Confirm successful installation by checking the skill directory location:
.cursor/skills/cloud-manage-project
Restart Cursor to activate cloud-manage-project. Access via /cloud-manage-project in your agent's command palette.
โ
Security Notice
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Perform day-2 operations on Elastic Cloud Serverless projects using the Serverless REST API.
Prerequisites and permissions
Ensure EC_API_KEY is configured. If not, run cloud-setup skill first.
Updating project settings requires Admin or Editor role on the target project.
This skill does not perform a separate role pre-check. Attempt the requested operation and let the API enforce
authorization. If the API returns an authorization error (for example, 403 Forbidden), stop and ask the user to
verify the provided API key permissions.
Manual setup fallback (when cloud-setup is unavailable)
If this skill is installed standalone and cloud-setup is not available, instruct the user to configure Cloud
environment variables manually before running commands. Never ask the user to paste API keys in chat.
Variable
Required
Description
EC_API_KEY
Yes
Elastic Cloud API key used for project management operations.
EC_BASE_URL
No
Cloud API base URL (default: https://api.elastic-cloud.com).
Note: If EC_API_KEY is missing, or the user does not have a Cloud API key yet, direct the user to generate one
at Elastic Cloud API keys, then configure it locally using the steps below.
Preferred method (agent-friendly): create a .env file in the project root:
Terminal exports may not be visible to sandboxed agents running in separate shell sessions, so prefer .env when using
an agent.
Critical principles
Never display secrets in chat. Do not echo, log, or repeat API keys, passwords, or credentials in conversation
messages or agent thinking. Direct the user to the .elastic-credentials file instead. The admin password must
never appear in chat history, thinking traces, or agent output โ even when using it to create an API key, pass it
directly via shell variable substitution without echoing.
Confirm before destructive actions. Always ask the user to confirm before deleting a project or resetting
credentials.
Credentials are saved to file. After a credential reset, the script writes the new password to
.elastic-credentials automatically. The password is redacted from stdout. Never read or display the contents of
.elastic-credentials in chat.
Admin credentials are for API key creation only. The admin password saved by create-project and
reset-credentials exists solely to bootstrap a scoped API key โ never use it for direct Elasticsearch operations.
load-credentials excludes admin credentials by default; pass --include-admin only for key creation.
Always prefer API keys. Do not proceed with Elasticsearch operations until an ELASTICSEARCH_API_KEY is set. If
only admin credentials are available, create a scoped API key via elasticsearch-authn. If that skill is not
installed, ask the user to install it or create the key manually in Kibana > Stack Management > API keys.
Identify projects by type and ID. Every command requires both --type and --id (except list, which only needs
--type).
Two kinds of API keys. This skill uses the Cloud API key (EC_API_KEY) for project management operations
(list, get, update, delete). Elasticsearch operations require a separate Elasticsearch API key
(ELASTICSEARCH_API_KEY) that authenticates against the project's Elasticsearch endpoint. Do not confuse the two.
Workflow: Connect to an existing project
Use this workflow when the user asks to query or manage a project the agent did not create in the current session. It
resolves the project, saves its endpoints, and ensures working Elasticsearch credentials before proceeding.
This workflow only applies to Elastic Cloud Serverless projects. If the user's Elasticsearch instance is
self-managed or Elastic Cloud Hosted, this skill does not apply โ skip it and proceed with the relevant skill directly.
If unsure, ask the user: "Is your Elasticsearch instance an Elastic Cloud Serverless project?"
Connect to Existing Project:
- [ ] Step 1: Resolve the project
- [ ] Step 2: Get project details and load credentials
- [ ] Step 3: Acquire Elasticsearch credentials
Step 1: Resolve the project
Ask the user for the project name if not already provided. Infer the project type from the user's request:
If the type is ambiguous, list all three types to find the project.
python3 skills/cloud/manage-project/scripts/manage-project.py list \--type elasticsearch
Match the user's reference (name, partial name, or alias) against the list results. If multiple projects match or none
match, present the candidates and ask the user to pick.
Step 2: Get project details and load credentials
Once a single project is identified, check whether .elastic-credentials already has entries for this project (from a
previous session). If so, load them with load-credentials:
This sets all saved environment variables for the project โ endpoints and any previously created Elasticsearch API keys
โ in a single command. Admin credentials (ELASTICSEARCH_USERNAME/ELASTICSEARCH_PASSWORD) are intentionally excluded.
Later sections for the same project automatically overwrite earlier values, so the most recent credentials always win.
