Best Practices for API Keys | Honeycomb

Best Practices for API Keys

We recommend that you follow certain best practices when using API Keys.

Use API Key types appropriately 

We recommend using Ingest Keys to send data to Honeycomb, and Configuration keys to manage your Honeycomb resources.

Ingest Keys 

We recommend using Ingest API Keys to send data to Honeycomb. They are specialized, environment-scoped keys, which are designed to securely transmit telemetry data, including the optional creation of new datasets.

Ingest Keys have the following properties:

  • Limited permissions: Can only be used to write telemetry data, and optionally create new datasets.
  • Immutable: Once created, their permissions cannot be altered, which makes them the safest option for client-side instrumentation.
  • Can be deleted: These keys can be temporarily disabled or permanently deleted, which help users manage clutter and adhere to certain compliance standards.

Configuration Keys 

Configuration API Keys allow you to manage resources in your Environment, such as Boards, Columns, Markers, Triggers, and SLOs. Their permissions can be modified after their creation, and while they can be granted the permission to send events it is recommended that Ingest API Keys be used for that purpose.

Use different API keys for different purposes 

For example, the API key used to send data in from your production cluster should be different from the API key used for testing; the key used by your build process to create markers should be different from either of those.

Separating these purposes among different API keys allows you to revoke permissions on one key without affecting the abilities of others. It also minimizes the negative effects if a key leaks or is lost.