Security implications of BALENA_API_KEY envvar

I’m a bit confused by the info on the “Communicate outside the container” page:

It says “Inside your running container, you’ll have access to a number of BALENA_ namespaced environment variables”
This includes the BALENA_API_KEY, with the following warning:
WARNING This API key gives the code full user permissions, so can be used to delete and update anything as you would on the Dashboard.

Does this mean that anyone accessing either the container or the device can manipulate / get access to any of the other devices in the account? That would seem like a huge concern if I want to deploy different devices to different clients that all handle sensitive information.

Could you please clarify whether this key is user-specific or device-specific and detail what the exact access is that that can be obtained with that API_KEY?

Just found the device API key information on the security page.

Can you confirm that is the BALENA_API_KEY in the envvars?

The device API key explanation is a lot more reassuring than the warning above, so if they are the same, you may want to point easily alarmed users like myself to the security page for more info :slight_smile:

Hi @dirk,

Indeed the BALENA_API_KEY is a device API key with scope limited to a particular device. Those docs you pointed to in your first message are very outdated, since very old devices used to have more powerful keys, but this was changed to limited scope keys a long time ago. I’ll make a note for us to update those docs.

Sorry for the confusion!