Skip to main content
API keys enable programmatic access to the Kubiya platform. Use them for:
  • SDK authentication
  • CLI authentication
  • CI/CD integrations
  • Custom automation

Access

Navigate to Settings > API Keys or directly to /settings#apiKeys.

Managing API Keys

Creating a Key

  1. Click + Generate New Key
  2. Enter a descriptive name (e.g., “CI/CD Pipeline”, “Local Development”)
  3. Set an optional expiration date
  4. Click Generate
  5. Copy the key immediately - it won’t be shown again
API keys are shown only once upon creation. Store them securely in a password manager or secrets vault. If lost, you must revoke and create a new key.

Key Details

Each key displays:

Revoking a Key

  1. Find the key in the list
  2. Click the Revoke button
  3. Confirm revocation
Revoked keys stop working immediately. Any applications using them will receive authentication errors.

Using API Keys

SDK Authentication

CLI Authentication

Or pass directly:

HTTP Headers

For direct API calls:

Best Practices

Key Naming

Use descriptive names that identify:
  • Purpose: “CI/CD Pipeline”, “Monitoring Integration”
  • Environment: “Production Terraform”, “Development CLI”
  • Owner: “DevOps Team Key”, “John’s Local Dev”

Key Rotation

Rotate keys periodically:
  1. Create a new key with a similar name
  2. Update applications to use the new key
  3. Verify the new key works
  4. Revoke the old key

Scope and Permissions

API keys inherit the permissions of the user who created them. For limited-scope access:
  • Create keys from service accounts with restricted permissions
  • Use separate keys for different integration needs

Security

  • Never commit API keys to version control
  • Use environment variables or secrets managers
  • Set expiration dates for temporary access
  • Revoke keys when no longer needed
For CI/CD systems, use environment variables or secrets management:

Troubleshooting

”Invalid API Key” Error

  • Verify the key is copied correctly (no extra spaces)
  • Check if the key has been revoked
  • Confirm the key hasn’t expired
  • Ensure the key belongs to the correct control plane

”Unauthorized” Error

  • The key may lack permissions for the requested action
  • Check if your user account has the required permissions
  • Contact your administrator for permission changes