Get service account credentials Generally available; Added in 7.13.0

GET /_security/service/{namespace}/{service}/credential
Api key auth Basic auth Bearer auth

To use this API, you must have at least the read_security cluster privilege (or a greater privilege such as manage_service_account or manage_security).

The response includes service account tokens that were created with the create service account tokens API as well as file-backed tokens from all nodes of the cluster.

NOTE: For tokens backed by the service_tokens file, the API collects them from all nodes of the cluster. Tokens with the same name from different nodes are assumed to be the same token and are only counted once towards the total number of service tokens.

Required authorization

  • Cluster privileges: read_security
External documentation

Path parameters

  • namespace string Required

    The name of the namespace.

  • service string Required

    The service name.

Responses

  • 200 application/json
    Hide response attributes Show response attributes object
    • service_account string Required
    • count number Required
    • tokens object Required
      Hide tokens attribute Show tokens attribute object
      • * object
        Hide * attribute Show * attribute object
        • * object Additional properties
    • nodes_credentials object Required
      Hide nodes_credentials attributes Show nodes_credentials attributes object
      • _nodes object Required

        Contains statistics about the number of nodes selected by the request.

        Hide _nodes attributes Show _nodes attributes object
        • failures array[object]

          Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.

          Hide failures attributes Show failures attributes object
          • type string Required

            The type of error

          • reason string | null

            A human-readable explanation of the error, in English.

            One of:
            string-1 string string-2 string | null
          • stack_trace string

            The server stack trace. Present only if the error_trace=true parameter was sent with the request.

          • caused_by object

            Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.

          • root_cause array[object]

            Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.

            Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.

          • suppressed array[object]

            Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.

            Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.

        • total number Required

          Total number of nodes selected by the request.

        • successful number Required

          Number of nodes that responded successfully to the request.

        • failed number Required

          Number of nodes that rejected the request or failed to respond. If this value is not 0, a reason for the rejection or failure is included in the response.

      • file_tokens object Required

        File-backed tokens collected from all nodes

        Hide file_tokens attribute Show file_tokens attribute object
        • * object Additional properties
          Hide * attribute Show * attribute object
          • nodes array[string] Required
GET /_security/service/{namespace}/{service}/credential 
GET /_security/service/elastic/fleet-server/credential

resp = client.security.get_service_credentials(
    namespace="elastic",
    service="fleet-server",
)
const response = await client.security.getServiceCredentials({
  namespace: "elastic",
  service: "fleet-server",
});
response = client.security.get_service_credentials(
  namespace: "elastic",
  service: "fleet-server"
)
$resp = $client->security()->getServiceCredentials([
    "namespace" => "elastic",
    "service" => "fleet-server",
]);
curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" "$ELASTICSEARCH_URL/_security/service/elastic/fleet-server/credential"
Response examples (200)
A successful response from `GET /_security/service/elastic/fleet-server/credential`. The response contains all credentials for the `elastic/fleet-server` service account. 
{
  "service_account": "elastic/fleet-server",
  "count": 3,
  "tokens": {
    "token1": {},        
    "token42": {}        
  },
  "nodes_credentials": { 
    "_nodes": {          
      "total": 3,
      "successful": 3,
      "failed": 0
    },
    "file_tokens": {      
      "my-token": {
        "nodes": [ "node0", "node1" ] 
      }
    }
  }
}