Back to Details

cloud-manage-project

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Manage Serverless Project

管理Serverless项目

Perform day-2 operations on Elastic Cloud Serverless projects using the Serverless REST API.
使用Serverless REST API对Elastic Cloud Serverless项目执行日常运维(Day-2)操作。

Prerequisites and permissions

前提条件与权限

  • Ensure 
    EC_API_KEY
    is configured. If not, run 
    cloud-setup
    skill first.
  • Updating project settings requires Admin or Editor role on the target project.
  • This skill does not perform a separate role pre-check. Attempt the requested operation and let the API enforce authorization. If the API returns an authorization error (for example, 
    403 Forbidden
    ), stop and ask the user to verify the provided API key permissions.
  • 确保已配置
    EC_API_KEY
    。如果未配置,请先运行
    cloud-setup
    技能。
  • 更新项目设置需要目标项目的管理员编辑者角色。
  • 本技能不会单独进行角色预检查。直接尝试请求的操作,由API强制执行授权。如果API返回授权错误(例如
    403 Forbidden
    ),请停止操作并告知用户验证其提供的API密钥权限。

Manual setup fallback (when 
cloud-setup
is unavailable)

手动设置备选方案(当
cloud-setup
不可用时)

If this skill is installed standalone and 
cloud-setup
is not available, instruct the user to configure Cloud environment variables manually before running commands. Never ask the user to paste API keys in chat.
VariableRequiredDescription
EC_API_KEY
YesElastic Cloud API key used for project management operations.
EC_BASE_URL
NoCloud API base URL (default: 
https://api.elastic-cloud.com
).
Note: If 
EC_API_KEY
is missing, or the user does not have a Cloud API key yet, direct the user to generate one at Elastic Cloud API keys, then configure it locally using the steps below.
Preferred method (agent-friendly): create a 
.env
file in the project root:
bash
EC_API_KEY=your-api-key
EC_BASE_URL=https://api.elastic-cloud.com
All 
cloud/*
scripts auto-load 
.env
from the working directory.
Alternative: export directly in the terminal:
bash
export EC_API_KEY="<your-cloud-api-key>"
export EC_BASE_URL="https://api.elastic-cloud.com"
Terminal exports may not be visible to sandboxed agents running in separate shell sessions, so prefer 
.env
when using an agent.
如果本技能是独立安装且
cloud-setup
不可用,请指导用户在运行命令前手动配置Cloud环境变量。切勿要求用户在聊天中粘贴API密钥。
变量名称是否必填说明
EC_API_KEY
用于项目管理操作的Elastic Cloud API密钥。
EC_BASE_URL
Cloud API基础URL(默认值:
https://api.elastic-cloud.com
)。
注意: 如果缺少
EC_API_KEY
,或者用户还没有Cloud API密钥,请引导用户前往Elastic Cloud API keys生成,然后按照以下步骤在本地配置。
推荐方式(适配Agent):在项目根目录创建
.env
文件:
bash
EC_API_KEY=your-api-key
EC_BASE_URL=https://api.elastic-cloud.com
所有
cloud/*
脚本会自动从工作目录加载
.env
文件。
备选方式:在终端直接导出:
bash
export EC_API_KEY="<your-cloud-api-key>"
export EC_BASE_URL="https://api.elastic-cloud.com"
终端导出的变量可能无法被运行在独立Shell会话中的沙箱Agent识别,因此使用Agent时优先选择
.env
方式。

