Docs Home
elasticstack 0.11.15 published on Wednesday, Apr 23, 2025 by elastic
elasticstack.ElasticsearchSecurityApiKey
Explore with Pulumi AI
elasticstack 0.11.15 published on Wednesday, Apr 23, 2025 by elastic
Creates an API key for access without requiring basic authentication. See, https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-api-key.html
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as elasticstack from "@pulumi/elasticstack";
const apiKeyElasticsearchSecurityApiKey = new elasticstack.ElasticsearchSecurityApiKey("apiKeyElasticsearchSecurityApiKey", {
roleDescriptors: JSON.stringify({
"role-a": {
cluster: ["all"],
indices: [{
names: ["index-a*"],
privileges: ["read"],
}],
},
}),
expiration: "1d",
metadata: JSON.stringify({
env: "testing",
open: false,
number: 49,
}),
});
// restriction on a role descriptor for an API key is supported since Elastic 8.9
const apiKeyWithRestriction = new elasticstack.ElasticsearchSecurityApiKey("apiKeyWithRestriction", {
roleDescriptors: JSON.stringify({
"role-a": {
cluster: ["all"],
indices: [{
names: ["index-a*"],
privileges: ["read"],
}],
restriction: {
workflows: ["search_application_query"],
},
},
}),
expiration: "1d",
metadata: JSON.stringify({
env: "testing",
open: false,
number: 49,
}),
});
export const apiKey = apiKeyElasticsearchSecurityApiKey;
import pulumi
import json
import pulumi_elasticstack as elasticstack
api_key_elasticsearch_security_api_key = elasticstack.ElasticsearchSecurityApiKey("apiKeyElasticsearchSecurityApiKey",
role_descriptors=json.dumps({
"role-a": {
"cluster": ["all"],
"indices": [{
"names": ["index-a*"],
"privileges": ["read"],
}],
},
}),
expiration="1d",
metadata=json.dumps({
"env": "testing",
"open": False,
"number": 49,
}))
# restriction on a role descriptor for an API key is supported since Elastic 8.9
api_key_with_restriction = elasticstack.ElasticsearchSecurityApiKey("apiKeyWithRestriction",
role_descriptors=json.dumps({
"role-a": {
"cluster": ["all"],
"indices": [{
"names": ["index-a*"],
"privileges": ["read"],
}],
"restriction": {
"workflows": ["search_application_query"],
},
},
}),
expiration="1d",
metadata=json.dumps({
"env": "testing",
"open": False,
"number": 49,
}))
pulumi.export("apiKey", api_key_elasticsearch_security_api_key)
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-terraform-provider/sdks/go/elasticstack/elasticstack"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"role-a": map[string]interface{}{
"cluster": []string{
"all",
},
"indices": []map[string]interface{}{
map[string]interface{}{
"names": []string{
"index-a*",
},
"privileges": []string{
"read",
},
},
},
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
tmpJSON1, err := json.Marshal(map[string]interface{}{
"env": "testing",
"open": false,
"number": 49,
})
if err != nil {
return err
}
json1 := string(tmpJSON1)
apiKeyElasticsearchSecurityApiKey, err := elasticstack.NewElasticsearchSecurityApiKey(ctx, "apiKeyElasticsearchSecurityApiKey", &elasticstack.ElasticsearchSecurityApiKeyArgs{
RoleDescriptors: pulumi.String(json0),
Expiration: pulumi.String("1d"),
Metadata: pulumi.String(json1),
})
if err != nil {
return err
}
tmpJSON2, err := json.Marshal(map[string]interface{}{
"role-a": map[string]interface{}{
"cluster": []string{
"all",
},
"indices": []map[string]interface{}{
map[string]interface{}{
"names": []string{
"index-a*",
},
"privileges": []string{
"read",
},
},
},
"restriction": map[string]interface{}{
"workflows": []string{
"search_application_query",
},
},
},
})
if err != nil {
return err
}
json2 := string(tmpJSON2)
tmpJSON3, err := json.Marshal(map[string]interface{}{
"env": "testing",
"open": false,
"number": 49,
})
if err != nil {
return err
}
json3 := string(tmpJSON3)
// restriction on a role descriptor for an API key is supported since Elastic 8.9
