Creating Access Keys

The Access Key is a token that you must configure Sysdig agents to successfully forward data from your monitored environment to the Sysdig Monitor instance. If the access key is compromised or you have the policy to renew it, you can generate a new access key and disable the old one. This topic helps you to do so.

Creating an Access Key

To create an access key:

  1. Retrieve the Sysdig API token from the Sysdig Monitor UI.

    For more information, see Retrieve the Sysdig API Token.

  2. Issue a curl POST request against the Sysdig endpoint to generate a new access key:

    $ curl -XGET -H 'Authorization: Bearer API_TOKEN' https://<region>.app.sysdig.com/api/customers/accessKeys

    Replace the following:

    • API_TOKEN with the token you retrieved in step 1.

    • <region> with your Sysdig endpoint associated with your region.

    The output will provide the newly generated access key in the response.

    {
      "customerAccessKey": {
          "enabled": true,
          "accessKey": "87654321-1234-1234-1234-123456789012",
          "dateCreated": 2263852422114,
          "dateDisabled": null
      }
    }
    

    The access key can now be used in the Sysdig agent configuration files.

Viewing the Available Access Keys

To view all of the access keys for your Sysdig Monitor instance, do the following:

  1. Retrieve the API token from the Sysdig Monitor UI.

    For more information, see Retrieve the Sysdig API Token.

  2. Issue a curl GET request against the Sysdig Monitor endpoint to enable the given access key:

    $ curl -XGET -H 'Authorization: Bearer API_TOKEN' https://<region>.app.sysdig.com/api/customer/accessKeys

    Replace the following:

    • API_TOKEN with the token you retrieved in step 1.

    • <region> with your Sysdig endpoint associated with your region.

    The output will provide a list of the access keys in the response and indicates whether they are enabled.

    {
      "customerAccessKeys": [
          {
              "enabled": true,
              "accessKey": "12345678-1234-4321-1234-123456789000",
              "dateCreated": 5242096409000,
              "dateDisabled": null
          },
          {
              "enabled": false,
              "accessKey": "87654321-1234-1234-1234-123456789012",
              "dateCreated": 2553849361000,
              "dateDisabled": 2553849367000
          }
      ]
    }
    

Disabling an Access Key

To disable an existing access key for your Sysdig Monitor instance, do the following:

  1. Retrieve the API token from the Sysdig Monitor UI.

    For more information, see Retrieve the Sysdig API Token.

  2. Issue a curl POST request against the Sysdig Monitor endpoint to disable the given access key.

    $ curl -XPOST -H 'Authorization: Bearer API_TOKEN' https://<region>.app.sysdig.com/api/customer/accessKeys/ACCESS_KEY/disable

    Replace the following:

    • API_TOKEN with the token you retrieved in step 1.

    • <region > with your Sysdig endpoint associated with your region.

    • ACCESS_KEY with the access key that you wish to disable.

    Once you disable the Sysdig access key, the agents connected with the access key will be immediately blocked from sending metrics to your Sysdig Monitoring instance.

    Deleting access keys is not supported at this time.

Enabling an Access Key

To enable an existing access key for a Sysdig Monitor instance, do the following:

  1. Retrieve the API token from the Sysdig Monitor UI.

    For more information, see Retrieve the Sysdig API Token.

  2. Issue a curl POST request against the Sysdig Monitor endpoint to enable the given access key.

    $ curl -XPOST -H 'Authorization: Bearer API_TOKEN' https://<region>.app.sysdig.com/api/customer/accessKeys/ACCESS_KEY/enable

    Replace the following:

    • API_TOKEN with the token you retrieved in step 1.

    • <region > with your Sysdig endpoint associated with your region.

    • ACCESS_KEY with the access key that you wish to disable.

  3. Restart the agents for the new connection to work as expected.

    The agent that connects with a disabled access key will be terminated.



Last modified July 17, 2021: Aliases to old site urls (#98) (917a9be2)