Critical principles

核心原则

  • Never display secrets in chat. Do not echo, log, or repeat API keys, passwords, or credentials in conversation messages or agent thinking. Direct the user to the 
    .elastic-credentials
    file instead. The admin password must never appear in chat history, thinking traces, or agent output — even when using it to create an API key, pass it directly via shell variable substitution without echoing.
  • Confirm before destructive actions. Always ask the user to confirm before deleting a project or resetting credentials.
  • Credentials are saved to file. After a credential reset, the script writes the new password to 
    .elastic-credentials
    automatically. The password is redacted from stdout. Never read or display the contents of 
    .elastic-credentials
    in chat.
  • Admin credentials are for API key creation only. The 
    admin
    password saved by 
    create-project
    and 
    reset-credentials
    exists solely to bootstrap a scoped API key — never use it for direct Elasticsearch operations. 
    load-credentials
    excludes admin credentials by default; pass 
    --include-admin
    only for key creation.
  • Always prefer API keys. Do not proceed with Elasticsearch operations until an 
    ELASTICSEARCH_API_KEY
    is set. If only admin credentials are available, create a scoped API key via 
    elasticsearch-authn
    . If that skill is not installed, ask the user to install it or create the key manually in Kibana > Stack Management > API keys.
  • Identify projects by type and ID. Every command requires both 
    --type
    and 
    --id
    (except 
    list
    , which only needs 
    --type
    ).
  • Two kinds of API keys. This skill uses the Cloud API key (
    EC_API_KEY
    ) for project management operations (list, get, update, delete). Elasticsearch operations require a separate Elasticsearch API key (
    ELASTICSEARCH_API_KEY
    ) that authenticates against the project's Elasticsearch endpoint. Do not confuse the two.
  • 切勿在聊天中显示机密信息。不要在对话消息或Agent的思考过程中回显、记录或重复API密钥、密码或凭证。请引导用户查看
    .elastic-credentials
    文件。管理员密码绝对不能出现在聊天记录、思考轨迹或Agent输出中——即使在创建API密钥时使用它,也要通过Shell变量替换直接传递,切勿回显。
  • 执行破坏性操作前需确认。在删除项目或重置凭证前,务必先征得用户确认。
  • 凭证保存至文件。重置凭证后,脚本会自动将新密码写入
    .elastic-credentials
    文件。密码会在标准输出中被脱敏处理。切勿在聊天中读取或显示
    .elastic-credentials
    的内容。
  • 管理员凭证仅用于创建API密钥
    create-project
    reset-credentials
    保存的
    admin
    密码仅用于引导生成范围限定的API密钥——切勿将其用于直接的Elasticsearch操作。
    load-credentials
    默认会排除管理员凭证;仅在创建密钥时使用
    --include-admin
    参数。
  • 优先使用API密钥。在设置好
    ELASTICSEARCH_API_KEY
    前,不要进行Elasticsearch操作。如果只有管理员凭证可用,请通过
    elasticsearch-authn
    创建范围限定的API密钥。如果该技能未安装,请告知用户安装它,或在Kibana > Stack Management > API keys中手动创建密钥。
  • 通过类型和ID识别项目。除
    list
    命令仅需
    --type
    外,所有命令都需要同时指定
    --type
    --id
  • 两种不同的API密钥。本技能使用Cloud API密钥
    EC_API_KEY
    )执行项目管理操作(列出、获取、更新、删除)。Elasticsearch操作需要单独的Elasticsearch API密钥
    ELASTICSEARCH_API_KEY
    ),用于对项目的Elasticsearch端点进行身份验证。请勿混淆这两种密钥。

Workflow: Connect to an existing project

工作流:连接现有项目

Use this workflow when the user asks to query or manage a project the agent did not create in the current session. It resolves the project, saves its endpoints, and ensures working Elasticsearch credentials before proceeding.
This workflow only applies to Elastic Cloud Serverless projects. If the user's Elasticsearch instance is self-managed or Elastic Cloud Hosted, this skill does not apply — skip it and proceed with the relevant skill directly. If unsure, ask the user: "Is your Elasticsearch instance an Elastic Cloud Serverless project?"
text
Connect to Existing Project:
- [ ] Step 1: Resolve the project
- [ ] Step 2: Get project details and load credentials
- [ ] Step 3: Acquire Elasticsearch credentials
当用户要求查询或管理Agent在当前会话中未创建的项目时,使用此工作流。它会解析项目、保存其端点,并确保Elasticsearch凭证可用。
本工作流仅适用于Elastic Cloud Serverless项目。如果用户的Elasticsearch实例是自托管或Elastic Cloud托管版,本技能不适用——请跳过并直接使用相关技能。如有疑问,请询问用户:"您的Elasticsearch实例是Elastic Cloud Serverless项目吗?"
text
连接现有项目:
- [ ] 步骤1:解析项目
- [ ] 步骤2:获取项目详情并加载凭证
- [ ] 步骤3:获取Elasticsearch凭证

Step 1: Resolve the project

步骤1:解析项目

Ask the user for the project name if not already provided. Infer the project type from the user's request:
User says
--type
"search project", "elasticsearch project", vector search
elasticsearch
"observability project", "o11y", logs, metrics, traces, APM
observability
"security project", "SIEM", detections, endpoint protection
security
If the type is ambiguous, list all three types to find the project.
bash
python3 skills/cloud/manage-project/scripts/manage-project.py list \
  --type elasticsearch
Match the user's reference (name, partial name, or alias) against the list results. If multiple projects match or none match, present the candidates and ask the user to pick.
如果用户未提供项目名称,请询问用户。根据用户的请求推断项目类型:
用户表述
--type
"搜索项目"、"elasticsearch项目"、向量搜索
elasticsearch
"可观测性项目"、"o11y"、日志、指标、链路、APM
observability
"安全项目"、"SIEM"、检测、终端防护
security
如果类型不明确,请列出所有三种类型以查找项目。
bash
python3 skills/cloud/manage-project/scripts/manage-project.py list \
  --type elasticsearch
将用户提及的内容(名称、部分名称或别名)与列表结果匹配。如果有多个项目匹配或无匹配项,请展示候选项目并让用户选择。