_, err = elasticstack.NewElasticsearchSecurityApiKey(ctx, "apiKeyWithRestriction", &elasticstack.ElasticsearchSecurityApiKeyArgs{
RoleDescriptors: pulumi.String(json2),
Expiration: pulumi.String("1d"),
Metadata: pulumi.String(json3),
})
if err != nil {
return err
}
ctx.Export("apiKey", apiKeyElasticsearchSecurityApiKey)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Elasticstack = Pulumi.Elasticstack;
return await Deployment.RunAsync(() =>
{
var apiKeyElasticsearchSecurityApiKey = new Elasticstack.ElasticsearchSecurityApiKey("apiKeyElasticsearchSecurityApiKey", new()
{
RoleDescriptors = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["role-a"] = new Dictionary<string, object?>
{
["cluster"] = new[]
{
"all",
},
["indices"] = new[]
{
new Dictionary<string, object?>
{
["names"] = new[]
{
"index-a*",
},
["privileges"] = new[]
{
"read",
},
},
},
},
}),
Expiration = "1d",
Metadata = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["env"] = "testing",
["open"] = false,
["number"] = 49,
}),
});
// restriction on a role descriptor for an API key is supported since Elastic 8.9
var apiKeyWithRestriction = new Elasticstack.ElasticsearchSecurityApiKey("apiKeyWithRestriction", new()
{
RoleDescriptors = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["role-a"] = new Dictionary<string, object?>
{
["cluster"] = new[]
{
"all",
},
["indices"] = new[]
{
new Dictionary<string, object?>
{
["names"] = new[]
{
"index-a*",
},
["privileges"] = new[]
{
"read",
},
},
},
["restriction"] = new Dictionary<string, object?>
{
["workflows"] = new[]
{
"search_application_query",
},
},
},
}),
Expiration = "1d",
Metadata = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["env"] = "testing",
["open"] = false,
["number"] = 49,
}),
});
return new Dictionary<string, object?>
{
["apiKey"] = apiKeyElasticsearchSecurityApiKey,
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.elasticstack.ElasticsearchSecurityApiKey;
import com.pulumi.elasticstack.ElasticsearchSecurityApiKeyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var apiKeyElasticsearchSecurityApiKey = new ElasticsearchSecurityApiKey("apiKeyElasticsearchSecurityApiKey", ElasticsearchSecurityApiKeyArgs.builder()
.roleDescriptors(serializeJson(
jsonObject(
jsonProperty("role-a", jsonObject(
jsonProperty("cluster", jsonArray("all")),
jsonProperty("indices", jsonArray(jsonObject(
jsonProperty("names", jsonArray("index-a*")),
jsonProperty("privileges", jsonArray("read"))
)))
))
)))
.expiration("1d")
.metadata(serializeJson(
jsonObject(
jsonProperty("env", "testing"),
jsonProperty("open", false),
jsonProperty("number", 49)
)))
.build());
// restriction on a role descriptor for an API key is supported since Elastic 8.9
var apiKeyWithRestriction = new ElasticsearchSecurityApiKey("apiKeyWithRestriction", ElasticsearchSecurityApiKeyArgs.builder()
.roleDescriptors(serializeJson(
jsonObject(
jsonProperty("role-a", jsonObject(
jsonProperty("cluster", jsonArray("all")),
jsonProperty("indices", jsonArray(jsonObject(
jsonProperty("names", jsonArray("index-a*")),
jsonProperty("privileges", jsonArray("read"))
))),
jsonProperty("restriction", jsonObject(
jsonProperty("workflows", jsonArray("search_application_query"))
))
))
)))
.expiration("1d")
.metadata(serializeJson(
jsonObject(
jsonProperty("env", "testing"),
jsonProperty("open", false),
jsonProperty("number", 49)
)))
.build());
ctx.export("apiKey", apiKeyElasticsearchSecurityApiKey);
}
}
resources:
apiKeyElasticsearchSecurityApiKey:
type: elasticstack:ElasticsearchSecurityApiKey
properties:
# Set the role descriptors
roleDescriptors:
fn::toJSON:
role-a:
cluster:
- all
indices:
- names:
- index-a*
privileges:
- read
# Set the expiration for the API key
expiration: 1d
# Set the custom metadata for this user
metadata:
fn::toJSON:
env: testing
open: false
number: 49
