We are looking to impose restrictions on the lifespan of personal API keys for the Dataiku API. Is it possible to limit the lifespan of API keys somewhere in the settings? Alternatively, is it possible to globally delete all API keys through a Python script?
It is not possible to limit the lifespan of personal API keys.
There are currently no official APIs for manipulating personal API keys. However, you can modify the "config/personal-apikeys.json" file in order to delete API keys, using Python code.
Do not delete this file, only use Python code to modify the "keys" array inside it.
As a follow up question, is it possible at all to disable the project-level API keys? Our audits require all access to go via personal accounts and the project API keys appear to circumvent that principle.
It is not possible to disable project-level keys. However, you can have a simple script that periodically scans config/projects/XXX/apikeys.json files and removes them.
Please note that this would prevent the "client-side access to datasets" from working in webapps, since these rely on automatically-generated project API keys. You would need to use server-side dataset access for everything.