Step 2: Get project details and load credentials

步骤2:获取项目详情并加载凭证

Once a single project is identified, check whether 
.elastic-credentials
already has entries for this project (from a previous session). If so, load them with 
load-credentials
:
bash
eval $(python3 skills/cloud/manage-project/scripts/manage-project.py load-credentials \
  --name "<project-name>")
This sets all saved environment variables for the project — endpoints and any previously created Elasticsearch API keys — in a single command. Admin credentials (
ELASTICSEARCH_USERNAME
/
ELASTICSEARCH_PASSWORD
) are intentionally excluded. Later sections for the same project automatically overwrite earlier values, so the most recent credentials always win.
If 
load-credentials
reports no matching entries, fetch the project details from the API and export endpoints manually:
bash
python3 skills/cloud/manage-project/scripts/manage-project.py get \
  --type elasticsearch \
  --id <project-id>
Then export the endpoint URLs from the response. The available endpoints depend on the project type.
All project types:
bash
export ELASTICSEARCH_URL="<elasticsearch_endpoint>"
export KIBANA_URL="<kibana_endpoint>"
Observability projects (additional):
bash
export APM_URL="<apm_endpoint>"
export INGEST_URL="<ingest_endpoint>"
Security projects (additional):
bash
export INGEST_URL="<ingest_endpoint>"
一旦确定单个项目,请检查
.elastic-credentials
中是否已有该项目的条目(来自之前的会话)。如果有,使用
load-credentials
加载:
bash
eval $(python3 skills/cloud/manage-project/scripts/manage-project.py load-credentials \
  --name "<project-name>")
此命令会一次性设置该项目的所有已保存环境变量——包括端点和之前创建的任何Elasticsearch API密钥。管理员凭证(
ELASTICSEARCH_USERNAME
/
ELASTICSEARCH_PASSWORD
)会被有意排除。同一项目的后续操作会自动覆盖之前的值,因此始终使用最新的凭证。
如果
load-credentials
报告无匹配条目,请从API获取项目详情并手动导出端点:
bash
python3 skills/cloud/manage-project/scripts/manage-project.py get \
  --type elasticsearch \
  --id <project-id>
然后从响应中导出端点URL。可用端点取决于项目类型。
所有项目类型:
bash
export ELASTICSEARCH_URL="<elasticsearch_endpoint>"
export KIBANA_URL="<kibana_endpoint>"
可观测性项目(额外端点):
bash
export APM_URL="<apm_endpoint>"
export INGEST_URL="<ingest_endpoint>"
安全项目(额外端点):
bash
export INGEST_URL="<ingest_endpoint>"

Step 3: Acquire Elasticsearch credentials

步骤3:获取Elasticsearch凭证

If 
load-credentials
set 
ELASTICSEARCH_API_KEY
, verify the credentials work:
bash
curl -H "Authorization: ApiKey ${ELASTICSEARCH_API_KEY}" \
  "${ELASTICSEARCH_URL}/_security/_authenticate"
Confirm the response contains a valid 
username
and 
"authentication_type": "api_key"
before proceeding. If verification succeeds, skip the rest of this step.
If no credentials were loaded, or verification fails, ask the user: "Do you have an existing Elasticsearch API key for this project?"
If yes — have the user add it to 
.elastic-credentials
(see "Credential file format"). Do not accept keys in chat. Reload and verify:
bash
eval $(python3 skills/cloud/manage-project/scripts/manage-project.py load-credentials \
  --name "<project-name>")
curl -H "Authorization: ApiKey ${ELASTICSEARCH_API_KEY}" \
  "${ELASTICSEARCH_URL}/_security/_authenticate"
If no — follow this recovery path:
  1. Confirm with the user, then reset the admin bootstrap credentials:
    bash
    python3 skills/cloud/manage-project/scripts/manage-project.py reset-credentials \
  --type elasticsearch \
  --id <project-id>
    The new password is saved to 
    .elastic-credentials
    with the project name in the header. Direct the user to that file — do not display its contents.
  2. Load credentials with 
    --include-admin
     so the admin password is available for API key creation:
    bash
    eval $(python3 skills/cloud/manage-project/scripts/manage-project.py load-credentials \
  --name "<project-name>" --include-admin)
    Use the admin credentials to create a scoped Elasticsearch API key via 
    elasticsearch-authn
    if available. If that skill is not installed, ask the user to install it or create the key manually in Kibana > Stack Management > API keys. Scope the key to only the privileges the user needs.
  3. After creating the API key, save it to 
    .elastic-credentials
    using the project-specific header format (see "Credential file format" below). Then reload without 
    --include-admin
     to drop admin credentials from the environment and verify:
    bash
    eval $(python3 skills/cloud/manage-project/scripts/manage-project.py load-credentials \
  --name "<project-name>")
curl -H "Authorization: ApiKey ${ELASTICSEARCH_API_KEY}" \
  "${ELASTICSEARCH_URL}/_security/_authenticate"
    Confirm the response shows a valid 
    username
    and 
    "authentication_type": "api_key"
    before proceeding.
如果
load-credentials
已设置
ELASTICSEARCH_API_KEY
,请验证凭证是否可用:
bash
curl -H "Authorization: ApiKey ${ELASTICSEARCH_API_KEY}" \
  "${ELASTICSEARCH_URL}/_security/_authenticate"
在继续操作前,请确认响应中包含有效的
username
"authentication_type": "api_key"
。如果验证成功,请跳过此步骤的剩余部分。
如果未加载任何凭证,或验证失败,请询问用户:"您是否有此项目的现有Elasticsearch API密钥?"
如果有 — 让用户将密钥添加到
.elastic-credentials
中(请参阅"凭证文件格式")。请勿在聊天中接收密钥。重新加载并验证:
bash
eval $(python3 skills/cloud/manage-project/scripts/manage-project.py load-credentials \
  --name "<project-name>")
curl -H "Authorization: ApiKey ${ELASTICSEARCH_API_KEY}" \
  "${ELASTICSEARCH_URL}/_security/_authenticate"
如果没有 — 按照以下恢复流程操作:
  1. 征得用户确认后,重置管理员引导凭证:
    bash
    python3 skills/cloud/manage-project/scripts/manage-project.py reset-credentials \
  --type elasticsearch \
  --id <project-id>
    新密码会自动保存到
    .elastic-credentials
    中,并带有项目名称的头部。引导用户查看该文件——不要显示其内容。
  2. 使用
    --include-admin
    参数加载凭证,以便管理员密码可用于创建API密钥:
    bash
    eval $(python3 skills/cloud/manage-project/scripts/manage-project.py load-credentials \
  --name "<project-name>" --include-admin)
    如果
    elasticsearch-authn
    可用,请使用管理员凭证通过该技能创建范围限定的Elasticsearch API密钥。如果该技能未安装,请告知用户安装它,或在Kibana > Stack Management > API keys中手动创建密钥。将密钥的权限范围限定为用户所需的最小权限。
  3. 创建API密钥后,将其保存到
    .elastic-credentials
    中(使用项目特定的头部格式,请参阅"凭证文件格式")。然后不使用
    --include-admin
    参数重新加载,以从环境中移除管理员凭证并验证:
    bash
    eval $(python3 skills/cloud/manage-project/scripts/manage-project.py load-credentials \
  --name "<project-name>")
curl -H "Authorization: ApiKey ${ELASTICSEARCH_API_KEY}" \
  "${ELASTICSEARCH_URL}/_security/_authenticate"
    在继续操作前,请确认响应中显示有效的
    username
    "authentication_type": "api_key"

