API keys

Reading time: 0 minute(s) (0 words)

API keys in Nobl9 are system, organization-wide access keys intended for accessing Nobl9 resources and functionality without the user identity involvement. Use them to authenticate programmatic requests made with:

• sloctl
• Nobl9 API
• Nobl9 Terraform provider
• Nobl9 SDK for Go

Managing API keys

API keys are accessible for users with the Organization Admin role.

To access the API keys list in the Nobl9 Web application, go to the Settings > API keys tab.

To create a key:

1. Click Create API key.

2. Enter the display name for the new key.
   Maximum length is 253 characters

3. (Optional) Add a Description to help you identify the key later.

4. Click Create.
   Your key is now created and active

5. Copy the Client secret or download the configuration TOML.

   Client secret one-time display

   The Client Secret is only displayed once. Ensure you save it or the configuration TOML before closing the window. Store these credentials or the configuration TOML securely.

A newly created API key is already active and has no role and no access to any resource.

You can view and manage API keys—edit their display name and description, delete, or deactivate—right from the list of API keys and under the key details.

To define the scope for the API key, first assign it an organization role. For this, do the following:

1. Go the API key details > the Organization roles tab.
2. Select the required role in the organization role menu.

Under the Projects & roles tab, you can assign project roles to the API key. Project roles can also be assigned on a project details page, under the API keys tab.

Any logged actions performed by API keys, like creating resources, generating annotations, or triggering Replay, feature the API key suffix and show the key's display name for actor identification purposes.

To restrict an API key activity, you can deactivate or delete it. Both options are available in the API keys list and the details page of every key.

Consider the following:

• A deactivated key is inactive but still counts toward the organization API keys limit
  You can activate such a key at any time to resume its scope access
• Deleting a key is permanent and cannot be undone
  Any applications of scripts using a disabled or deleted key will fail

API key defaults

• The limit per organization is 100 API keys, including any inactive keys
• There's no default validity period for API keys—by default, API keys never expire

However, you can request to change these defaults. For this, contact Nobl9 Support.

If you request an automatic expiration policy to enforce key rotation, consider the following:

• This setting applies to all newly created keys
• It does not affect keys that already exist. To enforce the policy on all keys, manually delete and recreate any keys that were generated before the policy was enabled.

When a key expires, any requests signed with it will fail. Ensure you rotate your keys before they expire to maintain a seamless operation.

Useful links

Check out these related guides and references:

sloctl user guideSLOs as codeNobl9 APIsAPI reference