Access Keys
Access keys are credentials that allow you to interact with Rabata.io’s API and services. This guide explains how to create, manage, and secure your access keys.
Understanding Access Keys
Access keys in Rabata.io consist of two parts:
- Access Key ID: A public identifier for your key (similar to a username)
- Secret Access Key: A private key that should be kept confidential (similar to a password)
These credentials authenticate your requests to Rabata.io and determine what actions you’re allowed to perform.
Creating Access Keys
To create new access keys:
- Log in to the Rabata.io dashboard
- Navigate to the Access Keys section in your account settings
- Click the Create Access Key button
- Add a description to help you identify this key later
- Select the appropriate permissions for this key
- Click Create
- Important: Download or copy your Secret Access Key immediately, as it won’t be shown again
Managing Access Keys
Viewing Your Access Keys
To view your existing access keys:
- Log in to the Rabata.io dashboard
- Navigate to the Access Keys section
- You’ll see a list of your active access keys with their descriptions and creation dates
Rotating Access Keys
For security, it’s recommended to rotate your access keys regularly:
- Create a new access key
- Update your applications to use the new key
- Disable (but don’t delete) the old key to ensure your applications are working correctly
- Delete the old key once you’ve confirmed everything is working
Deleting Access Keys
To delete an access key:
- Navigate to the Access Keys section
- Find the key you want to delete
- Click the Delete button
- Confirm the deletion
Note: Deleting an access key is permanent and cannot be undone. Make sure the key is no longer in use before deleting it.
Using Access Keys
In the AWS CLI
To configure the AWS CLI to work with Rabata.io:
aws configure --profile rabata
When prompted, enter:
- Your Access Key ID
- Your Secret Access Key
- Your preferred region (now eu-west-1 is the only region available)
- Output format (json is recommended)
Then use the profile in your commands:
aws s3 ls --profile rabata --endpoint-url https://s3.rabata.io
In SDKs
Most AWS SDKs can be configured to work with Rabata.io. Here’s an example using the AWS SDK for JavaScript:
const AWS = require('aws-sdk');
const s3 = new AWS.S3({
accessKeyId: 'YOUR_ACCESS_KEY_ID',
secretAccessKey: 'YOUR_SECRET_ACCESS_KEY',
endpoint: 'https://s3.rabata.io',
s3ForcePathStyle: true,
signatureVersion: 'v4'
});
In Environment Variables
You can set your access keys as environment variables:
export RABATA_ACCESS_KEY_ID=YOUR_ACCESS_KEY_ID
export RABATA_SECRET_ACCESS_KEY=YOUR_SECRET_ACCESS_KEY
Security Best Practices
Protect Your Access Keys
- Never share your Secret Access Key with anyone
- Don’t commit access keys to source code repositories
- Don’t include access keys in unencrypted client-side code
- Use different access keys for different applications
Use Least Privilege
Create access keys with only the permissions they need:
- When creating a key, select only the specific services and actions required
- Regularly review and remove unnecessary permissions
- Use separate keys for different purposes (development, production, etc.)
Monitor Key Usage
Regularly check the activity of your access keys:
- Navigate to the Access Keys section
- Click on a key to view its recent activity
- Look for any suspicious or unexpected usage
- Set up alerts for unusual activity
Implement Key Rotation
Rotate your access keys regularly:
- At least every 90 days
- Immediately if you suspect a key has been compromised
- When team members leave your organization
Troubleshooting
Common Issues
- Access Denied: Check that your key has the necessary permissions
- Invalid Signature: Verify your Secret Access Key is correct
- Expired Token: Your temporary credentials have expired and need to be refreshed
- Rate Limit Exceeded: You’re making too many requests in a short period
Getting Help
If you encounter issues with your access keys, contact Rabata.io Support.