elasticstack 0.12.1 published on Thursday, Oct 23, 2025 by elastic
elasticstack.ElasticsearchSecurityApiKey
Start a Neo task
Explain and create an elasticstack.ElasticsearchSecurityApiKey resource
elasticstack 0.12.1 published on Thursday, Oct 23, 2025 by elastic
Creates an API key for access without requiring basic authentication. Supports both regular API keys and cross-cluster API keys. See the security API create API key documentation and create cross-cluster API key documentation for more details.
Example Usage
Example coming soon!
Example coming soon!
Example coming soon!
Example coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.elasticstack.ElasticsearchSecurityApiKey;
import com.pulumi.elasticstack.ElasticsearchSecurityApiKeyArgs;
import com.pulumi.elasticstack.inputs.ElasticsearchSecurityApiKeyAccessArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var apiKeyElasticsearchSecurityApiKey = new ElasticsearchSecurityApiKey("apiKeyElasticsearchSecurityApiKey", ElasticsearchSecurityApiKeyArgs.builder()
.roleDescriptors(serializeJson(
jsonObject(
jsonProperty("role-a", jsonObject(
jsonProperty("cluster", jsonArray("all")),
jsonProperty("indices", jsonArray(jsonObject(
jsonProperty("names", jsonArray("index-a*")),
jsonProperty("privileges", jsonArray("read"))
)))
))
)))
.expiration("1d")
.metadata(serializeJson(
jsonObject(
jsonProperty("env", "testing"),
jsonProperty("open", false),
jsonProperty("number", 49)
)))
.build());
// restriction on a role descriptor for an API key is supported since Elastic 8.9
var apiKeyWithRestriction = new ElasticsearchSecurityApiKey("apiKeyWithRestriction", ElasticsearchSecurityApiKeyArgs.builder()
.roleDescriptors(serializeJson(
jsonObject(
jsonProperty("role-a", jsonObject(
jsonProperty("cluster", jsonArray("all")),
jsonProperty("indices", jsonArray(jsonObject(
jsonProperty("names", jsonArray("index-a*")),
jsonProperty("privileges", jsonArray("read"))
))),
jsonProperty("restriction", jsonObject(
jsonProperty("workflows", jsonArray("search_application_query"))
))
))
)))
.expiration("1d")
.metadata(serializeJson(
jsonObject(
jsonProperty("env", "testing"),
jsonProperty("open", false),
jsonProperty("number", 49)
)))
.build());
ctx.export("apiKey", apiKeyElasticsearchSecurityApiKey);
// Example: Cross-cluster API key
var crossClusterKey = new ElasticsearchSecurityApiKey("crossClusterKey", ElasticsearchSecurityApiKeyArgs.builder()
.type("cross_cluster")
.access(ElasticsearchSecurityApiKeyAccessArgs.builder()
.replication(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.build())
.expiration("30d")
.metadata(serializeJson(
jsonObject(
jsonProperty("description", "Cross-cluster key for production environment"),
jsonProperty("environment", "production"),
jsonProperty("team", "platform")
)))
.build());
ctx.export("crossClusterApiKey", crossClusterKey);
}
}
resources:
apiKeyElasticsearchSecurityApiKey:
type: elasticstack:ElasticsearchSecurityApiKey
properties:
# Set the role descriptors
roleDescriptors:
fn::toJSON:
role-a:
cluster:
- all
indices:
- names:
- index-a*
privileges:
- read
# Set the expiration for the API key
expiration: 1d
# Set the custom metadata for this user
metadata:
fn::toJSON:
env: testing
open: false
number: 49
# restriction on a role descriptor for an API key is supported since Elastic 8.9
apiKeyWithRestriction:
type: elasticstack:ElasticsearchSecurityApiKey
properties:
# Set the role descriptors
roleDescriptors:
fn::toJSON:
role-a:
cluster:
- all
indices:
- names:
- index-a*
privileges:
- read
restriction:
workflows:
- search_application_query
# Set the expiration for the API key
expiration: 1d
# Set the custom metadata for this user
metadata:
fn::toJSON:
env: testing
open: false
number: 49
# Example: Cross-cluster API key
crossClusterKey:
type: elasticstack:ElasticsearchSecurityApiKey
properties:
type: cross_cluster
# Define access permissions for cross-cluster operations
access:
replication:
- names:
- archive-*