Credential file format

凭证文件格式

See references/credential-file-format.md for the full format specification.
请参阅references/credential-file-format.md获取完整的格式规范。

Workflow: Load project credentials

工作流:加载项目凭证

bash
eval $(python3 skills/cloud/manage-project/scripts/manage-project.py load-credentials \
  --name "<project-name>")
Or by project ID:
bash
eval $(python3 skills/cloud/manage-project/scripts/manage-project.py load-credentials \
  --id <project-id>)
Parses 
.elastic-credentials
, merges all sections for the matching project, and prints 
export
statements. Admin credentials (
ELASTICSEARCH_USERNAME
/
ELASTICSEARCH_PASSWORD
) are excluded by default — only endpoints and API keys are exported. Add 
--include-admin
when you need admin credentials to create an API key.
bash
eval $(python3 skills/cloud/manage-project/scripts/manage-project.py load-credentials \
  --name "<project-name>")
或通过项目ID加载:
bash
eval $(python3 skills/cloud/manage-project/scripts/manage-project.py load-credentials \
  --id <project-id>)
解析
.elastic-credentials
,合并匹配项目的所有部分,并打印
export
语句。默认会排除管理员凭证(
ELASTICSEARCH_USERNAME
/
ELASTICSEARCH_PASSWORD
)——仅导出端点和API密钥。在需要管理员凭证创建API密钥时,添加
--include-admin
参数。

Workflow: List projects

工作流:列出项目

bash
python3 skills/cloud/manage-project/scripts/manage-project.py list \
  --type elasticsearch
Use 
--type observability
or 
--type security
to list other project types.
bash
python3 skills/cloud/manage-project/scripts/manage-project.py list \
  --type elasticsearch
使用
--type observability
--type security
列出其他类型的项目。

Workflow: Get project details

工作流:获取项目详情

bash
python3 skills/cloud/manage-project/scripts/manage-project.py get \
  --type elasticsearch \
  --id <project-id>
bash
python3 skills/cloud/manage-project/scripts/manage-project.py get \
  --type elasticsearch \
  --id <project-id>

Workflow: Update a project

工作流:更新项目

bash
python3 skills/cloud/manage-project/scripts/manage-project.py update \
  --type elasticsearch \
  --id <project-id> \
  --name "new-project-name"
Only the fields provided are updated (PATCH semantics). Supported fields: 
--name
, 
--alias
, 
--tag
, 
--search-power
, 
--boost-window
, 
--max-retention-days
, 
--default-retention-days
.
bash
python3 skills/cloud/manage-project/scripts/manage-project.py update \
  --type elasticsearch \
  --id <project-id> \
  --name "new-project-name"
仅更新提供的字段(PATCH语义)。支持的字段:
--name
--alias
--tag
--search-power
--boost-window
--max-retention-days
--default-retention-days