# restriction on a role descriptor for an API key is supported since Elastic 8.9
apiKeyWithRestriction:
type: elasticstack:ElasticsearchSecurityApiKey
properties:
# Set the role descriptors
roleDescriptors:
fn::toJSON:
role-a:
cluster:
- all
indices:
- names:
- index-a*
privileges:
- read
restriction:
workflows:
- search_application_query
# Set the expiration for the API key
expiration: 1d
# Set the custom metadata for this user
metadata:
fn::toJSON:
env: testing
open: false
number: 49
outputs:
apiKey: ${apiKeyElasticsearchSecurityApiKey}
Create ElasticsearchSecurityApiKey Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ElasticsearchSecurityApiKey(name: string, args?: ElasticsearchSecurityApiKeyArgs, opts?: CustomResourceOptions);@overload
def ElasticsearchSecurityApiKey(resource_name: str,
args: Optional[ElasticsearchSecurityApiKeyArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def ElasticsearchSecurityApiKey(resource_name: str,
opts: Optional[ResourceOptions] = None,
elasticsearch_connections: Optional[Sequence[ElasticsearchSecurityApiKeyElasticsearchConnectionArgs]] = None,
expiration: Optional[str] = None,
metadata: Optional[str] = None,
name: Optional[str] = None,
role_descriptors: Optional[str] = None)func NewElasticsearchSecurityApiKey(ctx *Context, name string, args *ElasticsearchSecurityApiKeyArgs, opts ...ResourceOption) (*ElasticsearchSecurityApiKey, error)public ElasticsearchSecurityApiKey(string name, ElasticsearchSecurityApiKeyArgs? args = null, CustomResourceOptions? opts = null)
public ElasticsearchSecurityApiKey(String name, ElasticsearchSecurityApiKeyArgs args)
public ElasticsearchSecurityApiKey(String name, ElasticsearchSecurityApiKeyArgs args, CustomResourceOptions options)
type: elasticstack:ElasticsearchSecurityApiKey
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ElasticsearchSecurityApiKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ElasticsearchSecurityApiKeyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ElasticsearchSecurityApiKeyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ElasticsearchSecurityApiKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ElasticsearchSecurityApiKeyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var elasticsearchSecurityApiKeyResource = new Elasticstack.ElasticsearchSecurityApiKey("elasticsearchSecurityApiKeyResource", new()
{
Expiration = "string",
Metadata = "string",
Name = "string",
RoleDescriptors = "string",
});
example, err := elasticstack.NewElasticsearchSecurityApiKey(ctx, "elasticsearchSecurityApiKeyResource", &elasticstack.ElasticsearchSecurityApiKeyArgs{
Expiration: pulumi.String("string"),
Metadata: pulumi.String("string"),
Name: pulumi.String("string"),
RoleDescriptors: pulumi.String("string"),
})
var elasticsearchSecurityApiKeyResource = new ElasticsearchSecurityApiKey("elasticsearchSecurityApiKeyResource", ElasticsearchSecurityApiKeyArgs.builder()
.expiration("string")
.metadata("string")
.name("string")
.roleDescriptors("string")
.build());
elasticsearch_security_api_key_resource = elasticstack.ElasticsearchSecurityApiKey("elasticsearchSecurityApiKeyResource",
expiration="string",
metadata="string",
name="string",
role_descriptors="string")
const elasticsearchSecurityApiKeyResource = new elasticstack.ElasticsearchSecurityApiKey("elasticsearchSecurityApiKeyResource", {
expiration: "string",
metadata: "string",
name: "string",
roleDescriptors: "string",
});
type: elasticstack:ElasticsearchSecurityApiKey
properties:
expiration: string
metadata: string
name: string
roleDescriptors: string
ElasticsearchSecurityApiKey Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ElasticsearchSecurityApiKey resource accepts the following input properties:
- Elasticsearch
Connections List<ElasticsearchSecurity Api Key Elasticsearch Connection> - Elasticsearch connection configuration block.
