Manage Serverless Project

Perform day-2 operations on Elastic Cloud Serverless projects using the Serverless REST API.

Prerequisites and permissions

• Ensure EC_API_KEY is configured. If not, run cloud-setup skill first.
• Updating project settings requires Admin or Editor role on the target project.
• This skill does not perform a separate role pre-check. Attempt the requested operation and let the API enforce authorization. If the API returns an authorization error (for example, 403 Forbidden), stop and ask the user to verify the provided API key permissions.

Manual setup fallback (when cloud-setup is unavailable)

If this skill is installed standalone and cloud-setup is not available, instruct the user to configure Cloud environment variables manually before running commands. Never ask the user to paste API keys in chat.

Variable	Required	Description
EC_API_KEY	Yes	Elastic Cloud API key used for project management operations.
EC_BASE_URL	No	Cloud API base URL (default: https://api.elastic-cloud.com).

Note: If EC_API_KEY is missing, or the user does not have a Cloud API key yet, direct the user to generate one at Elastic Cloud API keys, then configure it locally using the steps below.

Preferred method (agent-friendly): create a .env file in the project root:

EC_API_KEY=your-api-key
EC_BASE_URL=https://api.elastic-cloud.com

All cloud/* scripts auto-load .env from the working directory.

Alternative: export directly in the terminal:

export EC_API_KEY="<your-cloud-api-key>"
export EC_BASE_URL="https://api.elastic-cloud.com"

Terminal exports may not be visible to sandboxed agents running in separate shell sessions, so prefer .env when using an agent.

Critical principles

• Never display secrets in chat. Do not echo, log, or repeat API keys, passwords, or credentials in conversation messages or agent thinking. Direct the user to the .elastic-credentials file instead. The admin password must never appear in chat history, thinking traces, or agent output — even when using it to create an API key, pass it directly via shell variable substitution without echoing.
• Confirm before destructive actions. Always ask the user to confirm before deleting a project or resetting credentials.
• Credentials are saved to file. After a credential reset, the script writes the new password to .elastic-credentials automatically. The password is redacted from stdout. Never read or display the contents of .elastic-credentials in chat.
• Admin credentials are for API key creation only. The admin password saved by create-project and reset-credentials exists solely to bootstrap a scoped API key — never use it for direct Elasticsearch operations. load-credentials excludes admin credentials by default; pass --include-admin only for key creation.
• Always prefer API keys. Do not proceed with Elasticsearch operations until an ELASTICSEARCH_API_KEY is set. If only admin credentials are available, create a scoped API key via elasticsearch-authn. If that skill is not installed, ask the user to install it or create the key manually in Kibana > Stack Management > API keys.
• Identify projects by type and ID. Every command requires both --type and --id (except list, which only needs --type).
• Two kinds of API keys. This skill uses the Cloud API key (EC_API_KEY) for project management operations (list, get, update, delete). Elasticsearch operations require a separate Elasticsearch API key (ELASTICSEARCH_API_KEY) that authenticates against the project's Elasticsearch endpoint. Do not confuse the two.

Workflow: Connect to an existing project

Use this workflow when the user asks to query or manage a project the agent did not create in the current session. It resolves the project, saves its endpoints, and ensures working Elasticsearch credentials before proceeding.

This workflow only applies to Elastic Cloud Serverless projects. If the user's Elasticsearch instance is self-managed or Elastic Cloud Hosted, this skill does not apply — skip it and proceed with the relevant skill directly. If unsure, ask the user: "Is your Elasticsearch instance an Elastic Cloud Serverless project?"

Connect to Existing Project:
- [ ] Step 1: Resolve the project
- [ ] Step 2: Get project details and load credentials
- [ ] Step 3: Acquire Elasticsearch credentials

Step 1: Resolve the project

Ask the user for the project name if not already provided. Infer the project type from the user's request:

User says	--type
"search project", "elasticsearch project", vector search	elasticsearch
"observability project", "o11y", logs, metrics, traces, APM	observability
"security project", "SIEM", detections, endpoint protection	security

If the type is ambiguous, list all three types to find the project.

python3 skills/cloud/manage-project/scripts/manage-project.py list \
  --type elasticsearch

Match the user's reference (name, partial name, or alias) against the list results. If multiple projects match or none match, present the candidates and ask the user to pick.