Alias

别名

The alias is an RFC-1035 domain label (lowercase alphanumeric and hyphens, max 50 chars) that becomes part of the project's endpoint URLs. Changing the alias changes all endpoint URLs, which breaks existing clients pointing to the old URLs. Warn the user about this before applying.
bash
python3 skills/cloud/manage-project/scripts/manage-project.py update \
  --type elasticsearch \
  --id <project-id> \
  --alias "prod-search"
别名是符合RFC-1035的域名标签(小写字母、数字和连字符,最多50个字符),会成为项目端点URL的一部分。更改别名会更改所有端点URL,这会导致指向旧URL的现有客户端无法正常工作。在应用更改前,请提醒用户这一点。
bash
python3 skills/cloud/manage-project/scripts/manage-project.py update \
  --type elasticsearch \
  --id <project-id> \
  --alias "prod-search"

Tags

标签

Tags are key-value metadata pairs for team tracking, cost attribution, and organization. Pass 
--tag KEY:VALUE
for each tag. Multiple tags can be set in a single update.
bash
python3 skills/cloud/manage-project/scripts/manage-project.py update \
  --type elasticsearch \
  --id <project-id> \
  --tag env:prod \
  --tag team:search
Tags are sent as 
metadata.tags
in the API request. Setting tags replaces all existing tags on the project — include any existing tags the user wants to keep.
标签是用于团队跟踪、成本归属和组织的键值元数据对。每个标签使用
--tag KEY:VALUE
传递。可以在一次更新中设置多个标签。
bash
python3 skills/cloud/manage-project/scripts/manage-project.py update \
  --type elasticsearch \
  --id <project-id> \
  --tag env:prod \
  --tag team:search
标签会作为
metadata.tags
在API请求中发送。设置标签会替换项目上的所有现有标签——请包含用户希望保留的任何现有标签。

Elasticsearch search_lake settings

Elasticsearch search_lake设置

For Elasticsearch projects, two fields control query performance and data caching in the Search AI Lake. Ingested data is stored in cost-efficient general storage. A cache layer on top provides faster search speed for recent and frequently queried data — this cached data is considered search-ready.
FlagRangeDescription
--search-power
28–3000Query performance level. Higher values improve performance but increase cost
--boost-window
1–180Days of data eligible for boosted caching (default: 7)
对于Elasticsearch项目,有两个字段控制Search AI Lake中的查询性能和数据缓存。摄入的数据会存储在成本效益高的通用存储中。顶部的缓存层可为最近和频繁查询的数据提供更快的搜索速度——这些缓存数据被视为搜索就绪
标志范围说明
--search-power
28–3000查询性能级别。值越高,性能越好,但成本也越高
--boost-window
1–180符合增强缓存条件的数据天数(默认值:7)

Search Power

搜索性能(Search Power)

Search Power controls the speed of searches by provisioning more or fewer query resources. Common presets (matching the Cloud UI):
ValuePresetBehavior
28On-demandAutoscales with lower baseline. More variable latency, reduced max throughput
100PerformantConsistently low latency, autoscales for moderately high throughput
250High availabilityOptimized for high-throughput scenarios, maintains low latency at high volumes
When the user asks for a preset by name, map it to the corresponding value. Custom values within 28–3000 are also valid.
Warn the user about cost implications before updating 
search_power
. Higher values increase VCU consumption and may result in higher bills. Confirm the new value with the user before applying.
搜索性能通过配置更多或更少的查询资源来控制搜索速度。常见预设(与Cloud UI匹配):
预设名称行为描述
28按需(On-demand)自动扩缩容,基线较低。延迟变化较大,最大吞吐量降低
100高性能(Performant)持续低延迟,针对中等高吞吐量自动扩缩容
250高可用(High availability)针对高吞吐量场景优化,在高负载下保持低延迟
当用户按名称请求预设时,将其映射到对应的值。28–3000范围内的自定义值也有效。
在更新
search_power
前,请提醒用户注意成本影响。 值越高,VCU消耗越多,可能导致账单金额增加。在应用前,请与用户确认新值。

Search Boost Window

搜索增强窗口(Search Boost Window)

Non-time-series data is always search-ready. The boost window determines how much time-series data (documents with a 
@timestamp
field) is also kept in the fast cache layer. Increasing the window means a larger portion of time-series data becomes search-ready, which improves query speed for recent data but increases the search-ready data volume.
非时间序列数据始终是搜索就绪的。增强窗口决定了有多少时间序列数据(带有
@timestamp
字段的文档)也会被保存在快速缓存层中。增大窗口意味着更大比例的时间序列数据变为搜索就绪,这会提高近期数据的查询速度,但会增加搜索就绪数据的体积。

