Appearance
API Keys
API keys allow programmatic access to Rotadeck without using a user account. Each key is assigned one or more roles that determine what it can do.
Creating an API Key
Navigate to API Keys from the sidebar
Click Add API Key
Select one or more roles to assign to the key
Click Create
The secret is displayed once immediately after creation. Copy and store it securely — it cannot be retrieved again. If you lose it, delete the key and create a new one.
Assigning Roles
API keys use the same role system as users. Assign only the roles the key needs:
- Reader — read-only access across all resources
- Editor — create and update access (no deletes)
- Admin — full access
You can also assign custom roles. See Users for role details.
Listing API Keys
Navigate to API Keys from the sidebar to see all keys for your account. The list shows each key's ID, assigned roles, and creation date. Secrets are never shown after creation.
Updating a Key's Roles
Navigate to API Keys from the sidebar
Click on the key
Update the assigned roles
Click Save
Revoking an API Key
Navigate to API Keys from the sidebar
Select the key
Click Delete
Confirm deletion
Revoked keys are immediately invalid.
Limitations
API keys cannot be used to manage other API keys. Creating, updating, or revoking API key management requires authentication as a user account.
Security Best Practices
- Store secrets in environment variables or a secrets manager, never in source code
- Use the minimum roles necessary for each key's purpose
- Rotate keys periodically
- Revoke keys immediately when no longer needed or if compromised