Step 2: Get project details and load credentials

Once a single project is identified, check whether .elastic-credentials already has entries for this project (from a previous session). If so, load them with load-credentials:

eval $(python3 skills/cloud/manage-project/scripts/manage-project.py load-credentials \
  --name "<project-name>")

This sets all saved environment variables for the project — endpoints and any previously created Elasticsearch API keys — in a single command. Admin credentials (ELASTICSEARCH_USERNAME/ELASTICSEARCH_PASSWORD) are intentionally excluded. Later sections for the same project automatically overwrite earlier values, so the most recent credentials always win.

If load-credentials reports no matching entries, fetch the project details from the API and export endpoints manually:

python3 skills/cloud/manage-project/scripts/manage-project.py get \
  --type elasticsearch \
  --id <project-id>

Then export the endpoint URLs from the response. The available endpoints depend on the project type.

All project types:

export ELASTICSEARCH_URL="<elasticsearch_endpoint>"
export KIBANA_URL="<kibana_endpoint>"

Observability projects (additional):

export APM_URL="<apm_endpoint>"
export INGEST_URL="<ingest_endpoint>"

Security projects (additional):

export INGEST_URL="<ingest_endpoint>"

Step 3: Acquire Elasticsearch credentials

If load-credentials set ELASTICSEARCH_API_KEY, verify the credentials work:

curl -H "Authorization: ApiKey ${ELASTICSEARCH_API_KEY}" \
  "${ELASTICSEARCH_URL}/_security/_authenticate"

Confirm the response contains a valid username and "authentication_type": "api_key" before proceeding. If verification succeeds, skip the rest of this step.

If no credentials were loaded, or verification fails, ask the user: "Do you have an existing Elasticsearch API key for this project?"

If yes — have the user add it to .elastic-credentials (see "Credential file format"). Do not accept keys in chat. Reload and verify:

eval $(python3 skills/cloud/manage-project/scripts/manage-project.py load-credentials \
  --name "<project-name>")
curl -H "Authorization: ApiKey ${ELASTICSEARCH_API_KEY}" \
  "${ELASTICSEARCH_URL}/_security/_authenticate"

If no — follow this recovery path:

1. Confirm with the user, then reset the admin bootstrap credentials:

   python3 skills/cloud/manage-project/scripts/manage-project.py reset-credentials \
     --type elasticsearch \
     --id <project-id>
   

   The new password is saved to .elastic-credentials with the project name in the header. Direct the user to that file — do not display its contents.

2. Load credentials with --include-admin so the admin password is available for API key creation:

   eval $(python3 skills/cloud/manage-project/scripts/manage-project.py load-credentials \
     --name "<project-name>" --include-admin)
   

   Use the admin credentials to create a scoped Elasticsearch API key via elasticsearch-authn if available. If that skill is not installed, ask the user to install it or create the key manually in Kibana > Stack Management > API keys. Scope the key to only the privileges the user needs.

3. After creating the API key, save it to .elastic-credentials using the project-specific header format (see "Credential file format" below). Then reload without --include-admin to drop admin credentials from the environment and verify:

   eval $(python3 skills/cloud/manage-project/scripts/manage-project.py load-credentials \
     --name "<project-name>")
   curl -H "Authorization: ApiKey ${ELASTICSEARCH_API_KEY}" \
     "${ELASTICSEARCH_URL}/_security/_authenticate"
   

   Confirm the response shows a valid username and "authentication_type": "api_key" before proceeding.

Credential file format

See references/credential-file-format.md for the full format specification.

