You are viewing docs on Elastic's new documentation system, currently in technical preview. For all other Elastic docs, visit elastic.co/guide.

Keep APM data secure

Make sure APM data is sent to Elastic securely and sensitive data is protected.

Required role

The Editor role or higher is required to create and manage API keys. To learn more, refer to Assign user roles and privileges.

When setting up Elastic APM, it's essential to ensure that the data collected by APM agents is sent to Elastic securely and that sensitive data is protected.

Secure communication with APM agents

Communication between APM agents and the managed intake service is both encrypted and authenticated. Requests without a valid API key will be denied.

Create a new API key

To create a new API key:

  1. In your Observability project, go to any Applications page.
  2. Click Settings.
  3. Select the APM agent keys tab.
  4. Click Create APM agent key.
  5. Name the key and assign privileges to it.
  6. Click Create APM agent key.
  7. Copy the key now. You will not be able to see it again. API keys do not expire.

Delete an API key

To delete an API key:

  1. From any of the Application pages, click Settings.
  2. Select the APM agent keys tab.
  3. Search for the API key you want to delete.
  4. Click the trash can icon to delete the selected API key.

View existing API keys

To view all API keys for your project:

  1. Expand Project settings.
  2. Select Management.
  3. Select API keys.

Data security

When setting up Elastic APM, it's essential to review all captured data carefully to ensure it doesn't contain sensitive information like passwords, credit card numbers, or health data.

Some APM agents offer a way to manipulate or drop APM events before they leave your services. Refer to the relevant agent's documentation for more information and examples:

Java

include_process_args: Remove process arguments from transactions. This option is disabled by default. Read more in the Java agent configuration docs.

.NET

Filter API: Drop APM events before they are sent to Elastic. Read more in the .NET agent Filter API docs.

Node.js

Python

Custom processors: Drop APM events before they are sent to Elastic. Read more in the Python agent Custom processors docs.

Ruby

add_filter(): Drop APM events before they are sent to Elastic. Read more in the Ruby agent API docs.

On this page