24 Jan 2022 10:35 AM
Would be interested if anyone has come across best practices for Dynatrace API key management, or if they have used a third party application that can be integrated with Dynatrace to provide this capability - ideally it would be automation friendly (ie can be integrated into other pipelines)
Background behind the question...
The Dynatrace API provides opportunities for automation with both infrastructure and application deployment
For various reasons the demand for such automation can come from many teams, each require one or more API keys
This presents the team who are responsible for Dynatrace in an organisation the challenge of how to manage the issue of keys
These are some of the areas of consideration, this is to give an idea of scope.
1. Audit the issuing of keys
2. Ensuring keys are only issued to legitimate parties
3. Ensuring old keys are removed when no longer required.
Solved! Go to Solution.
24 Jan 2022 11:30 AM
If you want to integrate automatic Dynatrace API Key Managment into existing workflows you could just use the Token API Endpoint.
You can create tokens with specific scopes and delete them once they are no longer needed.
25 Jan 2022 11:49 AM
Thank you for the advice, the API call works well. One feature of interest is the ability to set an expiry date on the token to force applications to renew keys if still in use (that is like an expire password function and used for the same reason). I do not know if Dynatrace would work well with a system that is regularly regenerating keys. It would be interesting to know if anyone has taken this approach.
21 Feb 2022 08:42 PM
Hi @Mark_Skeats ,
actually I have implemented exactly what you describe at large scale. Managing and rotating API keys across several thousand Dynatrace Tenants across multiple managed clusters.
You can generate API keys with an expiry date and thus automatically rotate them upon expiry.
It's part of one of my blog posts.
Reinhard
22 Feb 2022 10:06 AM
Thanks Reinhard, the blog was very helpful.