Workflow: Load project credentials

eval $(python3 skills/cloud/manage-project/scripts/manage-project.py load-credentials \
  --name "<project-name>")

Or by project ID:

eval $(python3 skills/cloud/manage-project/scripts/manage-project.py load-credentials \
  --id <project-id>)

Parses .elastic-credentials, merges all sections for the matching project, and prints export statements. Admin credentials (ELASTICSEARCH_USERNAME/ELASTICSEARCH_PASSWORD) are excluded by default — only endpoints and API keys are exported. Add --include-admin when you need admin credentials to create an API key.

Workflow: List projects

python3 skills/cloud/manage-project/scripts/manage-project.py list \
  --type elasticsearch

Use --type observability or --type security to list other project types.

Workflow: Get project details

python3 skills/cloud/manage-project/scripts/manage-project.py get \
  --type elasticsearch \
  --id <project-id>

Workflow: Update a project

python3 skills/cloud/manage-project/scripts/manage-project.py update \
  --type elasticsearch \
  --id <project-id> \
  --name "new-project-name"

Only the fields provided are updated (PATCH semantics). Supported fields: --name, --alias, --tag, --search-power, --boost-window, --max-retention-days, --default-retention-days.

Alias

The alias is an RFC-1035 domain label (lowercase alphanumeric and hyphens, max 50 chars) that becomes part of the project's endpoint URLs. Changing the alias changes all endpoint URLs, which breaks existing clients pointing to the old URLs. Warn the user about this before applying.

python3 skills/cloud/manage-project/scripts/manage-project.py update \
  --type elasticsearch \
  --id <project-id> \
  --alias "prod-search"

Tags

Tags are key-value metadata pairs for team tracking, cost attribution, and organization. Pass --tag KEY:VALUE for each tag. Multiple tags can be set in a single update.

python3 skills/cloud/manage-project/scripts/manage-project.py update \
  --type elasticsearch \
  --id <project-id> \
  --tag env:prod \
  --tag team:search

Tags are sent as metadata.tags in the API request. Setting tags replaces all existing tags on the project — include any existing tags the user wants to keep.

Elasticsearch search_lake settings

For Elasticsearch projects, two fields control query performance and data caching in the Search AI Lake. Ingested data is stored in cost-efficient general storage. A cache layer on top provides faster search speed for recent and frequently queried data — this cached data is considered search-ready.

Flag	Range	Description
--search-power	28–3000	Query performance level. Higher values improve performance but increase cost
--boost-window	1–180	Days of data eligible for boosted caching (default: 7)

Search Power

Search Power controls the speed of searches by provisioning more or fewer query resources. Common presets (matching the Cloud UI):

