Ability to clone granted API keys #59304
Labels
>enhancement
:Security/Authentication
Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)
Team:Security
Meta label for security team
Comments
mikecote
added
>enhancement
:Security/Authentication
|
Pinging @elastic/es-security (:Security/Authentication) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The grant API key API works for scenarios that have a user’s password or access token. This is ideal for Kibana alerting which grants API keys on behalf of other users.
However once an API key is granted, it can’t be cloned or used to grant another API key because the API doesn’t support a
grant_typeof API key.Would it be possible to allow the cloning or granting of API keys from an API key that has already been granted?
The Kibana alerting team is experiencing issues with managing these keys when it comes to invalidating them after granting a new API key. The invalidation process in Kibana doesn’t consider if a one-off task is currently running and depends on the key. A feature like this would allow us to create a new key for each one-off task that is running and invalidate it immediately after the task is completed.
The text was updated successfully, but these errors were encountered: