Revoke Api Keys

luclucluca · November 12, 2021, 2:07pm

We are currently trying out openBalena and recently figured out that we could use “generate api-key” to get a key we can use to log in. Now the question, where are these Keys saved and can they be deleted/revoked somehow?

20k-ultra · November 16, 2021, 4:20pm

Can you specify where/how you’re generate the API key ? Are you using balena CLI Documentation - Balena Documentation ?

Lizzieepton · November 16, 2021, 4:44pm

Hi @luclucluca I’m just sharing some more of our docs on generating API keys in case they are useful to you

The second link there has a code snippet for deleting an API key which should hopefully work for you if you want to delete any of your existing keys

luclucluca · November 16, 2021, 7:10pm

Yes that’s how we generated them.

luclucluca · November 16, 2021, 7:10pm

Thank you very much! I’ll try these tomorrow.

Lizzieepton · November 19, 2021, 12:18pm

great, let us know if you have any more questions

luclucluca · November 25, 2021, 7:18am

Thanks very much for the Great help! We are able now the see all the generated api keys! Tho it seems that, since we use those generated api keys to access them, we dont have the permission do Delete any api keys. I’ve read before about a “supervisor” api key but we were unable to find it anywhere. Does that also exist in openBalena? If yes where do we find it or how do we generate it?

Thanks in Advance!

luclucluca · December 17, 2021, 1:52pm

Any news here? @Lizzieepton

mpous · December 20, 2021, 11:45am

Hello @luclucluca

Could you please confirm if you have set the io.balena.features.supervisor-api on your docker-compose file? Then running echo $BALENA_SUPERVISOR_API_KEY that should work.

Let me know if that solves the question or we can help you more! (sorry for the delay).

GoogleIt · January 5, 2022, 3:15pm

Only the admin user (using credentials to log-in) could delete this if I am correct.
I guess you could generate a temporary token using the credentials and then use that token to delete whatever you want.

I believe the main API key can be found in your docker compose/environment file.

luclucluca · January 6, 2022, 10:59am

We are creating the Tokens using the Admin user(The account we used to set up the server). Even then if i send a DELETE Request for a api Key I get an “Unauthorized” back. I couldnt find any API keys that work in the Docker compose files on the server.

GoogleIt · January 6, 2022, 11:13am

If you first authenticate with the admin user using the API, you get a token back.
Try use this token to delete the API keys.

luclucluca · January 6, 2022, 11:44am

How would you authenticate with the API?

GoogleIt · January 7, 2022, 4:46pm

Hello @luclucluca

I made a very quick and dirty bash script you can use to revoke API keys. Not clean at all but it works.
You can find it here: GitHub - robbe-haesendonck/open-balena-scripts: Some scripts for interacting with the open-balena API

Will probably put some time in cleaning it up some day

Best regards,
Robbe

luclucluca · January 10, 2022, 7:33am

This is exactly what I was looking for. Thank you very much!