Security data retention settings

安全项目的数据保留设置

For security projects, two fields control how long data is retained in the Search AI Lake. Retention is configured per data stream, but these project-level settings enforce global boundaries.
FlagUnitDescription
--max-retention-days
daysMaximum retention period for any data stream in the project
--default-retention-days
daysDefault retention applied to data streams without a custom one
  • Maximum retention — enforces an upper bound across all data streams. When lowered, it replaces the retention for any stream that currently has a longer period. Data older than the new maximum is permanently deleted.
  • Default retention — automatically applied to data streams that do not have a custom retention period set. Does not affect streams with an existing custom retention.
Warn the user before reducing 
max-retention-days
. Lowering the maximum permanently deletes data older than the new limit. Confirm the new value with the user before applying.
对于安全项目,有两个字段控制Search AI Lake中数据的保留时间。保留时间是按数据流配置的,但这些项目级设置会强制执行全局限制。
标志单位说明
--max-retention-days
项目中任何数据流的最大保留周期
--default-retention-days
应用于未设置自定义保留周期的数据流的默认保留周期
  • 最大保留周期 — 对所有数据流强制执行上限。当降低此值时,会替换当前保留周期较长的数据流的设置。超过新最大保留周期的数据会被永久删除
  • 默认保留周期 — 自动应用于未设置自定义保留周期的数据流。不会影响已有自定义保留周期的数据流。
在降低
max-retention-days
前,请提醒用户。 降低最大值会永久删除超过新限制的旧数据。在应用前,请与用户确认新值。

Workflow: Reset project credentials

工作流:重置项目凭证

Always confirm with the user before resetting.
bash
python3 skills/cloud/manage-project/scripts/manage-project.py reset-credentials \
  --type elasticsearch \
  --id <project-id>
The new password is saved to 
.elastic-credentials
automatically. Tell the user to open that file — do not display its contents in chat.
重置前务必征得用户确认。
bash
python3 skills/cloud/manage-project/scripts/manage-project.py reset-credentials \
  --type elasticsearch \
  --id <project-id>
新密码会自动保存到
.elastic-credentials
中。告知用户打开该文件——不要在聊天中显示其内容。

Workflow: Delete a project

工作流:删除项目

Always confirm with the user before deleting.
bash
python3 skills/cloud/manage-project/scripts/manage-project.py delete \
  --type elasticsearch \
  --id <project-id>
删除前务必征得用户确认。
bash
python3 skills/cloud/manage-project/scripts/manage-project.py delete \
  --type elasticsearch \
  --id <project-id>

Workflow: Resume a suspended project

工作流:恢复暂停的项目

Projects can be automatically suspended after their trial period expires. Resume with:
bash
python3 skills/cloud/manage-project/scripts/manage-project.py resume \
  --type elasticsearch \
  --id <project-id>
After resuming, poll the project status until the phase changes from 
initializing
to 
initialized
.
项目在试用期满后可能会自动暂停。使用以下命令恢复:
bash
python3 skills/cloud/manage-project/scripts/manage-project.py resume \
  --type elasticsearch \
  --id <project-id>
恢复后,请轮询项目状态,直到阶段从
initializing
变为
initialized

Examples

示例

List all security projects

列出所有安全项目

bash
python3 skills/cloud/manage-project/scripts/manage-project.py list --type security
bash
python3 skills/cloud/manage-project/scripts/manage-project.py list --type security

Update search power on an Elasticsearch project

更新Elasticsearch项目的搜索性能

bash
python3 skills/cloud/manage-project/scripts/manage-project.py update \
  --type elasticsearch \
  --id abc123def456abc123def456abc12345 \
  --search-power 500
bash
python3 skills/cloud/manage-project/scripts/manage-project.py update \
  --type elasticsearch \
  --id abc123def456abc123def456abc12345 \
  --search-power 500

Set data retention on a security project

设置安全项目的数据保留周期

bash
python3 skills/cloud/manage-project/scripts/manage-project.py update \
  --type security \
  --id abc123def456abc123def456abc12345 \
  --max-retention-days 396 \
  --default-retention-days 396
bash
python3 skills/cloud/manage-project/scripts/manage-project.py update \
  --type security \
  --id abc123def456abc123def456abc12345 \
  --max-retention-days 396 \
  --default-retention-days 396

Change project alias

更改项目别名

bash
python3 skills/cloud/manage-project/scripts/manage-project.py update \
  --type elasticsearch \
  --id abc123def456abc123def456abc12345 \
  --alias "prod-search"
bash
python3 skills/cloud/manage-project/scripts/manage-project.py update \
  --type elasticsearch \
  --id abc123def456abc123def456abc12345 \
  --alias "prod-search"

Tag a project for cost tracking

为项目添加成本跟踪标签

bash
python3 skills/cloud/manage-project/scripts/manage-project.py update \
  --type observability \
  --id abc123def456abc123def456abc12345 \
  --tag env:prod \
  --tag team:platform
bash
python3 skills/cloud/manage-project/scripts/manage-project.py update \
  --type observability \
  --id abc123def456abc123def456abc12345 \
  --tag env:prod \
  --tag team:platform

