Get service accounts APIedit
Retrieves information about service accounts.
Currently, only the elastic/fleet-server
service account is available.
Requestedit
GET /_security/service
GET /_security/service/<namespace>
GET /_security/service/<namespace>/<service>
Prerequisitesedit
-
To use this API, you must have at least the
manage_service_account
cluster privilege.
Descriptionedit
This API returns a list of service accounts that match the provided path parameter(s).
Path parametersedit
-
namespace
-
(Optional, string) Name of the namespace. Omit this parameter to retrieve information about all service accounts. If you omit this parameter, you must also omit the
service
parameter. -
service
-
(Optional, string) Name of the service name. Omit this parameter to
retrieve information about all service accounts that belong to the specified
namespace
.
Response bodyedit
A successful call returns a JSON object of service accounts. The API returns an empty object if no service account is found.
Examplesedit
To following request retrieves a service account for the elastic/fleet-server
service account:
GET /_security/service/elastic/fleet-server
{ "elastic/fleet-server": { "role_descriptor": { "cluster": [ "monitor", "manage_own_api_key", "read_fleet_secrets" ], "indices": [ { "names": [ "logs-*", "metrics-*", "traces-*", ".logs-endpoint.diagnostic.collection-*", ".logs-endpoint.action.responses-*", ".logs-endpoint.heartbeat-*" ], "privileges": [ "write", "create_index", "auto_configure" ], "allow_restricted_indices": false }, { "names": [ "profiling-*" ], "privileges": [ "read", "write", "auto_configure" ], "allow_restricted_indices": false }, { "names": [ "traces-apm.sampled-*" ], "privileges": [ "read", "monitor", "maintenance" ], "allow_restricted_indices": false }, { "names": [ ".fleet-secrets*" ], "privileges": [ "read" ], "allow_restricted_indices": true }, { "names": [ ".fleet-actions*" ], "privileges": [ "read", "write", "monitor", "create_index", "auto_configure", "maintenance" ], "allow_restricted_indices": true }, { "names": [ ".fleet-agents*" ], "privileges": [ "read", "write", "monitor", "create_index", "auto_configure", "maintenance" ], "allow_restricted_indices": true }, { "names": [ ".fleet-artifacts*" ], "privileges": [ "read", "write", "monitor", "create_index", "auto_configure", "maintenance" ], "allow_restricted_indices": true }, { "names": [ ".fleet-enrollment-api-keys*" ], "privileges": [ "read", "write", "monitor", "create_index", "auto_configure", "maintenance" ], "allow_restricted_indices": true }, { "names": [ ".fleet-policies*" ], "privileges": [ "read", "write", "monitor", "create_index", "auto_configure", "maintenance" ], "allow_restricted_indices": true }, { "names": [ ".fleet-policies-leader*" ], "privileges": [ "read", "write", "monitor", "create_index", "auto_configure", "maintenance" ], "allow_restricted_indices": true }, { "names": [ ".fleet-servers*" ], "privileges": [ "read", "write", "monitor", "create_index", "auto_configure", "maintenance" ], "allow_restricted_indices": true }, { "names": [ ".fleet-fileds*" ], "privileges": [ "read", "write", "monitor", "create_index", "auto_configure", "maintenance" ], "allow_restricted_indices": true }, { "names": [ "synthetics-*" ], "privileges": [ "read", "write", "create_index", "auto_configure" ], "allow_restricted_indices": false } ], "applications": [ { "application": "kibana-*", "privileges": [ "reserved_fleet-setup" ], "resources": [ "*" ] } ], "run_as": [], "metadata": {}, "transient_metadata": { "enabled": true } } } }
Omit the namespace
and service
to retrieve all service accounts:
GET /_security/service