# Set the expiration for the API key
expiration: 30d
# Set arbitrary metadata
metadata:
fn::toJSON:
description: Cross-cluster key for production environment
environment: production
team: platform
outputs:
apiKey: ${apiKeyElasticsearchSecurityApiKey}
crossClusterApiKey: ${crossClusterKey}
Create ElasticsearchSecurityApiKey Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ElasticsearchSecurityApiKey(name: string, args?: ElasticsearchSecurityApiKeyArgs, opts?: CustomResourceOptions);@overload
def ElasticsearchSecurityApiKey(resource_name: str,
args: Optional[ElasticsearchSecurityApiKeyArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def ElasticsearchSecurityApiKey(resource_name: str,
opts: Optional[ResourceOptions] = None,
access: Optional[ElasticsearchSecurityApiKeyAccessArgs] = None,
elasticsearch_connections: Optional[Sequence[ElasticsearchSecurityApiKeyElasticsearchConnectionArgs]] = None,
expiration: Optional[str] = None,
metadata: Optional[str] = None,
name: Optional[str] = None,
role_descriptors: Optional[str] = None,
type: Optional[str] = None)func NewElasticsearchSecurityApiKey(ctx *Context, name string, args *ElasticsearchSecurityApiKeyArgs, opts ...ResourceOption) (*ElasticsearchSecurityApiKey, error)public ElasticsearchSecurityApiKey(string name, ElasticsearchSecurityApiKeyArgs? args = null, CustomResourceOptions? opts = null)
public ElasticsearchSecurityApiKey(String name, ElasticsearchSecurityApiKeyArgs args)
public ElasticsearchSecurityApiKey(String name, ElasticsearchSecurityApiKeyArgs args, CustomResourceOptions options)
type: elasticstack:ElasticsearchSecurityApiKey
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ElasticsearchSecurityApiKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ElasticsearchSecurityApiKeyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ElasticsearchSecurityApiKeyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ElasticsearchSecurityApiKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ElasticsearchSecurityApiKeyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var elasticsearchSecurityApiKeyResource = new Elasticstack.ElasticsearchSecurityApiKey("elasticsearchSecurityApiKeyResource", new()
{
Access = new Elasticstack.Inputs.ElasticsearchSecurityApiKeyAccessArgs
{
Replications = new[]
{
new Elasticstack.Inputs.ElasticsearchSecurityApiKeyAccessReplicationArgs
{
Names = new[]
{
"string",
},
},
},
Searches = new[]
{
new Elasticstack.Inputs.ElasticsearchSecurityApiKeyAccessSearchArgs
{
Names = new[]
{
"string",
},
AllowRestrictedIndices = false,
FieldSecurity = "string",
Query = "string",
},
},
},
Expiration = "string",
Metadata = "string",
Name = "string",
RoleDescriptors = "string",
Type = "string",
});
example, err := elasticstack.NewElasticsearchSecurityApiKey(ctx, "elasticsearchSecurityApiKeyResource", &elasticstack.ElasticsearchSecurityApiKeyArgs{
Access: &elasticstack.ElasticsearchSecurityApiKeyAccessArgs{
Replications: elasticstack.ElasticsearchSecurityApiKeyAccessReplicationArray{
&elasticstack.ElasticsearchSecurityApiKeyAccessReplicationArgs{
Names: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Searches: elasticstack.ElasticsearchSecurityApiKeyAccessSearchArray{
&elasticstack.ElasticsearchSecurityApiKeyAccessSearchArgs{
Names: pulumi.StringArray{
pulumi.String("string"),
},
AllowRestrictedIndices: pulumi.Bool(false),
FieldSecurity: pulumi.String("string"),
Query: pulumi.String("string"),
},
},
},
Expiration: pulumi.String("string"),
Metadata: pulumi.String("string"),
Name: pulumi.String("string"),
RoleDescriptors: pulumi.String("string"),
Type: pulumi.String("string"),
})
var elasticsearchSecurityApiKeyResource = new ElasticsearchSecurityApiKey("elasticsearchSecurityApiKeyResource", ElasticsearchSecurityApiKeyArgs.builder()
.access(ElasticsearchSecurityApiKeyAccessArgs.builder()
.replications(ElasticsearchSecurityApiKeyAccessReplicationArgs.builder()
.names("string")
.build())
.searches(ElasticsearchSecurityApiKeyAccessSearchArgs.builder()
