The Signals indices, as well as the Search Guard security index, may contain sensitive data, that’s why they are protected. The easiest way to use the ES snapshot API and to backup and restore protected indices is to use the TLS admin certificate that you would also use for sgadmin for example. If your Elasticsearch API call contains the admin cert, you have basically full access to your cluster. Think like the admin cert is a root user.