Secret Keys
Organization-scoped API keys for programmatic access to the Sazabi API.
Secret keys provide full API access to Sazabi. They are organization-scoped and must be kept confidential.
Overview
Secret keys provide full API access and should be protected:
- Organization-scoped: They have access to all projects in the organization.
- Full access: They can read data, manage configuration, and perform administrative actions.
- Confidential: Never commit secret keys to version control or expose them in client-side code.
Secret keys have the prefix sazabi_secret_ followed by a unique identifier.
Creating secret keys
Go to API Keys settings
Navigate to Settings in the left sidebar, then click API Keys.
Select Secret Keys
Click the Secret Keys tab.
Create key
Click Create key.
Name the key
Enter a descriptive name for the key (e.g., "ci-cd-access", "terraform-automation").
Copy the key
Copy the key immediately. It is only shown once and cannot be retrieved later.
Copy your key immediately after creation. For security reasons, the full key is only displayed once. If you lose it, you must create a new key.
Using secret keys
Secret keys are used for programmatic API access and CLI authentication.
CLI authentication
Configure the Sazabi CLI with your secret key:
sazabi auth login --key sazabi_secret_abc123def456Or set the environment variable:
export SAZABI_SECRET_KEY=sazabi_secret_abc123def456
sazabi logs query "level:error"API requests
Pass the secret key in the Authorization header:
curl -X GET https://api.sazabi.com/v1/projects \
-H "Authorization: Bearer sazabi_secret_abc123def456"SDK configuration
import { SazabiAdmin } from "@sazabi/sdk";
const admin = new SazabiAdmin({
secretKey: "sazabi_secret_abc123def456",
});Revoking secret keys
To revoke a secret key:
Go to API Keys settings
Navigate to Settings in the left sidebar, then click API Keys.
Find the key
Locate the key you want to revoke in the Secret Keys tab.
Revoke
Click the menu icon (...) next to the key and select Revoke.
Confirm
Confirm the revocation. This action takes effect immediately and cannot be undone.
Revocation is immediate. Any applications or CI/CD pipelines using the revoked key will stop working instantly. Make sure you have updated all systems before revoking a key.
Security best practices
Secret keys require extra care because they provide full access to your organization:
- Never commit to version control: Use environment variables or secret management tools (AWS Secrets Manager, HashiCorp Vault, etc.).
- Never expose in client-side code: Secret keys should only be used in server-side code and CI/CD pipelines.
- Use separate keys for different purposes: Create dedicated keys for CI/CD, automation scripts, and local development.
- Rotate immediately if compromised: If you suspect a key has been exposed, rotate it immediately.
- Audit key usage: Review which keys are being used and revoke any that are no longer needed.
# Store in environment, never in code
export SAZABI_SECRET_KEY=sazabi_secret_abc123def456
# Use a secret manager in production
aws secretsmanager get-secret-value --secret-id sazabi/secret-keyCommon use cases
| Use case | Recommendation |
|---|---|
| CI/CD pipelines | Create a dedicated key named after the pipeline |
| Terraform/IaC | Use a separate key for infrastructure automation |
| Local development | Use a personal key that can be easily revoked |
| Server applications | Use environment variables, never hardcode |