DiscordSign up
SKILLS.SH

cloud-create-project

>

INSTALLATION
npx skills add https://github.com/elastic/agent-skills --skill cloud-create-project
Run in your project or agent environment. Adjust flags if your CLI version differs.

SKILL.md

$27

Variable

Required

Description

EC_API_KEY

Yes

Elastic Cloud API key used for project creation operations.

EC_BASE_URL

No

Cloud API base URL (default: https://api.elastic-cloud.com).

Note: If EC_API_KEY is missing, or the user does not have a Cloud API key yet, first check whether the user has

an Elastic Cloud account. If not, propose starting a free trial at

Elastic Cloud free trial — 14 days of full access with no credit card

required. Once registered, direct the user to generate a key at

Elastic Cloud API keys, then configure it locally using the steps below.

Preferred method (agent-friendly): create a .env file in the project root:

EC_API_KEY=your-api-key

EC_BASE_URL=https://api.elastic-cloud.com

All cloud/* scripts auto-load .env from the working directory.

Alternative: export directly in the terminal:

export EC_API_KEY="<your-cloud-api-key>"

export EC_BASE_URL="https://api.elastic-cloud.com"

Terminal exports may not be visible to sandboxed agents running in separate shell sessions, so prefer .env when using

an agent.

Critical principles

  • Never display secrets in chat. Do not echo, log, or repeat API keys, passwords, or credentials in conversation

messages or agent thinking. Direct the user to the .elastic-credentials file instead. The admin password must

never appear in chat history, thinking traces, or agent output.

  • Confirm before creating. Always present the project configuration to the user and ask for confirmation before

running the creation script.

  • Admin credentials are for API key creation only. The script saves the admin password to .elastic-credentials

for bootstrapping a scoped API key. The admin user has full privileges and cannot be modified in serverless. Never

use admin credentials for direct Elasticsearch operations (querying, indexing, etc.) — always create a scoped API key

first (see Step 8). The load-credentials command excludes admin credentials by default — use --include-admin

only during Step 7/8, then reload without it once the API key is created. Never read or display the contents of

.elastic-credentials in chat.

  • Recover lost credentials. If the script fails to write .elastic-credentials (disk full, permissions, etc.), the

save may be incomplete. Check .elastic-credentials for the password first. If missing, use the

cloud-manage-project skill's reset-credentials command to generate a new password.

  • Region is permanent. A project's region cannot be changed after creation.
  • Prefer automatic readiness checks. Pass --wait to the creation script so it polls until the phase changes from

initializing to initialized. Only fall back to manually polling the status endpoint if --wait is unavailable.

Project types

Type

Description

Key endpoints

elasticsearch

Search, analytics, and vector workloads

Elasticsearch, Kibana

observability

Logs, metrics, traces, and APM

Elasticsearch, Kibana, APM, OTLP

security

SIEM, endpoint protection, cloud security

Elasticsearch, Kibana, OTLP

Project type inference

Map the user's request to the correct --type value:

User says

--type

"search project", "elasticsearch project", vector search

elasticsearch

"observability project", "o11y", logs, metrics, traces, APM

observability

"security project", "SIEM", detections, endpoint protection

security

Do not silently default to any type. If the user does not specify a type, infer it from the conversation context

(for example, discussing log ingestion suggests observability, discussing detections or SIEM suggests security,

discussing search or vector workloads suggests elasticsearch). Always present the inferred type to the user and ask

for confirmation before proceeding. If context is insufficient to infer a type, ask the user to choose.

Product tiers

Observability and security projects support a --product-tier flag. Default to complete unless the user explicitly

requests a different tier.

Project type

Tier

Description

observability

complete

Full observability suite (logs, metrics, traces, APM)

observability

logs_essentials

Log management only

security

complete

Full security suite (SIEM, cloud, endpoint)

security

essentials

Core SIEM only

Elasticsearch projects do not have a product tier — use --optimized-for instead.

Sensible defaults

Present these defaults to the user before creation. Ask if they want to use or change them:

Setting

Default

Region

gcp-us-central1

Project type must be confirmed with the user — do not assume a default. See "Project type inference" above.

Always use --optimized-for general_purpose unless the user explicitly requests vector. Do not proactively offer the

vector option.

If the user does not specify a name, ask for one — it is required.

Workflow: Create a project

Project Creation:

- [ ] Step 1: Verify API key is set

- [ ] Step 2: Present defaults and confirm with user

- [ ] Step 3: List available regions (optional)

- [ ] Step 4: Create the project

- [ ] Step 5: Save credentials and endpoints

- [ ] Step 6: Wait for project to initialize

- [ ] Step 7: Set environment variables

- [ ] Step 8: Recommend creating a scoped API key

Step 1: Verify API key is set

echo "${EC_API_KEY:?Not set}"

If EC_API_KEY is not set, run the cloud-setup skill first to configure authentication and defaults.

