Rotate Vultr current user API keys securely with zero downtime using portal or API.
Regularly rotating API keys is a security best practice that reduces the risk of unauthorized access and credential compromise. This guide provides a safe, zero-downtime workflow to rotate your current user API key using the Vultr Customer Portal or the Vultr API. Follow these steps to rotate a current user API Key, ensuring your applications and automation continue to function without interruption.
Send a POST request to the Create API Key endpoint to generate a new API key for your current user account.
$ curl "https://api.vultr.com/v2/apikeys" \
-X POST \
-H "Authorization: Bearer ${VULTR_API_KEY}" \
-H "Content-Type: application/json" \
-d '{
"name": "<api-key-name>",
"expire": true,
"date_expire": "2030-01-01T00:00:00Z"
}'
The response returns the new API key in plain text. Copy and store it securely, as this is the only time you can view it.
Update your applications, scripts, and automation to use the new API key, then validate that they work correctly.
Send a GET request to the List API Keys endpoint to view all API keys for the current user and identify the old key's ID.
$ curl "https://api.vultr.com/v2/apikeys" \
-X GET \
-H "Authorization: Bearer ${VULTR_API_KEY}"
Send a DELETE request to the Delete API Key endpoint to delete the old API key.
$ curl "https://api.vultr.com/v2/apikeys/{apikey-id}" \
-X DELETE \
-H "Authorization: Bearer ${VULTR_API_KEY}"
An HTTP response of 204 No Content confirms that your API key is deleted.
No comments yet.