.names("string")
.allowRestrictedIndices(false)
.fieldSecurity("string")
.query("string")
.build())
.build())
.expiration("string")
.metadata("string")
.name("string")
.roleDescriptors("string")
.type("string")
.build());
elasticsearch_security_api_key_resource = elasticstack.ElasticsearchSecurityApiKey("elasticsearchSecurityApiKeyResource",
access={
"replications": [{
"names": ["string"],
}],
"searches": [{
"names": ["string"],
"allow_restricted_indices": False,
"field_security": "string",
"query": "string",
}],
},
expiration="string",
metadata="string",
name="string",
role_descriptors="string",
type="string")
const elasticsearchSecurityApiKeyResource = new elasticstack.ElasticsearchSecurityApiKey("elasticsearchSecurityApiKeyResource", {
access: {
replications: [{
names: ["string"],
}],
searches: [{
names: ["string"],
allowRestrictedIndices: false,
fieldSecurity: "string",
query: "string",
}],
},
expiration: "string",
metadata: "string",
name: "string",
roleDescriptors: "string",
type: "string",
});
type: elasticstack:ElasticsearchSecurityApiKey
properties:
access:
replications:
- names:
- string
searches:
- allowRestrictedIndices: false
fieldSecurity: string
names:
- string
query: string
expiration: string
metadata: string
name: string
roleDescriptors: string
type: string
ElasticsearchSecurityApiKey Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ElasticsearchSecurityApiKey resource accepts the following input properties:
- Access
Elasticsearch
Security Api Key Access - Access configuration for cross-cluster API keys. Only applicable when type is 'cross_cluster'.
- Elasticsearch
Connections List<ElasticsearchSecurity Api Key Elasticsearch Connection> - Elasticsearch connection configuration block.
- Expiration string
- Expiration time for the API key. By default, API keys never expire.
- Metadata string
- Arbitrary metadata that you want to associate with the API key.
- Name string
- Specifies the name for this API key.
- Role
Descriptors string - Role descriptors for this API key.
- Type string
- The type of API key. Valid values are 'rest' (default) and 'cross_cluster'. Cross-cluster API keys are used for cross-cluster search and replication.
- Access
Elasticsearch
Security Api Key Access Args - Access configuration for cross-cluster API keys. Only applicable when type is 'cross_cluster'.
- Elasticsearch
Connections []ElasticsearchSecurity Api Key Elasticsearch Connection Args - Elasticsearch connection configuration block.
- Expiration string
- Expiration time for the API key. By default, API keys never expire.
- Metadata string
- Arbitrary metadata that you want to associate with the API key.
- Name string
- Specifies the name for this API key.
- Role
Descriptors string - Role descriptors for this API key.
- Type string
- The type of API key. Valid values are 'rest' (default) and 'cross_cluster'. Cross-cluster API keys are used for cross-cluster search and replication.
- access
Elasticsearch
Security Api Key Access - Access configuration for cross-cluster API keys. Only applicable when type is 'cross_cluster'.
- elasticsearch
Connections List<ElasticsearchSecurity Api Key Elasticsearch Connection> - Elasticsearch connection configuration block.
- expiration String
- Expiration time for the API key. By default, API keys never expire.
- metadata String
- Arbitrary metadata that you want to associate with the API key.
- name String
- Specifies the name for this API key.
- role
Descriptors String - Role descriptors for this API key.
- type String
- The type of API key. Valid values are 'rest' (default) and 'cross_cluster'. Cross-cluster API keys are used for cross-cluster search and replication.
- access
Elasticsearch
Security Api Key Access - Access configuration for cross-cluster API keys. Only applicable when type is 'cross_cluster'.
- elasticsearch
Connections ElasticsearchSecurity Api Key Elasticsearch Connection[] - Elasticsearch connection configuration block.