- Expiration string
- Expiration time for the API key. By default, API keys never expire.
- Metadata string
- Arbitrary metadata that you want to associate with the API key.
- Name string
- Specifies the name for this API key.
- Role
Descriptors string - Role descriptors for this API key.
- Elasticsearch
Connections []ElasticsearchSecurity Api Key Elasticsearch Connection Args - Elasticsearch connection configuration block.
- Expiration string
- Expiration time for the API key. By default, API keys never expire.
- Metadata string
- Arbitrary metadata that you want to associate with the API key.
- Name string
- Specifies the name for this API key.
- Role
Descriptors string - Role descriptors for this API key.
- elasticsearch
Connections List<ElasticsearchSecurity Api Key Elasticsearch Connection> - Elasticsearch connection configuration block.
- expiration String
- Expiration time for the API key. By default, API keys never expire.
- metadata String
- Arbitrary metadata that you want to associate with the API key.
- name String
- Specifies the name for this API key.
- role
Descriptors String - Role descriptors for this API key.
- elasticsearch
Connections ElasticsearchSecurity Api Key Elasticsearch Connection[] - Elasticsearch connection configuration block.
- expiration string
- Expiration time for the API key. By default, API keys never expire.
- metadata string
- Arbitrary metadata that you want to associate with the API key.
- name string
- Specifies the name for this API key.
- role
Descriptors string - Role descriptors for this API key.
- elasticsearch_
connections Sequence[ElasticsearchSecurity Api Key Elasticsearch Connection Args] - Elasticsearch connection configuration block.
- expiration str
- Expiration time for the API key. By default, API keys never expire.
- metadata str
- Arbitrary metadata that you want to associate with the API key.
- name str
- Specifies the name for this API key.
- role_
descriptors str - Role descriptors for this API key.
- elasticsearch
Connections List<Property Map> - Elasticsearch connection configuration block.
- expiration String
- Expiration time for the API key. By default, API keys never expire.
- metadata String
- Arbitrary metadata that you want to associate with the API key.
- name String
- Specifies the name for this API key.
- role
Descriptors String - Role descriptors for this API key.
Outputs
All input properties are implicitly available as output properties. Additionally, the ElasticsearchSecurityApiKey resource produces the following output properties:
- Api
Key string - Generated API Key.
- Encoded string
- API key credentials which is the Base64-encoding of the UTF-8 representation of the id and api_key joined by a colon (:).
- Expiration
Timestamp double - Expiration time in milliseconds for the API key. By default, API keys never expire.
- Id string
- The provider-assigned unique ID for this managed resource.
- Key
Id string - Unique id for this API key.
- Api
Key string - Generated API Key.
- Encoded string
- API key credentials which is the Base64-encoding of the UTF-8 representation of the id and api_key joined by a colon (:).
- Expiration
Timestamp float64 - Expiration time in milliseconds for the API key. By default, API keys never expire.
- Id string
- The provider-assigned unique ID for this managed resource.
- Key
Id string - Unique id for this API key.
- api
Key String - Generated API Key.
- encoded String
- API key credentials which is the Base64-encoding of the UTF-8 representation of the id and api_key joined by a colon (:).
- expiration
Timestamp Double - Expiration time in milliseconds for the API key. By default, API keys never expire.
- id String
- The provider-assigned unique ID for this managed resource.
