API Keys](/deploy-manage/api-keys.md). If you are using an API key with **Control security privileges** enabled, make sure to review the Indices privileges to provide at least "auto_configure" & "write" permissions for the indices you will be using with this delivery stream. * **Content encoding**: To reduce the data transfer costs, use GZIP encoding. * **Retry duration**: Determines how long Firehose continues retrying the request in the event of an error. A duration between 60 and 300 seconds should be suitable for most use cases. * **Parameters**: diff --git a/solutions/observability/cloud/monitor-aws-network-firewall-logs.md b/solutions/observability/cloud/monitor-aws-network-firewall-logs.md index 8d65cbe0ed..87f3d6eafb 100644 --- a/solutions/observability/cloud/monitor-aws-network-firewall-logs.md +++ b/solutions/observability/cloud/monitor-aws-network-firewall-logs.md @@ -76,7 +76,7 @@ Creating a Network Firewall is not trivial and is beyond the scope of this guide 1. Go to the [Elastic Cloud](https://cloud.elastic.co/) console 2. Select **Open Kibana**. - 3. Open the **API keys** management page in the navigation menu or using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md), then click **Create API key**. If you are using an API key with **Restrict privileges**, make sure to review the Indices privileges to provide at least `auto_configure` and `write` permissions for the indices you will be using with this delivery stream. + 3. Open the **API keys** management page in the navigation menu or using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md), then click **Create API key**. If you are using an API key with **Control security privileges** enabled, make sure to review the Indices privileges to provide at least `auto_configure` and `write` permissions for the indices you will be using with this delivery stream. 4. Set up the delivery stream by specifying the following data: diff --git a/solutions/observability/cloud/monitor-cloudtrail-logs.md b/solutions/observability/cloud/monitor-cloudtrail-logs.md index 22c4944817..c977e6b41c 100644 --- a/solutions/observability/cloud/monitor-cloudtrail-logs.md +++ b/solutions/observability/cloud/monitor-cloudtrail-logs.md @@ -102,7 +102,7 @@ You now have a CloudWatch log group with events coming from CloudTrail. For more 1. Go to the [Elastic Cloud](https://cloud.elastic.co/) console 2. Select **Open Kibana**. - 3. Open the **API keys** management page in the navigation menu or using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md), then click **Create API key**. If you are using an API key with **Restrict privileges**, make sure to review the Indices privileges to provide at least `auto_configure` and `write` permissions for the indices you will be using with this delivery stream. + 3. Open the **API keys** management page in the navigation menu or using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md), then click **Create API key**. If you are using an API key with **Control security privileges** enabled, make sure to review the Indices privileges to provide at least `auto_configure` and `write` permissions for the indices you will be using with this delivery stream. 2. Set up the delivery stream by specifying the following data: diff --git a/solutions/observability/cloud/monitor-cloudwatch-logs.md b/solutions/observability/cloud/monitor-cloudwatch-logs.md index 41366aa2cf..b2d8c46875 100644 --- a/solutions/observability/cloud/monitor-cloudwatch-logs.md +++ b/solutions/observability/cloud/monitor-cloudwatch-logs.md @@ -125,7 +125,7 @@ Take note of the log group name for this Lambda function, as you will need it in 1. Go to the [Elastic Cloud](https://cloud.elastic.co/) console 2. Select **Open Kibana**. - 3. Open the **API keys** management page in the navigation menu or using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md), then click **Create API key**.If you are using an API key with **Restrict privileges**, make sure to review the Indices privileges to provide at least `auto_configure` and `write` permissions for the indices you will be using with this delivery stream. + 3. Open the **API keys** management page in the navigation menu or using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md), then click **Create API key**. If you are using an API key with **Control security privileges** enabled, make sure to review the Indices privileges to provide at least `auto_configure` and `write` permissions for the indices you will be using with this delivery stream. * **Content encoding**: To reduce the data transfer costs, use GZIP encoding. * **Retry duration**: Determines how long Firehose continues retrying the request in the event of an error. A duration between 60 and 300 seconds should be suitable for most use cases. diff --git a/solutions/observability/cloud/monitor-web-application-firewall-waf-logs.md b/solutions/observability/cloud/monitor-web-application-firewall-waf-logs.md index 05f17ceea3..cfca850834 100644 --- a/solutions/observability/cloud/monitor-web-application-firewall-waf-logs.md +++ b/solutions/observability/cloud/monitor-web-application-firewall-waf-logs.md @@ -71,7 +71,7 @@ For advanced use cases, source records can be transformed by invoking a custom L 1. Go to the [Elastic Cloud](https://cloud.elastic.co/) console 2. Select **Open Kibana**. - 3. Open the **API keys** management page in the navigation menu or using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md), then click **Create API key**. If you are using an API key with **Restrict privileges**, make sure to review the Indices privileges to provide at least `auto_configure` and `write` permissions for the indices you will be using with this delivery stream. + 3. Open the **API keys** management page in the navigation menu or using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md), then click **Create API key**. If you are using an API key with **Control security privileges** enabled, make sure to review the Indices privileges to provide at least `auto_configure` and `write` permissions for the indices you will be using with this delivery stream. * **Content encoding**: For a better network efficiency, leave content encoding set to GZIP. * **Retry duration**: Determines how long Firehose continues retrying the request in the event of an error. A duration of 60-300s should be suitable for most use cases. From 23aaed28fb1381f7be8ec9d293c10e5ba5c4d563 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Wed, 20 May 2026 21:50:03 -0400 Subject: [PATCH 3/3] reverts changes to asciidoc file --- serverless/pages/api-keys.asciidoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/serverless/pages/api-keys.asciidoc b/serverless/pages/api-keys.asciidoc index 4efac0cdd1..d3a1519db0 100644 --- a/serverless/pages/api-keys.asciidoc +++ b/serverless/pages/api-keys.asciidoc @@ -60,9 +60,9 @@ authenticate access using a web browser. [discrete] [[api-keys-restrict-privileges]] -=== Control security privileges +=== Restrict privileges -When you create or update an API key, use **Control security privileges** to limit the permissions. Define the permissions using a JSON `role_descriptors` object, where you specify one or more roles and the associated privileges. +When you create or update an API key, use **Restrict privileges** to limit the permissions. Define the permissions using a JSON `role_descriptors` object, where you specify one or more roles and the associated privileges. For example, the following `role_descriptors` object defines a `books-read-only` role that limits the API key to `read` privileges on the `books` index. @@ -94,7 +94,7 @@ For the `role_descriptors` object schema, check out the {ref}/security-api-creat == Update an API key In **{api-keys-app}**, click on the name of the key. -You can update only **Control security privileges** and **Include metadata**. +You can update only **Restrict privileges** and **Include metadata**. // TBD: Refer to the update API key documentation to learn more about updating personal API keys.