- expiration string
- Expiration time for the API key. By default, API keys never expire.
- metadata string
- Arbitrary metadata that you want to associate with the API key.
- name string
- Specifies the name for this API key.
- role
Descriptors string - Role descriptors for this API key.
- type string
- The type of API key. Valid values are 'rest' (default) and 'cross_cluster'. Cross-cluster API keys are used for cross-cluster search and replication.
- access
Elasticsearch
Security Api Key Access Args - Access configuration for cross-cluster API keys. Only applicable when type is 'cross_cluster'.
- elasticsearch_
connections Sequence[ElasticsearchSecurity Api Key Elasticsearch Connection Args] - Elasticsearch connection configuration block.
- expiration str
- Expiration time for the API key. By default, API keys never expire.
- metadata str
- Arbitrary metadata that you want to associate with the API key.
- name str
- Specifies the name for this API key.
- role_
descriptors str - Role descriptors for this API key.
- type str
- The type of API key. Valid values are 'rest' (default) and 'cross_cluster'. Cross-cluster API keys are used for cross-cluster search and replication.
- access Property Map
- Access configuration for cross-cluster API keys. Only applicable when type is 'cross_cluster'.
- elasticsearch
Connections List<Property Map> - Elasticsearch connection configuration block.
- expiration String
- Expiration time for the API key. By default, API keys never expire.
- metadata String
- Arbitrary metadata that you want to associate with the API key.
- name String
- Specifies the name for this API key.
- role
Descriptors String - Role descriptors for this API key.
- type String
- The type of API key. Valid values are 'rest' (default) and 'cross_cluster'. Cross-cluster API keys are used for cross-cluster search and replication.
Outputs
All input properties are implicitly available as output properties. Additionally, the ElasticsearchSecurityApiKey resource produces the following output properties:
- Api
Key string - Generated API Key.
- Encoded string
- API key credentials which is the Base64-encoding of the UTF-8 representation of the id and api_key joined by a colon (:).
- Expiration
Timestamp double - Expiration time in milliseconds for the API key. By default, API keys never expire.
- Id string
- The provider-assigned unique ID for this managed resource.
- Key
Id string - Unique id for this API key.
- Api
Key string - Generated API Key.
- Encoded string
- API key credentials which is the Base64-encoding of the UTF-8 representation of the id and api_key joined by a colon (:).
- Expiration
Timestamp float64 - Expiration time in milliseconds for the API key. By default, API keys never expire.
- Id string
- The provider-assigned unique ID for this managed resource.
- Key
Id string - Unique id for this API key.
- api
Key String - Generated API Key.
- encoded String
- API key credentials which is the Base64-encoding of the UTF-8 representation of the id and api_key joined by a colon (:).
- expiration
Timestamp Double - Expiration time in milliseconds for the API key. By default, API keys never expire.
- id String
- The provider-assigned unique ID for this managed resource.
- key
Id String - Unique id for this API key.
- api
Key string - Generated API Key.
- encoded string
- API key credentials which is the Base64-encoding of the UTF-8 representation of the id and api_key joined by a colon (:).
- expiration
Timestamp number - Expiration time in milliseconds for the API key. By default, API keys never expire.
- id string
- The provider-assigned unique ID for this managed resource.
- key
Id string - Unique id for this API key.
- api_
key str - Generated API Key.
- encoded str
- API key credentials which is the Base64-encoding of the UTF-8 representation of the id and api_key joined by a colon (:).
- expiration_
timestamp float - Expiration time in milliseconds for the API key. By default, API keys never expire.
- id str
- The provider-assigned unique ID for this managed resource.
- key_
id str - Unique id for this API key.
- api
Key String - Generated API Key.
- encoded String
- API key credentials which is the Base64-encoding of the UTF-8 representation of the id and api_key joined by a colon (:).
- expiration
Timestamp Number - Expiration time in milliseconds for the API key. By default, API keys never expire.
- id String
- The provider-assigned unique ID for this managed resource.
- key
Id String - Unique id for this API key.