- key
Id String - Unique id for this API key.
- api
Key string - Generated API Key.
- encoded string
- API key credentials which is the Base64-encoding of the UTF-8 representation of the id and api_key joined by a colon (:).
- expiration
Timestamp number - Expiration time in milliseconds for the API key. By default, API keys never expire.
- id string
- The provider-assigned unique ID for this managed resource.
- key
Id string - Unique id for this API key.
- api_
key str - Generated API Key.
- encoded str
- API key credentials which is the Base64-encoding of the UTF-8 representation of the id and api_key joined by a colon (:).
- expiration_
timestamp float - Expiration time in milliseconds for the API key. By default, API keys never expire.
- id str
- The provider-assigned unique ID for this managed resource.
- key_
id str - Unique id for this API key.
- api
Key String - Generated API Key.
- encoded String
- API key credentials which is the Base64-encoding of the UTF-8 representation of the id and api_key joined by a colon (:).
- expiration
Timestamp Number - Expiration time in milliseconds for the API key. By default, API keys never expire.
- id String
- The provider-assigned unique ID for this managed resource.
- key
Id String - Unique id for this API key.
Look up Existing ElasticsearchSecurityApiKey Resource
Get an existing ElasticsearchSecurityApiKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ElasticsearchSecurityApiKeyState, opts?: CustomResourceOptions): ElasticsearchSecurityApiKey@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
api_key: Optional[str] = None,
elasticsearch_connections: Optional[Sequence[ElasticsearchSecurityApiKeyElasticsearchConnectionArgs]] = None,
encoded: Optional[str] = None,
expiration: Optional[str] = None,
expiration_timestamp: Optional[float] = None,
key_id: Optional[str] = None,
metadata: Optional[str] = None,
name: Optional[str] = None,
role_descriptors: Optional[str] = None) -> ElasticsearchSecurityApiKeyfunc GetElasticsearchSecurityApiKey(ctx *Context, name string, id IDInput, state *ElasticsearchSecurityApiKeyState, opts ...ResourceOption) (*ElasticsearchSecurityApiKey, error)public static ElasticsearchSecurityApiKey Get(string name, Input<string> id, ElasticsearchSecurityApiKeyState? state, CustomResourceOptions? opts = null)public static ElasticsearchSecurityApiKey get(String name, Output<String> id, ElasticsearchSecurityApiKeyState state, CustomResourceOptions options)resources: _: type: elasticstack:ElasticsearchSecurityApiKey get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Api
Key string - Generated API Key.
- Elasticsearch
Connections List<ElasticsearchSecurity Api Key Elasticsearch Connection> - Elasticsearch connection configuration block.
- Encoded string
- API key credentials which is the Base64-encoding of the UTF-8 representation of the id and api_key joined by a colon (:).
- Expiration string
- Expiration time for the API key. By default, API keys never expire.
- Expiration
Timestamp double - Expiration time in milliseconds for the API key. By default, API keys never expire.
- Key
Id string - Unique id for this API key.
- Metadata string
- Arbitrary metadata that you want to associate with the API key.
- Name string
- Specifies the name for this API key.
- Role
Descriptors string - Role descriptors for this API key.
- Api
Key string - Generated API Key.
- Elasticsearch
Connections []ElasticsearchSecurity Api Key Elasticsearch Connection Args - Elasticsearch connection configuration block.
- Encoded string
- API key credentials which is the Base64-encoding of the UTF-8 representation of the id and api_key joined by a colon (:).
- Expiration string
- Expiration time for the API key. By default, API keys never expire.
- Expiration
Timestamp float64 - Expiration time in milliseconds for the API key. By default, API keys never expire.
- Key
Id string - Unique id for this API key.
- Metadata string
- Arbitrary metadata that you want to associate with the API key.
- Name string
- Specifies the name for this API key.
- Role
Descriptors string - Role descriptors for this API key.
- api
Key String - Generated API Key.
