- 2 min read

Announcing role based access control for API keys for more control over automation

Note: Team-level API keys will continue to function until 6/15/2021, at which point Gremlin will only support user-level API keys. Please migrate your existing API keys to user-level API keys by logging into the Gremlin web app and clicking Account Settings. Please contact us if you need assistance.

Today, Gremlin is excited to announce the ability to create an API key that can perform actions with the same set of permissions as your user account. This allows you to automate Gremlin tasks safely and securely.

Gremlin has always enabled an API-first approach to the product. Customers use our existing API keys to automate creating, starting and halting chaos experiments. As Chaos Engineering is onboarded into enterprises, users need to automate all aspects of Gremlin so they can focus their efforts on improving the reliability of their service rather than system administration. With RBAC for API keys, each API key now shares the same permissions as the user who created it.

API key list in the Gremlin web app

Enabling more API automation

API keys are currently used mainly to automate chaos experiments. With this release, weā€™ve greatly expanded the types of automation available to API keys to include adding and removing users, managing client certificates and secret keys, and generating reports, in addition to running chaos experiments.

Stronger security controls

API keys are now associated at the user level, enabling you to create service accounts that follow the principle of least privilege and comply with your security requirements. This makes it easier for security teams to revoke API keys when an employee leaves the company without impacting other automated workflows.

More visibility into team activities

Company Managers have complete visibility into the creation and usage of API keys. This enables them to see which API keys are being created and used by their organization, which user created which key, and when a key was last used.

Migrate your API keys today

With this release, we will be deprecating team-level API keys in favor of user-level API keys. You can continue to use, revoke, and reinstate your existing API keys, but any newly created API keys will be created at the user level. Start migrating your API keys by signing into your Gremlin profile and generating a new key. If you havenā€™t yet created API keys, this is the perfect time to jump start your reliability program through automation.

For more information about creating and using API keys, see the documentation. If you donā€™t have a Gremlin account yet, sign up for free!

Create your Gremlin Free account

Run your first Chaos Experiment in minutes.
First name
Last name
Email
Log in