cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Dynatrace API key management.

Mark_Skeats
Visitor

 

Would be interested if anyone has come across   best practices for Dynatrace API key management, or if they have used a third party application that can be integrated with Dynatrace to provide this capability - ideally it would be automation friendly (ie can be integrated into other pipelines)

 

 

Background behind the question...

The Dynatrace API provides opportunities for automation with both infrastructure and application deployment
For various reasons the demand for such automation can come from many teams, each require one or more API keys
This presents the team who are responsible for Dynatrace in an organisation the challenge of how to manage the issue of keys

These are some of the areas of consideration, this is to give an idea of scope.
1. Audit the issuing of keys
2. Ensuring keys are only issued to legitimate parties
3. Ensuring old keys are removed when no longer required.

4 REPLIES 4

pahofmann
DynaMight Leader
DynaMight Leader

If you want to integrate automatic Dynatrace API Key Managment into existing workflows you could just use the Token API Endpoint.

You can create tokens with specific scopes and delete them once they are no longer needed.

Dynatrace Certified Master, AppMon Certified Master - Dynatrace Partner - 360Performance.net

Thank you for the advice, the API call works well. One feature of interest is the ability to set an expiry date on the token to force applications to renew keys if still in use (that is like an expire password function and used for the same reason). I do not know if Dynatrace would work well with a system that is regularly regenerating keys. It would be interesting to know if anyone has taken this approach.  

r_weber
DynaMight Champion
DynaMight Champion

Hi @Mark_Skeats ,

 

actually I have implemented exactly what you describe at large scale. Managing and rotating API keys across several thousand Dynatrace Tenants across multiple managed clusters.

You can generate API keys with an expiry date and thus automatically rotate them upon expiry.

It's part of one of my blog posts.

 

Reinhard

Certified Dynatrace Master, Dynatrace Partner - 360Performance.net

Thanks Reinhard, the blog was very helpful.