Look up Existing ElasticsearchSecurityApiKey Resource
Get an existing ElasticsearchSecurityApiKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ElasticsearchSecurityApiKeyState, opts?: CustomResourceOptions): ElasticsearchSecurityApiKey@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access: Optional[ElasticsearchSecurityApiKeyAccessArgs] = None,
api_key: Optional[str] = None,
elasticsearch_connections: Optional[Sequence[ElasticsearchSecurityApiKeyElasticsearchConnectionArgs]] = None,
encoded: Optional[str] = None,
expiration: Optional[str] = None,
expiration_timestamp: Optional[float] = None,
key_id: Optional[str] = None,
metadata: Optional[str] = None,
name: Optional[str] = None,
role_descriptors: Optional[str] = None,
type: Optional[str] = None) -> ElasticsearchSecurityApiKeyfunc GetElasticsearchSecurityApiKey(ctx *Context, name string, id IDInput, state *ElasticsearchSecurityApiKeyState, opts ...ResourceOption) (*ElasticsearchSecurityApiKey, error)public static ElasticsearchSecurityApiKey Get(string name, Input<string> id, ElasticsearchSecurityApiKeyState? state, CustomResourceOptions? opts = null)public static ElasticsearchSecurityApiKey get(String name, Output<String> id, ElasticsearchSecurityApiKeyState state, CustomResourceOptions options)resources: _: type: elasticstack:ElasticsearchSecurityApiKey get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Elasticsearch
Security Api Key Access - Access configuration for cross-cluster API keys. Only applicable when type is 'cross_cluster'.
- Api
Key string - Generated API Key.
- Elasticsearch
Connections List<ElasticsearchSecurity Api Key Elasticsearch Connection> - Elasticsearch connection configuration block.
- Encoded string
- API key credentials which is the Base64-encoding of the UTF-8 representation of the id and api_key joined by a colon (:).
- Expiration string
- Expiration time for the API key. By default, API keys never expire.
- Expiration
Timestamp double - Expiration time in milliseconds for the API key. By default, API keys never expire.
- Key
Id string - Unique id for this API key.
- Metadata string
- Arbitrary metadata that you want to associate with the API key.
- Name string
- Specifies the name for this API key.
- Role
Descriptors string - Role descriptors for this API key.
- Type string
- The type of API key. Valid values are 'rest' (default) and 'cross_cluster'. Cross-cluster API keys are used for cross-cluster search and replication.
- Access
Elasticsearch
Security Api Key Access Args - Access configuration for cross-cluster API keys. Only applicable when type is 'cross_cluster'.
- Api
Key string - Generated API Key.
- Elasticsearch
Connections []ElasticsearchSecurity Api Key Elasticsearch Connection Args - Elasticsearch connection configuration block.
- Encoded string
- API key credentials which is the Base64-encoding of the UTF-8 representation of the id and api_key joined by a colon (:).
- Expiration string
- Expiration time for the API key. By default, API keys never expire.
- Expiration
Timestamp float64 - Expiration time in milliseconds for the API key. By default, API keys never expire.
- Key
Id string - Unique id for this API key.
- Metadata string
- Arbitrary metadata that you want to associate with the API key.
- Name string
- Specifies the name for this API key.
- Role
Descriptors string - Role descriptors for this API key.
- Type string
- The type of API key. Valid values are 'rest' (default) and 'cross_cluster'. Cross-cluster API keys are used for cross-cluster search and replication.
- access
Elasticsearch
Security Api Key Access - Access configuration for cross-cluster API keys. Only applicable when type is 'cross_cluster'.
- api
Key String - Generated API Key.
- elasticsearch
Connections List<ElasticsearchSecurity Api Key Elasticsearch Connection> - Elasticsearch connection configuration block.
- encoded String
- API key credentials which is the Base64-encoding of the UTF-8 representation of the id and api_key joined by a colon (:).
- expiration String
- Expiration time for the API key. By default, API keys never expire.
- expiration
Timestamp Double - Expiration time in milliseconds for the API key. By default, API keys never expire.
- key
Id String - Unique id for this API key.
- metadata String
- Arbitrary metadata that you want to associate with the API key.
- name String
- Specifies the name for this API key.
- role
Descriptors String - Role descriptors for this API key.
