Other: App security: To rotate User API keys
Planned
Hello Team,
We have noticed that users can generate their own API keys from fivetran dashboard, which was earlier only possible to Account ADMIN users.
I do understand the benefit for the same, but this poses a security risk for us as there is no way to monitor and rotate the user API keys on Fivetran, as its one of our security requirements that the same is rotated. We would like if Fivetran has an automated way to rotate user (non account admin) based API keys.
Or in light of system API keys getting introduced, the user api keys (non account admin) can be decommissioned by fivetran, or fivetran can provide more control to the account admin of an organization to decide on the same for their org.
-
Official comment
Hi Reuben,
We're going to improve this significantly, both by making it possible to audit user keys and by allowing admins to prevent user keys or enforce rotation/expiration. Stay tuned.
Thanks,
Jimmy
Please sign in to leave a comment.
Comments
1 comment