- elasticsearch
Connections List<ElasticsearchSecurity Api Key Elasticsearch Connection> - Elasticsearch connection configuration block.
- encoded String
- API key credentials which is the Base64-encoding of the UTF-8 representation of the id and api_key joined by a colon (:).
- expiration String
- Expiration time for the API key. By default, API keys never expire.
- expiration
Timestamp Double - Expiration time in milliseconds for the API key. By default, API keys never expire.
- key
Id String - Unique id for this API key.
- metadata String
- Arbitrary metadata that you want to associate with the API key.
- name String
- Specifies the name for this API key.
- role
Descriptors String - Role descriptors for this API key.
- api
Key string - Generated API Key.
- elasticsearch
Connections ElasticsearchSecurity Api Key Elasticsearch Connection[] - Elasticsearch connection configuration block.
- encoded string
- API key credentials which is the Base64-encoding of the UTF-8 representation of the id and api_key joined by a colon (:).
- expiration string
- Expiration time for the API key. By default, API keys never expire.
- expiration
Timestamp number - Expiration time in milliseconds for the API key. By default, API keys never expire.
- key
Id string - Unique id for this API key.
- metadata string
- Arbitrary metadata that you want to associate with the API key.
- name string
- Specifies the name for this API key.
- role
Descriptors string - Role descriptors for this API key.
- api_
key str - Generated API Key.
- elasticsearch_
connections Sequence[ElasticsearchSecurity Api Key Elasticsearch Connection Args] - Elasticsearch connection configuration block.
- encoded str
- API key credentials which is the Base64-encoding of the UTF-8 representation of the id and api_key joined by a colon (:).
- expiration str
- Expiration time for the API key. By default, API keys never expire.
- expiration_
timestamp float - Expiration time in milliseconds for the API key. By default, API keys never expire.
- key_
id str - Unique id for this API key.
- metadata str
- Arbitrary metadata that you want to associate with the API key.
- name str
- Specifies the name for this API key.
- role_
descriptors str - Role descriptors for this API key.
- api
Key String - Generated API Key.
- elasticsearch
Connections List<Property Map> - Elasticsearch connection configuration block.
- encoded String
- API key credentials which is the Base64-encoding of the UTF-8 representation of the id and api_key joined by a colon (:).
- expiration String
- Expiration time for the API key. By default, API keys never expire.
- expiration
Timestamp Number - Expiration time in milliseconds for the API key. By default, API keys never expire.
- key
Id String - Unique id for this API key.
- metadata String
- Arbitrary metadata that you want to associate with the API key.
- name String
- Specifies the name for this API key.
- role
Descriptors String - Role descriptors for this API key.
Supporting Types
ElasticsearchSecurityApiKeyElasticsearchConnection, ElasticsearchSecurityApiKeyElasticsearchConnectionArgs
- Api
Key string - API Key to use for authentication to Elasticsearch
- Bearer
Token string - Bearer Token to use for authentication to Elasticsearch
- Ca
Data string - PEM-encoded custom Certificate Authority certificate
- Ca
File string - Path to a custom Certificate Authority certificate
- Cert
Data string - PEM encoded certificate for client auth
- Cert
File string - Path to a file containing the PEM encoded certificate for client auth
- Endpoints List<string>
- Es
Client stringAuthentication - ES Client Authentication field to be used with the JWT token
- Insecure bool
- Disable TLS certificate validation
- Key
Data string - PEM encoded private key for client auth
- Key
File string - Path to a file containing the PEM encoded private key for client auth
- Password string
- Password to use for API authentication to Elasticsearch.
- Username string
- Username to use for API authentication to Elasticsearch.
