diff --git a/x-pack/plugins/security/server/routes/api_keys/get.test.ts b/x-pack/plugins/security/server/routes/api_keys/get.test.ts
index 3e5d18312b79b..1571888cf3737 100644
--- a/x-pack/plugins/security/server/routes/api_keys/get.test.ts
+++ b/x-pack/plugins/security/server/routes/api_keys/get.test.ts
@@ -65,8 +65,44 @@ describe('Get API Keys route', () => {
     );
 
     expect(response.status).toBe(200);
-    expect(response.payload.apiKeys).toContainEqual({ id: '123', invalidated: false });
-    expect(response.payload.apiKeys).not.toContainEqual({ id: '456', invalidated: true });
+    expect(response.payload.apiKeys).toContainEqual({ id: '123', name: '', invalidated: false });
+    expect(response.payload.apiKeys).not.toContainEqual({ id: '456', name: '', invalidated: true });
+  });
+
+  it('should substitute an empty string for keys with `null` names', async () => {
+    esClientMock.asCurrentUser.security.getApiKey.mockRestore();
+    esClientMock.asCurrentUser.security.getApiKey.mockResponse({
+      api_keys: [
+        { id: 'with_name', name: 'foo', invalidated: false },
+        { id: 'undefined_name', invalidated: false },
+        { id: 'null_name', name: null, invalidated: false },
+      ],
+    } as any);
+
+    const response = await routeHandler(
+      mockContext,
+      httpServerMock.createKibanaRequest(),
+      kibanaResponseFactory
+    );
+
+    expect(response.status).toBe(200);
+    expect(response.payload.apiKeys).toEqual([
+      {
+        id: 'with_name',
+        name: 'foo',
+        invalidated: false,
+      },
+      {
+        id: 'undefined_name',
+        name: '',
+        invalidated: false,
+      },
+      {
+        id: 'null_name',
+        name: '',
+        invalidated: false,
+      },
+    ]);
   });
 
   it('should return `404` if API keys are disabled', async () => {
diff --git a/x-pack/plugins/security/server/routes/api_keys/get.ts b/x-pack/plugins/security/server/routes/api_keys/get.ts
index 47eb9274ab6b7..26f92e0a911ae 100644
--- a/x-pack/plugins/security/server/routes/api_keys/get.ts
+++ b/x-pack/plugins/security/server/routes/api_keys/get.ts
@@ -66,7 +66,14 @@ export function defineGetApiKeysRoutes({
           owner: !clusterPrivileges.manage_api_key && !clusterPrivileges.read_security,
         });
 
-        const validKeys = apiResponse.api_keys.filter(({ invalidated }) => !invalidated);
+        const validKeys = apiResponse.api_keys
+          .filter(({ invalidated }) => !invalidated)
+          .map((key) => {
+            if (!key.name) {
+              key.name = '';
+            }
+            return key;
+          });
 
         return response.ok<GetAPIKeysResult>({
           body: {