Rotate API Key
-
- 13
Rotate API Key
Rotate Vultr user API keys with admin access to maintain security and avoid downtime.
Regularly rotating API keys is a critical security practice that reduces the risk of unauthorized access. A safe rotation process ensures your workloads keep running without downtime while you replace old keys with new ones.
This guide covers managing API Keys for other users. You must have root or administrator account credentials in Vultr to perform these actions.
Follow this guide to rotate a specific user’s API key using the Vultr Customer Portal or the Vultr API.
Vultr Customer Portal
- Navigate to Account and select Users under OTHER.
- Select the user from the list and click the Edit User icon.
- In User Access Tokens section, enter a Name, choose an API key Expiry option, and set the Expiry On date.
- Click Add Key to create the new API key.
- Update your applications, scripts, and automation to use the new API key.
- After you confirm that workloads authenticate with the new key, delete the old key in User Access Tokens section.
Vultr API
- Send a
GETrequest to the Get Users endpoint to list all users.console$ curl "https://api.vultr.com/v2/users" \ -X GET \ -H "Authorization: Bearer ${VULTR_API_KEY}"
Note the
idof the user whose API key you want to rotate. - Send a
POSTrequest to the Create User API Key endpoint to generate a new key for that user.console$ curl "https://api.vultr.com/v2/users/{user-id}/apikeys" \ -X POST \ -H "Authorization: Bearer ${VULTR_API_KEY}" \ -H "Content-Type: application/json" \ --data '{ "name": "<api-key-name>", "expire": true, "date_expire": "2030-01-01T00:00:00Z" }'
The response includes the new API key in plain text. Copy and store it securely, as this is the only time you can view it.
- Update your applications, scripts, and automation to use the new API key, then validate that they work correctly.
- Send a
GETrequest to the List User API Keys endpoint to view all keys for the user.console$ curl "https://api.vultr.com/v2/users/{user-id}/apikeys" \ -X GET \ -H "Authorization: Bearer ${VULTR_API_KEY}"
Identify the
idof the old API key you want to remove. - Send a
DELETErequest to the Delete User API Key endpoint to delete the old key.console$ curl "https://api.vultr.com/v2/users/{user-id}/apikeys/{apikey-id}" \ -X DELETE \ -H "Authorization: Bearer ${VULTR_API_KEY}"
The response returns
204 No Contentto confirm successful deletion. - Send another
GETrequest to the List User API Keys endpoint to verify that the old key no longer appears in the response.console$ curl "https://api.vultr.com/v2/users/{user-id}/apikeys" \ -X GET \ -H "Authorization: Bearer ${VULTR_API_KEY}"
Rotate API Key Rotate Vultr user API keys with admin access to maintain security and avoid downtime. Regularly rotating API keys is a critical security practice that reduces the risk of unauthorized access. A safe rotation process ensures your workloads keep running without downtime while you replace old keys with…
Rotate API Key Rotate Vultr user API keys with admin access to maintain security and avoid downtime. Regularly rotating API keys is a critical security practice that reduces the risk of unauthorized access. A safe rotation process ensures your workloads keep running without downtime while you replace old keys with…