- type String
- The type of API key. Valid values are 'rest' (default) and 'cross_cluster'. Cross-cluster API keys are used for cross-cluster search and replication.
- access
Elasticsearch
Security Api Key Access - Access configuration for cross-cluster API keys. Only applicable when type is 'cross_cluster'.
- api
Key string - Generated API Key.
- elasticsearch
Connections ElasticsearchSecurity Api Key Elasticsearch Connection[] - Elasticsearch connection configuration block.
- encoded string
- API key credentials which is the Base64-encoding of the UTF-8 representation of the id and api_key joined by a colon (:).
- expiration string
- Expiration time for the API key. By default, API keys never expire.
- expiration
Timestamp number - Expiration time in milliseconds for the API key. By default, API keys never expire.
- key
Id string - Unique id for this API key.
- metadata string
- Arbitrary metadata that you want to associate with the API key.
- name string
- Specifies the name for this API key.
- role
Descriptors string - Role descriptors for this API key.
- type string
- The type of API key. Valid values are 'rest' (default) and 'cross_cluster'. Cross-cluster API keys are used for cross-cluster search and replication.
- access
Elasticsearch
Security Api Key Access Args - Access configuration for cross-cluster API keys. Only applicable when type is 'cross_cluster'.
- api_
key str - Generated API Key.
- elasticsearch_
connections Sequence[ElasticsearchSecurity Api Key Elasticsearch Connection Args] - Elasticsearch connection configuration block.
- encoded str
- API key credentials which is the Base64-encoding of the UTF-8 representation of the id and api_key joined by a colon (:).
- expiration str
- Expiration time for the API key. By default, API keys never expire.
- expiration_
timestamp float - Expiration time in milliseconds for the API key. By default, API keys never expire.
- key_
id str - Unique id for this API key.
- metadata str
- Arbitrary metadata that you want to associate with the API key.
- name str
- Specifies the name for this API key.
- role_
descriptors str - Role descriptors for this API key.
- type str
- The type of API key. Valid values are 'rest' (default) and 'cross_cluster'. Cross-cluster API keys are used for cross-cluster search and replication.
- access Property Map
- Access configuration for cross-cluster API keys. Only applicable when type is 'cross_cluster'.
- api
Key String - Generated API Key.
- elasticsearch
Connections List<Property Map> - Elasticsearch connection configuration block.
- encoded String
- API key credentials which is the Base64-encoding of the UTF-8 representation of the id and api_key joined by a colon (:).
- expiration String
- Expiration time for the API key. By default, API keys never expire.
- expiration
Timestamp Number - Expiration time in milliseconds for the API key. By default, API keys never expire.
- key
Id String - Unique id for this API key.
- metadata String
- Arbitrary metadata that you want to associate with the API key.
- name String
- Specifies the name for this API key.
- role
Descriptors String - Role descriptors for this API key.
- type String
- The type of API key. Valid values are 'rest' (default) and 'cross_cluster'. Cross-cluster API keys are used for cross-cluster search and replication.
Supporting Types
ElasticsearchSecurityApiKeyAccess, ElasticsearchSecurityApiKeyAccessArgs
- Replications
List<Elasticsearch
Security Api Key Access Replication> - A list of replication configurations for which the cross-cluster API key will have replication privileges.
- Searches
List<Elasticsearch
Security Api Key Access Search> - A list of search configurations for which the cross-cluster API key will have search privileges.
- Replications
[]Elasticsearch
Security Api Key Access Replication - A list of replication configurations for which the cross-cluster API key will have replication privileges.
- Searches
[]Elasticsearch
Security Api Key Access Search - A list of search configurations for which the cross-cluster API key will have search privileges.
- replications
List<Elasticsearch
Security Api Key Access Replication> - A list of replication configurations for which the cross-cluster API key will have replication privileges.
- searches
List<Elasticsearch
Security Api Key Access Search> - A list of search configurations for which the cross-cluster API key will have search privileges.
- replications
Elasticsearch
Security Api Key Access Replication[] - A list of replication configurations for which the cross-cluster API key will have replication privileges.
- searches
Elasticsearch
Security Api Key Access Search[] - A list of search configurations for which the cross-cluster API key will have search privileges.
