Access Keys

Access keys authenticate API requests from CI/CD pipelines, the CLI tool, and external systems. Each key is scoped to your organization and can be created, rotated, and revoked from the dashboard.

Key management

The access keys page displays every key in your organization with the information needed to manage its lifecycle:

Key name and description

A human-readable label and purpose for each key, making it easy to identify which pipeline or service uses it.

Status

Whether the key is Active, Expired, or Revoked - with color-coded badges for quick scanning.

Usage metrics

When the key was last used, so you can identify keys that are no longer in use.

Expiration and rate limit

The key's expiration date and request rate limit, giving you both time-bound and volume-bound controls.

Rotation and revocation

Keys can be rotated at any time. Rotation generates a new key value while preserving the key's name, permissions, and configuration - giving you a transition window to update your pipelines without downtime.

Revoking a key immediately invalidates it. Revoked keys remain visible in the dashboard for audit purposes but can no longer authenticate requests. Keys can also be permanently deleted when no longer needed.