We recommend that you follow certain best practices when using API Keys.
We recommend using Ingest Keys to send data to Honeycomb, and Management and Configuration keys to manage your Honeycomb resources.
We recommend using Ingest API Keys to send data to Honeycomb. They are specialized, environment-scoped keys, which are designed to securely transmit telemetry data, including the optional creation of new datasets.
Ingest Keys have the following properties:
Management API Keys allow you to manage API keys at the Team level, which includes all API keys for the Environments associated with your team. Each key has a set of scopes, which can not be altered once the key has been created. Currently only managing the API Keys in an Environment is supported.
Configuration API Keys allow you to manage resources in your Environment, such as Boards, Columns, Markers, Triggers, and SLOs. Their permissions can be modified after their creation, and while they can be granted the permission to send events it is recommended that Ingest API Keys be used for that purpose.
For example, the API key used to send data in from your production cluster should be different from the API key used for testing; the key used by your build process to create markers should be different from either of those.
Separating these purposes among different API keys allows you to revoke permissions on one key without affecting the abilities of others. It also minimizes the negative effects if a key leaks or is lost.