Step 2: Present summary and confirm with user

Before presenting the summary, ensure the project type has been explicitly confirmed by the user. If no type was

specified, infer one from the conversation context and propose it. If the context is ambiguous, ask the user to choose

from elasticsearch, observability, or security.

Always show a confirmation summary before creating. Include different fields depending on project type:

Elasticsearch project:

Project Summary:

  Type:          elasticsearch

  Name:          my-project

  Region:        gcp-us-central1

Observability project:

Project Summary:

  Type:          observability

  Name:          my-project

  Region:        gcp-us-central1

  Product tier:  complete

Security project:

Project Summary:

  Type:          security

  Name:          my-project

  Region:        gcp-us-central1

  Product tier:  complete

Ask the user to confirm or override any values before proceeding.

Step 3: List available regions (optional)

python3 skills/cloud/create-project/scripts/create-project.py list-regions

The output is grouped by cloud provider (AWS, Azure, GCP) and sorted alphabetically. Regions marked with * do not

support project creation.

Step 4: Create the project

python3 skills/cloud/create-project/scripts/create-project.py create \

  --type elasticsearch \

  --name "my-project" \

  --region gcp-us-central1 \

  --optimized-for general_purpose \

  --wait

Always pass --optimized-for general_purpose for Elasticsearch projects. Only use vector if the user explicitly

requests it.

For observability and security projects, pass --product-tier complete unless the user explicitly requests a different

tier.

Always pass --wait so the script automatically polls until the project is ready.

Step 5: Save credentials and endpoints

The script automatically writes credentials to .elastic-credentials in the working directory. The password is redacted

from the JSON output on stdout.

If saving succeeds, tell the user:

Credentials saved to .elastic-credentials — open that file to retrieve your password.

Do not read, cat, or display the contents of .elastic-credentials in chat.

If saving fails, the script prints an error to stderr. Check whether .elastic-credentials exists and contains a

password (a partial write is possible). If the password is missing or the file does not exist, immediately run the

cloud-manage-project skill's reset-credentials command to generate a new password.

The creation response also contains:

  • Project ID — needed for all subsequent operations
  • Cloud ID — for client libraries
  • Elasticsearch and Kibana endpoints — safe to display in chat

The admin credentials are for initial bootstrap only. Recommend creating a scoped API key for ongoing access (Step 8).

Step 6: Wait for project to initialize

When --wait is passed (recommended), the script polls automatically until the project phase becomes initialized. No

manual polling is needed.

If the agent ran without --wait, poll manually:

python3 skills/cloud/create-project/scripts/create-project.py status \

  --type elasticsearch \

  --id <project-id>

Repeat until phase changes from initializing to initialized.

Step 7: Set environment variables

The creation script saves credentials and endpoints to .elastic-credentials with the project name in the header. Load

them into the current shell **with --include-admin** so admin credentials are available for API key creation in Step

8:

eval $(python3 skills/cloud/manage-project/scripts/manage-project.py load-credentials \

  --name "<project-name>" --include-admin)

This sets ELASTICSEARCH_URL, KIBANA_URL, any project-type specific endpoints (APM_URL, INGEST_URL), and the

admin ELASTICSEARCH_USERNAME/ELASTICSEARCH_PASSWORD needed to bootstrap an API key.

Step 8: Create a scoped API key

The admin user has full privileges and cannot be modified in serverless projects. **Do not proceed with Elasticsearch

operations using admin credentials.** Create a scoped Elasticsearch API key with only the permissions the user needs.

If the elasticsearch-authn skill is available, use it for API key creation — it covers the full lifecycle (create,

grant, invalidate, query) and handles scoping privileges correctly. If the skill is not installed, ask the user to

either install it or create the API key manually through Kibana > Stack Management > API keys. After creation, save

the API key to .elastic-credentials using the project-specific header format (see manage-project skill's "Credential

file format" section), then reload **without --include-admin** to drop admin credentials from the environment:

eval $(python3 skills/cloud/manage-project/scripts/manage-project.py load-credentials \

  --name "<project-name>")

Examples

Create an Elasticsearch project with defaults

python3 skills/cloud/create-project/scripts/create-project.py create \

  --type elasticsearch \

  --name "my-search-project" \

  --region gcp-us-central1 \

  --optimized-for general_purpose \

  --wait

Create an observability project

python3 skills/cloud/create-project/scripts/create-project.py create \

  --type observability \

  --name "prod-o11y" \

  --region aws-eu-west-1 \

  --product-tier complete \

  --wait

Create a security project

python3 skills/cloud/create-project/scripts/create-project.py create \

  --type security \

  --name "siem-prod" \

  --region gcp-us-central1 \

  --product-tier complete \

  --wait

Guidelines

  • Run the cloud-setup skill first if EC_API_KEY is not set.
  • Always confirm the project configuration with the user before creating.
  • Never display passwords or API keys in chat. Direct the user to .elastic-credentials.
  • Never silently default to a project type. Infer from context and confirm with the user.
  • Default to general_purpose optimization. Only use vector if the user explicitly requests it.
  • Default to complete product tier for observability and security projects. Only use logs_essentials or essentials

if the user explicitly requests it.

