How to move API key to different account

BevOps · November 7, 2018, 11:00pm

Some of my users created API Keys using their own personal accounts instead of the Service accounts. Now that we are locking down permissions, those users lack adequate permissions. Additionally if any of them leave the company and we close their account, things will obviously break.

Is there a way to move an API Key to a different account? This would make things much, much easier on my end. Rather than tracking down all these application settings, I could simply identify which users created their own keys, and then move those api keys to the service account.

Thank you.

Michael_Noonan · November 7, 2018, 11:39pm

Hi,

Thanks for getting in touch! We don’t have first-class support for moving API keys around, only for creating and revoking them. Typically you would follow a process like this:

Create a new API key for the correct Service Account with a helpful purpose
Change you external service to use the new API key
Revoke the old API key

If you really feel moving the API key is your best option, you could do this in the SQL Database directly however this activity will not be audited. You would change the UserId for the appropriate API Key(s) to the Service User account’s Id.

Hope that helps!
Mike

BevOps · November 8, 2018, 2:27pm

Thanks Michael, this was exactly what I was looking for. Very much appreciate you outlining both methods for doing this.

I think my team is leaning towards just creating new key’s due to security/auditing.

Michael_Noonan · November 8, 2018, 11:07pm

Hi! I agree, that will be the best long-term option.

All the best, and hope it goes smoothly!

Mike