Value	Preset	B how to use cloud-manage-project CursorClaude CodeClineCodexWindsurfGooseGitHub CopilotVS CodeGemini CLIKiloOpencodeKimi CLIRoo ClineAiderContinueZedBolt.newLovablev0Replit AgentSweepSmol DeveloperDevinCavemanAmpAntigravity How to use cloud-manage-project on Cursor AI-first code editor with Composer 1 Prerequisites Before installing skills in Cursor, ensure your development environment meets these requirements: ›Cursor installed and configured on your development machine ›Node.js version 16.0+ with npm package manager (verify with node --version) ›Active project directory or workspace where you want to add cloud-manage-project 2 Execute installation command Execute the skills CLI command in your project's root directory to begin installation: $npx skills add https://github.com/elastic/agent-skills --skill cloud-manage-projectcopy The skills CLI fetches cloud-manage-project from GitHub repository elastic/agent-skills and configures it for Cursor. 3 Select Cursor when prompted The CLI will show a list of available agents. Use arrow keys to navigate and space to select Cursor: ◆ Which agents do you want to install to? │ │ ── Universal (.agents/skills) ── always included ──── │ • Amp │ • Antigravity │ • Cline │ • Codex │ ●Cursor(selected) │ • Cursor │ • Windsurf 4 Verify installation Confirm successful installation by checking the skill directory location: .cursor/skills/cloud-manage-project Reload or restart Cursor to activate cloud-manage-project. Access the skill through slash commands (e.g., /cloud-manage-project) or your agent's skill management interface. ⚠ Security & Verification Notice We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use. Skills execute code in your development environment. Always verify the publisher's identity, review recent commits, and test in isolated environments before production deployment. Additional Resources ›View source code on GitHub›Skills CLI documentation›Learn more about Cursor›What are agent skills? List & Monetize Your Skill Submit your Claude Code skill and start earning GET_STARTED → Use Cases▌ Task Automation & Efficiency Automate repetitive workflows and reduce manual effort Example Generate reports, summarize documents, draft communications ✓ Save 3-5 hours per week on routine tasks Knowledge Enhancement Learn new skills, understand complex topics, get expert guidance Example Explain concepts, provide examples, suggest learning resources ✓ Accelerate learning and skill development by 2x Quality Improvement Enhance output quality through reviews, suggestions, and refinements Example Review drafts, suggest improvements, catch errors ✓ Improve work quality by 30-40% with less effort Implementation Guide▌ Prerequisites ›Claude Desktop or compatible AI client with skill support ›Clear understanding of task or problem to solve ›Willingness to iterate and refine outputs Time Estimate 15-45 minutes depending on use case complexity Installation Steps 1.Install skill using provided installation command 2.Test with simple use case relevant to your work 3.Evaluate output quality and relevance 4.Iterate on prompts to improve results 5.Integrate into regular workflow if valuable Common Pitfalls ⚠Expecting perfect results without iteration ⚠Not providing enough context in prompts ⚠Using skill for tasks outside its intended scope ⚠Accepting outputs without review and validation Best Practices▌ ✓ Do +Start with clear, specific prompts +Provide relevant context and constraints +Review and refine all outputs before using +Iterate to improve output quality +Document successful prompt patterns ✗ Don't −Don't use without understanding skill limitations −Don't skip validation of outputs −Don't share sensitive information in prompts −Don't expect skill to replace human judgment 💡 Pro Tips ★Be specific about desired format and style ★Ask for multiple options to choose from ★Request explanations to understand reasoning ★Combine AI efficiency with human expertise When to Use This▌ ✓ Use When Use when skill capabilities match your task, clear ROI on time saved, and you can validate outputs. Best for repetitive tasks, learning, and quality improvement. ✗ Avoid When Avoid when task requires deep expertise you can't validate, involves sensitive decisions, or when learning process is more valuable than speed of completion. Learning Path▌ 1Familiarize yourself with skill capabilities and limitations 2Start with low-risk, non-critical tasks 3Progress to more complex and valuable use cases 4Build expertise through regular use and experimentation Discussion Product Hunt–style comments (not star reviews) post comment No comments yet — start the thread. general reviews Ratings 4.6★★★★★65 reviews ★★★★★Sophia Iyer· Dec 28, 2024 Solid pick for teams standardizing on skills: cloud-manage-project is focused, and the summary matches what you get after install. ★★★★★Benjamin Garcia· Dec 28, 2024 Registry listing for cloud-manage-project matched our evaluation — installs cleanly and behaves as described in the markdown. ★★★★★Dhruvi Jain· Dec 24, 2024 We added cloud-manage-project from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront. ★★★★★Mia Perez· Dec 24, 2024 cloud-manage-project has been reliable in day-to-day use. Documentation quality is above average for community skills. ★★★★★Mia Brown· Dec 20, 2024 I recommend cloud-manage-project for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area. ★★★★★Henry Bansal· Dec 4, 2024 cloud-manage-project is among the better-maintained entries we tried; worth keeping pinned for repeat workflows. ★★★★★Mia Abebe· Nov 23, 2024 Keeps context tight: cloud-manage-project is the kind of skill you can hand to a new teammate without a long onboarding doc. ★★★★★Ira Iyer· Nov 19, 2024 I recommend cloud-manage-project for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area. ★★★★★William Bhatia· Nov 19, 2024 cloud-manage-project reduced setup friction for our internal harness; good balance of opinion and flexibility. ★★★★★Oshnikdeep· Nov 15, 2024 Useful defaults in cloud-manage-project — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows. showing 1-10 of 65 prev1 / 7next bookmarkshare