Access Keys Management
The Access Keys Management page allows workspace administrators to manage API keys and access credentials for workspace integrations and external services.
Overview
Access Access Keys Management by opening your project settings and selecting "Access Keys" from the Workspace section.
Admin Only: This feature is only available to users with administrator or owner privileges. Non-admin users will see an "Access Denied" message when attempting to access this section.
What Are Access Keys?
Access keys are workspace-level API credentials used to authenticate and authorize your workspace's integrations with external services and platforms. Unlike project-level secrets, access keys:
Apply at the workspace level, not individual projects
Are managed by workspace administrators
Are used for platform-wide integrations (e.g. invoking public API's of the Stage5 platform)
Authenticate API requests to your workspace
Key Differences: Access Keys vs. Secrets
Scope
Workspace-wide
Project-specific
Access
Admins and owners only
Project members
Purpose
Integrating with the Stage5 platform
Application configuration
Location
Workspace settings
Project settings
Accessing Access Keys Management
You can access this feature if you have administrator or owner permissions.
If You Don't Have Access
Non-admin users will see:
To gain access, contact your workspace administrator or owner.
Managing Access Keys
The exact features available in the Access Keys widget depend on your workspace configuration and subscription plan. Common features include:
Creating Access Keys
Generate new API keys for workspace integrations
Set expiration dates for enhanced security
Add descriptions to identify key purposes
Configure permissions and scopes
Viewing Access Keys
List all active access keys
View key metadata (creation date, last used, etc.)
Monitor key usage statistics
Check key status and expiration
Rotating Access Keys
Generate replacement keys
Implement zero-downtime key rotation
Track rotation history
Set up automatic rotation schedules
Revoking Access Keys
Immediately invalidate compromised keys
Remove unused or expired keys
Audit key revocation history
Security Best Practices
Principle of Least Privilege: Create keys with only the permissions needed for their specific purpose
Regular Rotation: Rotate access keys periodically (e.g., every 90 days)
Immediate Revocation: Revoke keys immediately if compromised or no longer needed
Secure Storage: Never commit access keys to version control or share them in unsecured channels
Set Expiration: Always set expiration dates for access keys
Document Purpose: Clearly document what each key is used for
Limit Admin Access: Only grant admin privileges to users who truly need to manage access keys
Troubleshooting
"Access Denied" Error
You need administrator or owner privileges. Contact your workspace admin to request access.
Access Key Not Working
Verify the key hasn't expired
Check that the key has the correct permissions/scopes
Ensure the key hasn't been revoked
Confirm you're using the correct authentication format
Check for typos in the key value
Verify that the key is not cut
If quoted, verify that it is quoted from both sides.
Widget Not Loading
Check your internet connection
Ensure you're using a supported browser
Disable browser extensions that might block the widget
Clear your browser cache and refresh
Contact support if the issue persists
Key Rotation Issues
Ensure both old and new keys are active during transition
Update all services to use the new key before revoking the old one
Test the new key thoroughly before full deployment
Keep the old key active for a grace period (e.g., 24-48 hours)
Related Documentation
Last updated