Keys are used to connect Core LRS SDKs to your account to allow your code to interact with the LRS. Typically, keys are specified as part of a Connection String which also includes parameters such as HTTP Endpoints and other details of the account. This is a convenient way of specifying all required details of the connection in a single value which can be set as part of the configuration of third-party code which wants to integrate with Core LRS.
A pair of keys is automatically generated for each service at the point when it is created, named as ‘Primary’ and ‘Secondary’. Either key can be used for authentication since they have identical permissions. The reason that two keys are generated is to allow for Key Rotation if required.
Keys can be found under the ‘Keys’ section in the menu, and for convenience are also shown with complete Connection Strings which include the key values for use in SDK configuration.
To ensure the security of your account, it’s important to treat Keys as sensitive information in the same way as other passwords. For example, they should never be committed to source control or shared with third-parties who should not have access to your account.
Core LRS supports two methods of authentication to secure access to the API. In addition to Keys, the use of Basic Authentication using Credentials is also supported.
Over time, it may be necessary to retire a particular key for security reasons; for example if a key in use becomes compromised, or as part of regular key cycling practices. This is the reason that a pair of keys is provided to allow this to take place with minimal disruption to live systems. Any existing code using the Primary Key should be switched to use the Secondary instead, and then the Primary Key should be regenerated.
To regenerate a key within the Portal, click the icon next to the key, then confirm.