If load-credentials reports no matching entries, fetch the project details from the API and export endpoints manually:
python3 skills/cloud/manage-project/scripts/manage-project.py get \--type elasticsearch \--id<project-id>
Then export the endpoint URLs from the response. The available endpoints depend on the project type.
Confirm the response contains a valid username and "authentication_type": "api_key" before proceeding. If
verification succeeds, skip the rest of this step.
If no credentials were loaded, or verification fails, ask the user: "Do you have an existing Elasticsearch API key for
this project?"
If yes โ have the user add it to .elastic-credentials (see "Credential file format"). Do not accept keys in chat.
Reload and verify:
Use the admin credentials to create a scoped Elasticsearch API key via elasticsearch-authn if available. If that
skill is not installed, ask the user to install it or create the key manually in Kibana > Stack Management > API
keys. Scope the key to only the privileges the user needs.
After creating the API key, save it to .elastic-credentials using the project-specific header format (see
"Credential file format" below). Then reload without --include-admin to drop admin credentials from the
environment and verify:
Parses .elastic-credentials, merges all sections for the matching project, and prints export statements. Admin
credentials (ELASTICSEARCH_USERNAME/ELASTICSEARCH_PASSWORD) are excluded by default โ only endpoints and API keys
are exported. Add --include-admin when you need admin credentials to create an API key.
Workflow: List projects
python3 skills/cloud/manage-project/scripts/manage-project.py list \--type elasticsearch
Use --type observability or --type security to list other project types.
Workflow: Get project details
python3 skills/cloud/manage-project/scripts/manage-project.py get \--type elasticsearch \--id<project-id>
Only the fields provided are updated (PATCH semantics). Supported fields: --name, --alias, --tag,
--search-power, --boost-window, --max-retention-days, --default-retention-days.
Alias
The alias is an RFC-1035 domain label (lowercase alphanumeric and hyphens, max 50 chars) that becomes part of the
project's endpoint URLs. Changing the alias changes all endpoint URLs, which breaks existing clients pointing to the
old URLs. Warn the user about this before applying.
Tags are key-value metadata pairs for team tracking, cost attribution, and organization. Pass --tag KEY:VALUE for each
tag. Multiple tags can be set in a single update.
Tags are sent as metadata.tags in the API request. Setting tags replaces all existing tags on the project โ include
any existing tags the user wants to keep.
Elasticsearch search_lake settings
For Elasticsearch projects, two fields control query performance and data caching in the Search AI Lake. Ingested data
is stored in cost-efficient general storage. A cache layer on top provides faster search speed for recent and frequently
queried data โ this cached data is considered search-ready.
Flag
Range
Description
--search-power
28โ3000
Query performance level. Higher values improve performance but increase cost
--boost-window
1โ180
Days of data eligible for boosted caching (default: 7)
Search Power
Search Power controls the speed of searches by provisioning more or fewer query resources. Common presets (matching the
Cloud UI):
Value
Preset
B
Implementation Guide
Prerequisites
โบClaude Desktop or compatible AI client with skill support
โบClear understanding of task or problem to solve
โบWillingness to iterate and refine outputs
Time Estimate
15-45 minutes depending on use case complexity
Steps
1Install skill using provided installation command
2Test with simple use case relevant to your work
3Evaluate output quality and relevance
4Iterate on prompts to improve results
5Integrate into regular workflow if valuable
Common Pitfalls
โ Expecting perfect results without iteration
โ Not providing enough context in prompts
โ Using skill for tasks outside its intended scope
โ Accepting outputs without review and validation
Best Practices
โ Do
+Start with clear, specific prompts
+Provide relevant context and constraints
+Review and refine all outputs before using
+Iterate to improve output quality
+Document successful prompt patterns
โ Don't
โDon't use without understanding skill limitations
โDon't skip validation of outputs
โDon't share sensitive information in prompts
โDon't expect skill to replace human judgment
๐ก Pro Tips
โ Be specific about desired format and style
โ Ask for multiple options to choose from
โ Request explanations to understand reasoning
โ Combine AI efficiency with human expertise
When to Use This
โ Use when
Use when skill capabilities match your task, clear ROI on time saved, and you can validate outputs. Best for repetitive tasks, learning, and quality improvement.
โ Avoid when
Avoid when task requires deep expertise you can't validate, involves sensitive decisions, or when learning process is more valuable than speed of completion.
Learning Path
1Familiarize yourself with skill capabilities and limitations
2Start with low-risk, non-critical tasks
3Progress to more complex and valuable use cases
4Build expertise through regular use and experimentation
