Skip to main content

User access keys

Reading time: 0 minute(s) (0 words)

User access keys in Nobl9 are used to authenticate programmatic requests, such as those made with sloctl or the Nobl9 API.

Path Deprecation Notice

We are phasing out the old term Access keys in favor of User access keys for better clarity. As part of this, we are replacing the /settings/keys path with /settings/user-access-keys.

The old path will redirect to the new one and is planned to be phased out in March 2026.

Managing user access keys​

You can manage all your keys from the Settings > User access keys tab in the Nobl9 web application. Each user can have a maximum of two access keys at a time, including any disabled (inactive) keys.

To create a key:

  1. Go to Settings > User access keys and click Create user access key.

  2. (Optional) Add a Description to help you identify the key later.

  3. Securely store the Client ID and Client Secret.

    Client secret one-time display

    The Client Secret is only displayed once. Ensure you save it or configure sloctl before closing the window.

  4. Click OK. Your key is now created and active.

You can temporarily disable a key to suspend requests made with it or delete it completely. For this:

  1. Go to Settings > User access keys.
  2. Locate the key you want to manage.
  3. Select the required optionβ€”Disable or Delete.

Key points:

  • A disabled key is inactive but still counts toward your two-key limit.
  • Deleting a key is permanent and cannot be undone.
  • Any applications of scripts using a disabled or deleted key will fail.
  • You can enable a disabled key at any time to resume authenticating with it.

Key expiration​

By default, user access keys in Nobl9 do not expire. However, you can request to have an automatic expiration policy enabled for your organization to enforce key rotation.

  • This setting applies to all newly created keys within your organization.
  • It does not affect keys that already exist. To enforce the policy on all keys, you must manually delete and recreate any keys that were generated before the policy was enabled.

When a key expires, any requests signed with it will fail. Ensure you rotate your keys before they expire to maintain a seamless operation.

Check out these related guides and references:
sloctl user guideSLOs as codeNobl9 APIsAPI reference
Last updated on
On this page