Rename an observability project

重命名可观测性项目

bash
python3 skills/cloud/manage-project/scripts/manage-project.py update \
  --type observability \
  --id abc123def456abc123def456abc12345 \
  --name "production-logs"
bash
python3 skills/cloud/manage-project/scripts/manage-project.py update \
  --type observability \
  --id abc123def456abc123def456abc12345 \
  --name "production-logs"

Connect to an existing project (credentials on file)

连接现有项目(凭证已保存)

text
User: I want to run a query against my search project "prod-search"
Agent: Let me find that project.
       [runs: list --type elasticsearch]
       I found "prod-search" (ID: abc123...). Loading saved credentials...
       [runs: eval $(load-credentials --name prod-search)]
       Credentials loaded. Verifying...
       [runs: curl -H "Authorization: ApiKey ..." "${ELASTICSEARCH_URL}/_security/_authenticate"]
       Verified — authenticated as user "my-service" via API key. You're all set.
text
用户:我想对我的搜索项目"prod-search"运行查询
Agent:让我查找该项目。
       [运行:list --type elasticsearch]
       我找到了"prod-search"(ID:abc123...)。正在加载已保存的凭证...
       [运行:eval $(load-credentials --name prod-search)]
       凭证已加载。正在验证...
       [运行:curl -H "Authorization: ApiKey ..." "${ELASTICSEARCH_URL}/_security/_authenticate"]
       验证通过——已通过API密钥以用户"my-service"身份验证。一切准备就绪。

Connect to a project (no saved credentials)

连接项目(无保存的凭证)

text
User: let's ingest some logs into my o11y project "siem-prod"
Agent: Let me find that project.
       [runs: list --type observability]
       Found "siem-prod" (ID: def456...). No saved credentials found for this project.
       [runs: get --type observability --id def456...]
       Endpoints set. Since there are no Elasticsearch credentials on file, I can reset the
       admin bootstrap password to get initial access. Shall I proceed?
User: yes
Agent: [runs: reset-credentials --type observability --id def456...]
       Credentials saved to .elastic-credentials — open that file to retrieve the password.
       [runs: eval $(load-credentials --name siem-prod --include-admin)]
       Admin credentials loaded for API key creation. Creating a scoped Elasticsearch API key
       now — what access does it need?
User: read-only on logs-*
Agent: [creates scoped API key via elasticsearch-authn using admin credentials]
       [appends API key to .elastic-credentials with project header]
       [runs: eval $(load-credentials --name siem-prod)]
       [verifies against ELASTICSEARCH_URL]
       API key created and verified. Admin credentials removed from environment.
text
用户:让我把一些日志摄入到我的可观测性项目"siem-prod"中
Agent:让我查找该项目。
       [运行:list --type observability]
       找到了"siem-prod"(ID:def456...)。未找到该项目的已保存凭证。
       [运行:get --type observability --id def456...]
       端点已设置。由于没有已保存的Elasticsearch凭证,我可以重置管理员引导密码以获取初始访问权限。是否继续?
用户:是
Agent:[运行:reset-credentials --type observability --id def456...]
       凭证已保存到.elastic-credentials中——请打开该文件获取密码。
       [运行:eval $(load-credentials --name siem-prod --include-admin)]
       已加载管理员凭证用于创建API密钥。现在将创建范围限定的Elasticsearch API密钥——它需要哪些权限?
用户:对logs-*的只读权限
Agent:[使用管理员凭证通过elasticsearch-authn创建范围限定的API密钥]
       [将API密钥添加到.elastic-credentials中,带有项目头部]
       [运行:eval $(load-credentials --name siem-prod)]
       [针对ELASTICSEARCH_URL进行验证]
       API密钥已创建并验证。管理员凭证已从环境中移除。

Delete a project after confirmation

确认后删除项目

text
User: delete my elasticsearch project abc123...
Agent: Are you sure you want to delete project abc123...? This cannot be undone.
User: yes
bash
python3 skills/cloud/manage-project/scripts/manage-project.py delete \
  --type elasticsearch \
  --id abc123def456abc123def456abc12345
text
用户:删除我的elasticsearch项目abc123...
Agent:您确定要删除项目abc123...吗?此操作无法撤销。
用户:是
bash
python3 skills/cloud/manage-project/scripts/manage-project.py delete \
  --type elasticsearch \
  --id abc123def456abc123def456abc12345