- replications
Sequence[Elasticsearch
Security Api Key Access Replication] - A list of replication configurations for which the cross-cluster API key will have replication privileges.
- searches
Sequence[Elasticsearch
Security Api Key Access Search] - A list of search configurations for which the cross-cluster API key will have search privileges.
- replications List<Property Map>
- A list of replication configurations for which the cross-cluster API key will have replication privileges.
- searches List<Property Map>
- A list of search configurations for which the cross-cluster API key will have search privileges.
ElasticsearchSecurityApiKeyAccessReplication, ElasticsearchSecurityApiKeyAccessReplicationArgs
- Names List<string>
- A list of index patterns for replication.
- Names []string
- A list of index patterns for replication.
- names List<String>
- A list of index patterns for replication.
- names string[]
- A list of index patterns for replication.
- names Sequence[str]
- A list of index patterns for replication.
- names List<String>
- A list of index patterns for replication.
ElasticsearchSecurityApiKeyAccessSearch, ElasticsearchSecurityApiKeyAccessSearchArgs
- Names List<string>
- A list of index patterns for search.
- Allow
Restricted boolIndices - Whether to allow access to restricted indices.
- Field
Security string - Field-level security configuration in JSON format.
- Query string
- Query to filter documents for search operations in JSON format.
- Names []string
- A list of index patterns for search.
- Allow
Restricted boolIndices - Whether to allow access to restricted indices.
- Field
Security string - Field-level security configuration in JSON format.
- Query string
- Query to filter documents for search operations in JSON format.
- names List<String>
- A list of index patterns for search.
- allow
Restricted BooleanIndices - Whether to allow access to restricted indices.
- field
Security String - Field-level security configuration in JSON format.
- query String
- Query to filter documents for search operations in JSON format.
- names string[]
- A list of index patterns for search.
- allow
Restricted booleanIndices - Whether to allow access to restricted indices.
- field
Security string - Field-level security configuration in JSON format.
- query string
- Query to filter documents for search operations in JSON format.
- names Sequence[str]
- A list of index patterns for search.
- allow_
restricted_ boolindices - Whether to allow access to restricted indices.
- field_
security str - Field-level security configuration in JSON format.
- query str
- Query to filter documents for search operations in JSON format.
- names List<String>
- A list of index patterns for search.
- allow
Restricted BooleanIndices - Whether to allow access to restricted indices.
- field
Security String - Field-level security configuration in JSON format.
- query String
- Query to filter documents for search operations in JSON format.
ElasticsearchSecurityApiKeyElasticsearchConnection, ElasticsearchSecurityApiKeyElasticsearchConnectionArgs
- Api
Key string - API Key to use for authentication to Elasticsearch
- Bearer
Token string - Bearer Token to use for authentication to Elasticsearch
- Ca
Data string - PEM-encoded custom Certificate Authority certificate
- Ca
File string - Path to a custom Certificate Authority certificate
- Cert
Data string - PEM encoded certificate for client auth
- Cert
File string - Path to a file containing the PEM encoded certificate for client auth
- Endpoints List<string>
- Es
Client stringAuthentication - ES Client Authentication field to be used with the JWT token
- Headers Dictionary<string, string>
- A list of headers to be sent with each request to Elasticsearch.
- Insecure bool
- Disable TLS certificate validation
- Key
Data string - PEM encoded private key for client auth
- Key
File string - Path to a file containing the PEM encoded private key for client auth
- Password string
- Password to use for API authentication to Elasticsearch.
- Username string
- Username to use for API authentication to Elasticsearch.
- Api
Key string - API Key to use for authentication to Elasticsearch
- Bearer
Token string - Bearer Token to use for authentication to Elasticsearch
- Ca
Data string - PEM-encoded custom Certificate Authority certificate
- Ca
File string - Path to a custom Certificate Authority certificate
- Cert
Data string - PEM encoded certificate for client auth
- Cert
File string - Path to a file containing the PEM encoded certificate for client auth
- Endpoints []string
- Es
Client stringAuthentication - ES Client Authentication field to be used with the JWT token
- Headers map[string]string
- A list of headers to be sent with each request to Elasticsearch.
