accessing personal API keys with python

Options
MRvLuijpen
MRvLuijpen Partner, L2 Admin, L2 Designer, Dataiku DSS Core Designer, Dataiku DSS & SQL, Dataiku DSS ML Practitioner, Dataiku DSS Core Concepts, Neuron 2020, Neuron, Dataiku DSS Adv Designer, Registered, Dataiku DSS Developer, Neuron 2021, Neuron 2022, Frontrunner 2022 Finalist, Frontrunner 2022 Winner, Frontrunner 2022 Participant, Neuron 2023 Posts: 107 Neuron

Hi community,

I was wondering if it is possible for the administrator to periodically remove all personal API keys.

In the documentation, I did find that it's possible to create personal API keys, but no function to reference or delete them.

https://doc.dataiku.com/dss/latest/python-api/client.html?highlight=personal%20key#dataikuapi.DSSClient.create_personal_api_key

Answers

  • Liev
    Liev Dataiker Alumni Posts: 176 ✭✭✭✭✭✭✭✭
    Options

    Hi @MRvLuijpen

    It would be good to understand a little the requirements behind this since these are user credentials and users can either regenerate such keys at any time.

    This would help us in understanding the need for such functionality and highlight to the product team.

  • MRvLuijpen
    MRvLuijpen Partner, L2 Admin, L2 Designer, Dataiku DSS Core Designer, Dataiku DSS & SQL, Dataiku DSS ML Practitioner, Dataiku DSS Core Concepts, Neuron 2020, Neuron, Dataiku DSS Adv Designer, Registered, Dataiku DSS Developer, Neuron 2021, Neuron 2022, Frontrunner 2022 Finalist, Frontrunner 2022 Winner, Frontrunner 2022 Participant, Neuron 2023 Posts: 107 Neuron
    Options

    My collegue @antonstam
    also asked this question yesterday. (https://community.dataiku.com/t5/Setup-Configuration/API-key-lifespan/m-p/7147).

    Because of security reasons we don't want users to generate personal API keys which last forever. We would like to limit the existence of these kinds of keys for just a few days.

  • ATsao
    ATsao Dataiker Alumni, Registered Posts: 139 ✭✭✭✭✭✭✭✭
    Options

    Hi MRvLuijpen,

    Unfortunately, as you have pointed out, it's not possible to delete personal API keys programmatically right now via the python API (as only the "create_personal_api_key" method exists currently). If you wish to do this using python code, our recommendation remains the same from the other thread. You would need to write your own custom code or script to modify the config/personal-apikeys.json file directly.

    As an aside, the ability to add expiration to personal API keys is an existing enhancement request that's already been captured and undergoing review in our backlog.

    Best,

    Andrew

  • pvannies
    pvannies Partner, Dataiku DSS Core Designer, Dataiku DSS ML Practitioner, Dataiku DSS Core Concepts, Neuron, Dataiku DSS Adv Designer, Neuron 2022, Frontrunner 2022 Finalist, Frontrunner 2022 Winner, Frontrunner 2022 Participant, Neuron 2023 Posts: 16 Neuron
    Options

    Hi @ATsao
    @Liev
    , just interested in an update:
    is the ability to add expiration to personal API keys or to delete them via the Python API as an administrator still on the backlog? Will it be available in one of the upcoming releases?

  • Liev
    Liev Dataiker Alumni Posts: 176 ✭✭✭✭✭✭✭✭
    Options

    Hi Pauline,


    I'm afraid this is not active in public API yet. I've reiterated to the product backlog again.

    Thank you!

Setup Info
    Tags
      Help me…