This the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

    Creating Access Keys

    The Access Key is a token that you must configure Sysdig agents to successfully forward data from your monitored environment to the Sysdig Monitor instance. If the access key is compromised or you have the policy to renew it, you can generate a new access key and disable the old one. This topic helps you to do so.

    Creating an Access Key

    To create an access key:

    1. Retrieve the Sysdig API token from the Sysdig Monitor UI.

      For more information, see Retrieve the Sysdig API Token.

    2. Issue a curl POST request against the Sysdig endpoint to generate a new access key:

      $ curl -XGET -H 'Authorization: Bearer API_TOKEN' https://<region>.app.sysdig.com/api/customers/accessKeys

      Replace the following:

      • API_TOKEN with the token you retrieved in step 1.

      • <region> with your Sysdig endpoint associated with your region.

      The output will provide the newly generated access key in the response.

      {
        "customerAccessKey": {
            "enabled": true,
            "accessKey": "87654321-1234-1234-1234-123456789012",
            "dateCreated": 2263852422114,
            "dateDisabled": null
        }
      }
      

      The access key can now be used in the Sysdig agent configuration files.

    Viewing the Available Access Keys

    To view all of the access keys for your Sysdig Monitor instance, do the following:

    1. Retrieve the API token from the Sysdig Monitor UI.

      For more information, see Retrieve the Sysdig API Token.

    2. Issue a curl GET request against the Sysdig Monitor endpoint to enable the given access key:

      $ curl -XGET -H 'Authorization: Bearer API_TOKEN' https://<region>.app.sysdig.com/api/customer/accessKeys

      Replace the following:

      • API_TOKEN with the token you retrieved in step 1.

      • <region> with your Sysdig endpoint associated with your region.

      The output will provide a list of the access keys in the response and indicates whether they are enabled.

      {
        "customerAccessKeys": [
            {
                "enabled": true,
                "accessKey": "12345678-1234-4321-1234-123456789000",
                "dateCreated": 5242096409000,
                "dateDisabled": null
            },
            {
                "enabled": false,
                "accessKey": "87654321-1234-1234-1234-123456789012",
                "dateCreated": 2553849361000,
                "dateDisabled": 2553849367000
            }
        ]
      }
      

    Disabling an Access Key

    To disable an existing access key for your Sysdig Monitor instance, do the following:

    1. Retrieve the API token from the Sysdig Monitor UI.

      For more information, see Retrieve the Sysdig API Token.

    2. Issue a curl POST request against the Sysdig Monitor endpoint to disable the given access key.

      $ curl -XPOST -H 'Authorization: Bearer API_TOKEN' https://<region>.app.sysdig.com/api/customer/accessKeys/ACCESS_KEY/disable

      Replace the following:

      • API_TOKEN with the token you retrieved in step 1.

      • <region > with your Sysdig endpoint associated with your region.

      • ACCESS_KEY with the access key that you wish to disable.

      Once you disable the Sysdig access key, the agents connected with the access key will be immediately blocked from sending metrics to your Sysdig Monitoring instance.

      Deleting access keys is not supported at this time.

    Enabling an Access Key

    To enable an existing access key for a Sysdig Monitor instance, do the following:

    1. Retrieve the API token from the Sysdig Monitor UI.

      For more information, see Retrieve the Sysdig API Token.

    2. Issue a curl POST request against the Sysdig Monitor endpoint to enable the given access key.

      $ curl -XPOST -H 'Authorization: Bearer API_TOKEN' https://<region>.app.sysdig.com/api/customer/accessKeys/ACCESS_KEY/enable

      Replace the following:

      • API_TOKEN with the token you retrieved in step 1.

      • <region > with your Sysdig endpoint associated with your region.

      • ACCESS_KEY with the access key that you wish to disable.

    3. Restart the agents for the new connection to work as expected.

      The agent that connects with a disabled access key will be terminated.