- Api
Key string - API Key to use for authentication to Elasticsearch
- Bearer
Token string - Bearer Token to use for authentication to Elasticsearch
- Ca
Data string - PEM-encoded custom Certificate Authority certificate
- Ca
File string - Path to a custom Certificate Authority certificate
- Cert
Data string - PEM encoded certificate for client auth
- Cert
File string - Path to a file containing the PEM encoded certificate for client auth
- Endpoints []string
- Es
Client stringAuthentication - ES Client Authentication field to be used with the JWT token
- Insecure bool
- Disable TLS certificate validation
- Key
Data string - PEM encoded private key for client auth
- Key
File string - Path to a file containing the PEM encoded private key for client auth
- Password string
- Password to use for API authentication to Elasticsearch.
- Username string
- Username to use for API authentication to Elasticsearch.
- api
Key String - API Key to use for authentication to Elasticsearch
- bearer
Token String - Bearer Token to use for authentication to Elasticsearch
- ca
Data String - PEM-encoded custom Certificate Authority certificate
- ca
File String - Path to a custom Certificate Authority certificate
- cert
Data String - PEM encoded certificate for client auth
- cert
File String - Path to a file containing the PEM encoded certificate for client auth
- endpoints List<String>
- es
Client StringAuthentication - ES Client Authentication field to be used with the JWT token
- insecure Boolean
- Disable TLS certificate validation
- key
Data String - PEM encoded private key for client auth
- key
File String - Path to a file containing the PEM encoded private key for client auth
- password String
- Password to use for API authentication to Elasticsearch.
- username String
- Username to use for API authentication to Elasticsearch.
- api
Key string - API Key to use for authentication to Elasticsearch
- bearer
Token string - Bearer Token to use for authentication to Elasticsearch
- ca
Data string - PEM-encoded custom Certificate Authority certificate
- ca
File string - Path to a custom Certificate Authority certificate
- cert
Data string - PEM encoded certificate for client auth
- cert
File string - Path to a file containing the PEM encoded certificate for client auth
- endpoints string[]
- es
Client stringAuthentication - ES Client Authentication field to be used with the JWT token
- insecure boolean
- Disable TLS certificate validation
- key
Data string - PEM encoded private key for client auth
- key
File string - Path to a file containing the PEM encoded private key for client auth
- password string
- Password to use for API authentication to Elasticsearch.
- username string
- Username to use for API authentication to Elasticsearch.
- api_
key str - API Key to use for authentication to Elasticsearch
- bearer_
token str - Bearer Token to use for authentication to Elasticsearch
- ca_
data str - PEM-encoded custom Certificate Authority certificate
- ca_
file str - Path to a custom Certificate Authority certificate
- cert_
data str - PEM encoded certificate for client auth
- cert_
file str - Path to a file containing the PEM encoded certificate for client auth
- endpoints Sequence[str]
- es_
client_ strauthentication - ES Client Authentication field to be used with the JWT token
- insecure bool
- Disable TLS certificate validation
- key_
data str - PEM encoded private key for client auth
- key_
file str - Path to a file containing the PEM encoded private key for client auth
- password str
- Password to use for API authentication to Elasticsearch.
- username str
- Username to use for API authentication to Elasticsearch.
- api
Key String - API Key to use for authentication to Elasticsearch
- bearer
Token String - Bearer Token to use for authentication to Elasticsearch
- ca
Data String - PEM-encoded custom Certificate Authority certificate
- ca
File String - Path to a custom Certificate Authority certificate
- cert
Data String - PEM encoded certificate for client auth
- cert
File String - Path to a file containing the PEM encoded certificate for client auth
- endpoints List<String>
- es
Client StringAuthentication - ES Client Authentication field to be used with the JWT token
- insecure Boolean
- Disable TLS certificate validation
- key
Data String - PEM encoded private key for client auth
- key
File String - Path to a file containing the PEM encoded private key for client auth
- password String
- Password to use for API authentication to Elasticsearch.
- username String
- Username to use for API authentication to Elasticsearch.
Import
Import is not supported due to the generated API key only being visible on create.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- elasticstack elastic/terraform-provider-elasticstack
- License
- Notes
- This Pulumi package is based on the
elasticstackTerraform Provider.
elasticstack 0.11.15 published on Wednesday, Apr 23, 2025 by elastic