Guidelines

指南

  • Run the 
    cloud-setup
    skill first if 
    EC_API_KEY
    is not set.
  • Use the 
    cloud-create-project
    skill to create new projects — this skill handles existing projects only.
  • When the user refers to a project the agent did not create, follow the "Connect to an existing project" workflow.
  • Deletion is permanent. Always confirm with the user before proceeding.
  • After resetting credentials, remind the user to update any stored passwords or environment variables.
  • Warn about cost implications before increasing 
    search_power
    . Confirm the new value with the user first.
  • Warn about data loss before reducing 
    max-retention-days
    . Data older than the new maximum is permanently deleted.
  • Warn users that changing a project alias changes all endpoint URLs, which breaks existing clients.
  • Setting tags replaces all existing tags. Retrieve current tags with 
    get
    first and include any the user wants to keep.
  • 如果未设置
    EC_API_KEY
    ,请先运行
    cloud-setup
    技能。
  • 使用
    cloud-create-project
    技能创建新项目——本技能仅处理现有项目。
  • 当用户提及Agent未创建的项目时,请遵循"连接现有项目"工作流。
  • 删除操作是永久性的。在继续前务必征得用户确认。
  • 重置凭证后,请提醒用户更新所有已保存的密码或环境变量。
  • 在提高
    search_power
    前,提醒用户注意成本影响。请先与用户确认新值。
  • 在降低
    max-retention-days
    前,提醒用户注意数据丢失风险。超过新最大值的旧数据会被永久删除。
  • 提醒用户更改项目别名会更改所有端点URL,这会导致现有客户端无法正常工作。
  • 设置标签会替换所有现有标签。请先使用
    get
    命令获取当前标签,并包含用户希望保留的标签。

Script reference

脚本参考

CommandDescription
list
List projects by type
get
Get project details by ID
update
Update project name, alias, tags, or search_lake settings
reset-credentials
Reset project credentials (new password)
delete
Delete a project
resume
Resume a suspended project
load-credentials
Load a project's saved credentials from 
.elastic-credentials
FlagCommandsDescription
--type
list, get, update, reset-credentials, delete, resumeProject type: 
elasticsearch
, 
observability
, 
security
--id
get, update, reset-credentials, delete, resume, load-credentialsProject ID
--name
update, load-credentialsProject name (update: new name; load-credentials: lookup)
--alias
updateNew project alias
--tag
updateTag as KEY:VALUE (repeatable, replaces all tags)
--search-power
updateSearch power 28–3000 (elasticsearch only)
--boost-window
updateBoost window 1–180 days (elasticsearch only)
--max-retention-days
updateMax data retention in days (security only)
--default-retention-days
updateDefault data retention in days (security only)
--include-admin
load-credentialsInclude admin username/password (API key bootstrapping only)
--wait-seconds
reset-credentialsSeconds to wait for credential propagation (0 to skip)
命令说明
list
按类型列出项目
get
通过ID获取项目详情
update
更新项目名称、别名、标签或search_lake设置
reset-credentials
重置项目凭证(生成新密码)
delete
删除项目
resume
恢复暂停的项目
load-credentials
.elastic-credentials
加载项目的已保存凭证
标志适用命令说明
--type
list, get, update, reset-credentials, delete, resume项目类型:
elasticsearch
observability
security
--id
get, update, reset-credentials, delete, resume, load-credentials项目ID
--name
update, load-credentials项目名称(update:新名称;load-credentials:用于查找)
--alias
update新项目别名
--tag
update标签,格式为KEY:VALUE(可重复,会替换所有现有标签)
--search-power
update搜索性能,范围28–3000(仅适用于elasticsearch项目)
--boost-window
update增强窗口,范围1–180天(仅适用于elasticsearch项目)
--max-retention-days
update最大数据保留天数(仅适用于security项目)
--default-retention-days
update默认数据保留天数(仅适用于security项目)
--include-admin
load-credentials包含管理员用户名/密码(仅用于引导创建API密钥)
--wait-seconds
reset-credentials等待凭证传播的秒数(0表示跳过)

Environment variables

环境变量

VariableRequiredDescription
EC_API_KEY
YesElastic Cloud API key (project management operations)
EC_BASE_URL
NoCloud API base URL (default: 
https://api.elastic-cloud.com
)
ELASTICSEARCH_URL
OutputElasticsearch URL (set after resolving a project for downstream skills)
KIBANA_URL
OutputKibana URL (set after resolving a project for downstream skills)
APM_URL
OutputAPM endpoint (observability projects only)
INGEST_URL
OutputOTLP ingest endpoint (observability and security projects)
ELASTICSEARCH_API_KEY
OutputElasticsearch API key (for stack-level operations)
变量名称是否必填说明
EC_API_KEY
Elastic Cloud API密钥(用于项目管理操作)
EC_BASE_URL
Cloud API基础URL(默认值:
https://api.elastic-cloud.com
ELASTICSEARCH_URL
输出项Elasticsearch URL(解析项目后设置,供下游技能使用)
KIBANA_URL
输出项Kibana URL(解析项目后设置,供下游技能使用)
APM_URL
输出项APM端点(仅适用于observability项目)
INGEST_URL
输出项OTLP摄入端点(适用于observability和security项目)
ELASTICSEARCH_API_KEY
输出项Elasticsearch API密钥(用于栈级操作)

Additional resources

额外资源

  • For full API details, request/response schemas, and project-type options, see the Serverless Projects API
  • For official documentation on Search AI Lake settings, data retention, and project features, see Project settings
  • 有关完整的API详情、请求/响应架构和项目类型选项,请参阅Serverless Projects API
  • 有关Search AI Lake设置、数据保留和项目功能的官方文档,请参阅Project settings