Note: Team-level API keys will continue to function until 6/15/2021, at which point Gremlin will only support user-level API keys. Please migrate your existing API keys to user-level API keys by logging into the Gremlin web app and clicking Account Settings. Please contact us if you need assistance.
Today, Gremlin is excited to announce the ability to create an API key that can perform actions with the same set of permissions as your user account. This allows you to automate Gremlin tasks safely and securely.
Gremlin has always enabled an API-first approach to the product. Customers use our existing API keys to automate creating, starting and halting chaos experiments. As Chaos Engineering is onboarded into enterprises, users need to automate all aspects of Gremlin so they can focus their efforts on improving the reliability of their service rather than system administration. With RBAC for API keys, each API key now shares the same permissions as the user who created it.
Enabling more API automation
API keys are currently used mainly to automate chaos experiments. With this release, we’ve greatly expanded the types of automation available to API keys to include adding and removing users, managing agent certificates and secret keys, and generating reports, in addition to running chaos experiments.
Stronger security controls
API keys are now associated at the user level, enabling you to create service accounts that follow the principle of least privilege and comply with your security requirements. This makes it easier for security teams to revoke API keys when an employee leaves the company without impacting other automated workflows.
More visibility into team activities
Company Managers have complete visibility into the creation and usage of API keys. This enables them to see which API keys are being created and used by their organization, which user created which key, and when a key was last used.
Migrate your API keys today
With this release, we will be deprecating team-level API keys in favor of user-level API keys. You can continue to use, revoke, and reinstate your existing API keys, but any newly created API keys will be created at the user level. Start migrating your API keys by signing into your Gremlin profile and generating a new key. If you haven’t yet created API keys, this is the perfect time to jump start your reliability program through automation.
For more information about creating and using API keys, see the documentation. If you don’t have a Gremlin account yet, request a free trial!