  • Always pass --wait so the script polls until the project is ready.
  • If credential saving fails, immediately reset credentials using the cloud-manage-project skill.
  • After creation, recommend creating a scoped API key instead of relying on admin credentials.
  • Region cannot be changed after creation — confirm the choice before proceeding.

Script reference

Command

Description

create

Create a new serverless project

status

Get project initialization status

list-regions

List available regions

Flag

Commands

Description

--type

create, status

Project type: elasticsearch, observability, security

--name

create

Project name (required)

--region

create

Region ID (default: gcp-us-central1)

--id

status

Project ID

--optimized-for

create

Elasticsearch subtype: general_purpose or vector

--product-tier

create

Observability/security tier (see "Product tiers" section)

--wait

create

Poll until project is initialized before exiting

Environment variables

Variable

Required

Description

EC_API_KEY

Yes

Elastic Cloud API key

EC_BASE_URL

No

Cloud API base URL (default: https://api.elastic-cloud.com)

ELASTICSEARCH_URL

Output

Elasticsearch URL (loaded via load-credentials after creation)

KIBANA_URL

Output

Kibana URL (loaded via load-credentials after creation)

APM_URL

Output

APM endpoint (observability projects only)

INGEST_URL

Output

OTLP ingest endpoint (observability and security projects)

ELASTICSEARCH_API_KEY

Output

Elasticsearch API key (created in Step 8, loaded via load-credentials)

Additional resources

  • For full API details, request/response schemas, and project-type options, see

references/api-reference.md

BrowserAct

Let your agent run on any real-world website

Bypass CAPTCHA & anti-bot for free. Start local, scale to cloud.

Explore BrowserAct Skills →

Related skills

find-skills
2/3

Discover and install specialized agent skills from the open ecosystem when users need extended capabilities. Helps identify relevant skills by domain and task when users ask "how do I do X" or "find a skill for X" Integrates with the Skills CLI ( npx skills find , npx skills add ) to search, verify, and install packages from the skills.sh directory Recommends skills based on install count, source reputation, and GitHub stars to ensure quality before suggesting installation Presents skill options with install commands and links to skills.sh for user review and one-click installation

Verified authorvercel-labs
SKILLS.SH
1.5M19.6K
2026-05-22
vercel-react-best-practices
3/3

React and Next.js performance optimization guide with 64 prioritized rules across 8 categories. Organized by impact level, from critical waterfalls and bundle optimization down to advanced patterns, each rule includes incorrect/correct code examples and explanations Covers eight domains: async patterns, bundle size, server-side caching, client-side data fetching, re-render optimization, rendering performance, JavaScript efficiency, and advanced patterns Designed for use during component writing, code review, refactoring, and performance audits on React and Next.js applications Each rule has a prefix code (e.g., async-parallel , bundle-barrel-imports ) for easy reference in automated tooling and documentation

Verified authorvercel-labs
SKILLS.SH
389K26.9K
2026-05-22
azure-validate
2/3

Pre-deployment validation for Azure infrastructure, configuration, and permissions before deployment. Requires .azure/plan.md from a prior azure-prepare run; stops immediately if the plan is missing Executes recipe-specific validation commands (azd provision, bicep build, terraform validate) and records proof in the plan document Performs build verification, configuration checks, and permission validation; blocks deployment if any check fails Only authorized method to set plan status to Validated ; must be followed by azure-deploy skill to execute the actual deployment

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22
appinsights-instrumentation
3/3

Guidance and reference material for instrumenting webapps with Azure Application Insights. Covers SDK setup, telemetry patterns, and configuration for ASP.NET Core and Node.js applications hosted in Azure Distinguishes between this skill (reference and guidance) and azure-prepare (actual implementation); invoke azure-prepare when the user wants to add instrumentation to their project Provides auto-instrumentation guidance for C# ASP.NET Core apps in Azure App Service, plus manual instrumentation paths for creating App Insights resources via Bicep templates or Azure CLI Includes language-specific code modification guides for ASP.NET Core, Node.js, and Python, plus quick references for OpenTelemetry SDKs and exporters

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22

Stop writing automation&scrapers

Install the CLI. Run your first Skill in 30 seconds. Scale when you're ready.

Start free
free · no credit card