accessing personal API keys with python

MRvLuijpen
MRvLuijpen Partner, L2 Admin, L2 Designer, Dataiku DSS Core Designer, Dataiku DSS & SQL, Dataiku DSS ML Practitioner, Dataiku DSS Core Concepts, Neuron 2020, Neuron, Dataiku DSS Adv Designer, Registered, Dataiku DSS Developer, Neuron 2021, Neuron 2022, Frontrunner 2022 Finalist, Frontrunner 2022 Winner, Frontrunner 2022 Participant, Neuron 2023 Posts: 107 Neuron
in Setup & Configuration

Hi community,

I was wondering if it is possible for the administrator to periodically remove all personal API keys.

In the documentation, I did find that it's possible to create personal API keys, but no function to reference or delete them.

https://doc.dataiku.com/dss/latest/python-api/client.html?highlight=personal%20key#dataikuapi.DSSClient.create_personal_api_key

· Share on FacebookShare on Twitter

Answers

  • Liev
    Liev Dataiker Alumni Posts: 176 ✭✭✭✭✭✭✭✭

    Hi @MRvLuijpen

    It would be good to understand a little the requirements behind this since these are user credentials and users can either regenerate such keys at any time.

    This would help us in understanding the need for such functionality and highlight to the product team.

    · Share on FacebookShare on Twitter
  • MRvLuijpen
    MRvLuijpen Partner, L2 Admin, L2 Designer, Dataiku DSS Core Designer, Dataiku DSS & SQL, Dataiku DSS ML Practitioner, Dataiku DSS Core Concepts, Neuron 2020, Neuron, Dataiku DSS Adv Designer, Registered, Dataiku DSS Developer, Neuron 2021, Neuron 2022, Frontrunner 2022 Finalist, Frontrunner 2022 Winner, Frontrunner 2022 Participant, Neuron 2023 Posts: 107 Neuron

    My collegue @antonstam
    also asked this question yesterday. (https://community.dataiku.com/t5/Setup-Configuration/API-key-lifespan/m-p/7147).

    Because of security reasons we don't want users to generate personal API keys which last forever. We would like to limit the existence of these kinds of keys for just a few days.

    · Share on FacebookShare on Twitter
  • ATsao
    ATsao Dataiker Alumni, Registered Posts: 139 ✭✭✭✭✭✭✭✭

    Hi MRvLuijpen,

    Unfortunately, as you have pointed out, it's not possible to delete personal API keys programmatically right now via the python API (as only the "create_personal_api_key" method exists currently). If you wish to do this using python code, our recommendation remains the same from the other thread. You would need to write your own custom code or script to modify the config/personal-apikeys.json file directly.

    As an aside, the ability to add expiration to personal API keys is an existing enhancement request that's already been captured and undergoing review in our backlog.

    Best,

    Andrew

    · Share on FacebookShare on Twitter
  • pvannies
    pvannies Partner, Dataiku DSS Core Designer, Dataiku DSS ML Practitioner, Dataiku DSS Core Concepts, Neuron, Dataiku DSS Adv Designer, Neuron 2022, Frontrunner 2022 Finalist, Frontrunner 2022 Winner, Frontrunner 2022 Participant, Neuron 2023 Posts: 16 Neuron

    Hi @ATsao
    @Liev
    , just interested in an update:
    is the ability to add expiration to personal API keys or to delete them via the Python API as an administrator still on the backlog? Will it be available in one of the upcoming releases?

    · Share on FacebookShare on Twitter
  • Liev
    Liev Dataiker Alumni Posts: 176 ✭✭✭✭✭✭✭✭

    Hi Pauline,


    I'm afraid this is not active in public API yet. I've reiterated to the product backlog again.

    Thank you!

    · Share on FacebookShare on Twitter
Bookmark this topic

Categories

Setup Info
    Tags
      Help me…