When Elasticsearch security breaks, you need a triage workflow, not guesswork. This skill walks you through authentication failures (401s), authorization errors (403s), TLS handshake problems, expired API keys, role mapping mismatches, and Kibana login issues with a structured gather-diagnose-resolve approach. It's built by Elastic and uses the actual diagnostic APIs like `_security/_authenticate` and `_has_privileges` to pinpoint what's wrong. The deployment compatibility notes are helpful since self-managed, ECH, and serverless clusters expose different APIs. If you've ever stared at a vague "security_exception" wondering whether it's credentials, roles, or certificate trust, this gives you a methodical way to figure it out instead of trying random fixes.
npx skills add https://github.com/elastic/agent-skills --skill elasticsearch-security-troubleshooting