FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Dynatrace API key management.

Go to solution
Mark_Skeats
Visitor

‎24 Jan 2022 10:35 AM

 

Would be interested if anyone has come across   best practices for Dynatrace API key management, or if they have used a third party application that can be integrated with Dynatrace to provide this capability - ideally it would be automation friendly (ie can be integrated into other pipelines)

 

 

Background behind the question...

The Dynatrace API provides opportunities for automation with both infrastructure and application deployment
For various reasons the demand for such automation can come from many teams, each require one or more API keys
This presents the team who are responsible for Dynatrace in an organisation the challenge of how to manage the issue of keys

These are some of the areas of consideration, this is to give an idea of scope.
1. Audit the issuing of keys
2. Ensuring keys are only issued to legitimate parties
3. Ensuring old keys are removed when no longer required.

Reply
4 REPLIES 4

Go to solution
pahofmann
DynaMight Guru
DynaMight Guru

‎24 Jan 2022 11:30 AM

If you want to integrate automatic Dynatrace API Key Managment into existing workflows you could just use the Token API Endpoint.

You can create tokens with specific scopes and delete them once they are no longer needed.

Dynatrace Certified Master, AppMon Certified Master - Dynatrace Partner - 360Performance.net
Reply

Go to solution
Mark_Skeats
Visitor
In response to pahofmann

‎25 Jan 2022 11:49 AM

Thank you for the advice, the API call works well. One feature of interest is the ability to set an expiry date on the token to force applications to renew keys if still in use (that is like an expire password function and used for the same reason). I do not know if Dynatrace would work well with a system that is regularly regenerating keys. It would be interesting to know if anyone has taken this approach.  

0 Kudos
Reply

Go to solution
r_weber
DynaMight Champion
DynaMight Champion
In response to Mark_Skeats

‎21 Feb 2022 08:42 PM

Hi @Mark_Skeats ,

 

actually I have implemented exactly what you describe at large scale. Managing and rotating API keys across several thousand Dynatrace Tenants across multiple managed clusters.

You can generate API keys with an expiry date and thus automatically rotate them upon expiry.

It's part of one of my blog posts.

 

Reinhard

Certified Dynatrace Master, Dynatrace Partner - 360Performance.net
Reply

Go to solution
Mark_Skeats
Visitor
In response to r_weber

‎22 Feb 2022 10:06 AM

Thanks Reinhard, the blog was very helpful.  

0 Kudos
Reply
Ask a question

Featured Posts