API key lifespan

antonstam
antonstam Partner, Registered Posts: 25 Partner

We are looking to impose restrictions on the lifespan of personal API keys for the Dataiku API. Is it possible to limit the lifespan of API keys somewhere in the settings? Alternatively, is it possible to globally delete all API keys through a Python script?

Best Answer

  • Clément_Stenac
    Clément_Stenac Dataiker, Dataiku DSS Core Designer, Registered Posts: 753 Dataiker
    Answer ✓

    Hi,

    It is not possible to limit the lifespan of personal API keys.

    There are currently no official APIs for manipulating personal API keys. However, you can modify the "config/personal-apikeys.json" file in order to delete API keys, using Python code.

    Do not delete this file, only use Python code to modify the "keys" array inside it.

Answers

  • antonstam
    antonstam Partner, Registered Posts: 25 Partner

    As a follow up question, is it possible at all to disable the project-level API keys? Our audits require all access to go via personal accounts and the project API keys appear to circumvent that principle.

  • Clément_Stenac
    Clément_Stenac Dataiker, Dataiku DSS Core Designer, Registered Posts: 753 Dataiker

    Hi,

    It is not possible to disable project-level keys. However, you can have a simple script that periodically scans config/projects/XXX/apikeys.json files and removes them.

    Please note that this would prevent the "client-side access to datasets" from working in webapps, since these rely on automatically-generated project API keys. You would need to use server-side dataset access for everything.

Setup Info
    Tags
      Help me…