Overview
Vault offers a self-service feature that allows Admin users to generate API keys. API Keys authenticate HTTP API requests, enabling programmatic access to your Vault account and collections. This article outlines how to manage your API keys and provides instructions on generating new ones.
For more detailed information on the various functionalities of our API Library, please refer to the Vault API User Guide. For detailed technical information, refer to our Vault API documentation.
In this article:
Managing your API Keys
On the Vault Administration Page is an API Keys tab, where you will find everything you need as an account Admin to create and manage your API authentication keys.
As with other administration functionality in Vault, API key creation and management are for Admin-level users only (see Managing Your Users). On the API Keys tab, you will see a detailed table listing each API key associated with your account, including the creation date, the key owner, and the account permissions (or role) associated with that key. You can sort the table by clicking on any table column headings.
The API Keys tab on the Administration page in Vault.
The API key has the same permission level as its owner. ReadOnly users are not eligible to generate or use API keys. Please refer to Managing Your Users for more information on account role permissions.
API Key Security
Users should maintain best practices when using and storing their API keys. Please treat your keys as sensitive information and use appropriate precautions when storing, handling, and managing them.
- Avoid hard-coding your key into a script.
- Treat keys as highly sensitive credentials, and safeguard them like a password.
- Never share API keys with unauthorized users.
- Store your key in a password manager or purpose-built encrypted secret storage system.
- Delete unused keys. Periodically audit your keys and remove any that are no longer needed.
Creating an API Key
When logged into Vault, Admin role users may create API keys for their account users following these steps:
- Click the “+ Create API Key” button on the API Keys tab.
- Note: This feature is only available for users assigned the Admin role. If you need Admin access, please contact your account administrator or submit a help request.
- Add a descriptive name for your API key and select the owner from the drop-down menu.
- Reminder: The permission level of the owner’s role determines the permission level of the key you generate.
- Click the Generate Key button.
- A window with your secret API key will appear. Be sure to copy and securely store this key, as you cannot view it again after closing the window.
Deleting an API Key
Admin users may delete keys that are no longer needed by following these steps:
- From the API Keys tab, select the table rows corresponding to keys you wish to delete (use Command + click for multiple selections).
- Click the Remove button.
Comments
Please sign in to leave a comment.