Access Keys

Access keys authenticate API requests from CI/CD pipelines, the CLI tool, and external systems. Each key is scoped to your organisation and can be created, rotated, and revoked from the dashboard.

Key management

The access keys page displays every key in your organisation with the information needed to manage its lifecycle:

Key name and description

A human-readable label and purpose for each key, making it easy to identify which pipeline or service uses it.

Status

Whether the key is Active, Expired, or Revoked — with colour-coded badges for quick scanning.

Usage metrics

When the key was last used, helping identify unused.

Expiration and rate limit

When the key expires enforcing both time-bound controls.

Rotation and revocation

Keys can be rotated at any time. Rotation generates a new key value while preserving the key's name, permissions, and configuration — giving you a transition window to update your pipelines without downtime.

Revoking a key immediately invalidates it. Revoked keys remain visible in the dashboard for audit purposes but can no longer authenticate requests. Keys can also be permanently deleted when no longer needed.