Hi folks, Just pointing out that we are also working on a PR aiming to extend the API Key pair functionality (https://github.com/apache/cloudstack/pull/9504 <https://github.com/apache/cloudstack/pull/9504>), including API Key deletion. It addresses the user leaving an org problem by invalidating the key altogether, which may be a little safer than letting it be able to be restored. It could still be interesting to have this system for enabling and disabling API keys non-destructively, although similar things can be achieved disabling users/accounts/domains.Although I don't believe there will be many conflicts between the implementations, it could be interesting taking a look on the mentioned PR.

On 2024/09/24 08:03:00 Abhisar Sinha wrote:
> Hi All,
>
> I am working on this feature where Root Admin will get the option to disable Api key/ Secret key based access for a User, Account, or a Domain. > Api keys are primarily used for automation. It is the primary authorization mechanism used by automation when password-based access is not used. > This feature will be useful for Root Admins who may want to block certain users/accounts from using them. Or the Admin may want to disable Api key access for the whole domain and allow only for certain users.
>
> I've created a spec here : https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=323488155
> Your comments and suggestions are greatly appreciated.
>
> Thanks,
> Abhisar
>
>
>
>

Reply via email to