- Insecure bool
- Disable TLS certificate validation
- Key
Data string - PEM encoded private key for client auth
- Key
File string - Path to a file containing the PEM encoded private key for client auth
- Password string
- Password to use for API authentication to Elasticsearch.
- Username string
- Username to use for API authentication to Elasticsearch.
- api
Key String - API Key to use for authentication to Elasticsearch
- bearer
Token String - Bearer Token to use for authentication to Elasticsearch
- ca
Data String - PEM-encoded custom Certificate Authority certificate
- ca
File String - Path to a custom Certificate Authority certificate
- cert
Data String - PEM encoded certificate for client auth
- cert
File String - Path to a file containing the PEM encoded certificate for client auth
- endpoints List<String>
- es
Client StringAuthentication - ES Client Authentication field to be used with the JWT token
- headers Map<String,String>
- A list of headers to be sent with each request to Elasticsearch.
- insecure Boolean
- Disable TLS certificate validation
- key
Data String - PEM encoded private key for client auth
- key
File String - Path to a file containing the PEM encoded private key for client auth
- password String
- Password to use for API authentication to Elasticsearch.
- username String
- Username to use for API authentication to Elasticsearch.
- api
Key string - API Key to use for authentication to Elasticsearch
- bearer
Token string - Bearer Token to use for authentication to Elasticsearch
- ca
Data string - PEM-encoded custom Certificate Authority certificate
- ca
File string - Path to a custom Certificate Authority certificate
- cert
Data string - PEM encoded certificate for client auth
- cert
File string - Path to a file containing the PEM encoded certificate for client auth
- endpoints string[]
- es
Client stringAuthentication - ES Client Authentication field to be used with the JWT token
- headers {[key: string]: string}
- A list of headers to be sent with each request to Elasticsearch.
- insecure boolean
- Disable TLS certificate validation
- key
Data string - PEM encoded private key for client auth
- key
File string - Path to a file containing the PEM encoded private key for client auth
- password string
- Password to use for API authentication to Elasticsearch.
- username string
- Username to use for API authentication to Elasticsearch.
- api_
key str - API Key to use for authentication to Elasticsearch
- bearer_
token str - Bearer Token to use for authentication to Elasticsearch
- ca_
data str - PEM-encoded custom Certificate Authority certificate
- ca_
file str - Path to a custom Certificate Authority certificate
- cert_
data str - PEM encoded certificate for client auth
- cert_
file str - Path to a file containing the PEM encoded certificate for client auth
- endpoints Sequence[str]
- es_
client_ strauthentication - ES Client Authentication field to be used with the JWT token
- headers Mapping[str, str]
- A list of headers to be sent with each request to Elasticsearch.
- insecure bool
- Disable TLS certificate validation
- key_
data str - PEM encoded private key for client auth
- key_
file str - Path to a file containing the PEM encoded private key for client auth
- password str
- Password to use for API authentication to Elasticsearch.
- username str
- Username to use for API authentication to Elasticsearch.
- api
Key String - API Key to use for authentication to Elasticsearch
- bearer
Token String - Bearer Token to use for authentication to Elasticsearch
- ca
Data String - PEM-encoded custom Certificate Authority certificate
- ca
File String - Path to a custom Certificate Authority certificate
- cert
Data String - PEM encoded certificate for client auth
- cert
File String - Path to a file containing the PEM encoded certificate for client auth
- endpoints List<String>
- es
Client StringAuthentication - ES Client Authentication field to be used with the JWT token
- headers Map<String>
- A list of headers to be sent with each request to Elasticsearch.
- insecure Boolean
- Disable TLS certificate validation
- key
Data String - PEM encoded private key for client auth
- key
File String - Path to a file containing the PEM encoded private key for client auth
- password String
- Password to use for API authentication to Elasticsearch.
- username String
- Username to use for API authentication to Elasticsearch.
Package Details
- Repository
- elasticstack elastic/terraform-provider-elasticstack
- License
- Notes
- This Pulumi package is based on the
elasticstackTerraform Provider.
elasticstack 0.12.1 published on Thursday, Oct 23, 2025 by elastic
