Configure API keys

Use this guide to create Tarnished API keys for machine clients.

What API keys are for

Tarnished API keys are the supported auth model for machine clients such as:

the Tarnished CLI
the browser extension
other automation or integration clients

Create an API key in the web app

Sign in to Tarnished in the browser.
Open Settings.
Open the API Keys section.
Create a new key.
Copy the raw key value immediately.

You will not get the raw key value back later from the server.

Choose the right preset

The backend currently supports preset families including:

full access
CLI
extension
read only
import/export
custom

Recommended preset choices

use CLI for the Tarnished CLI
use extension for the browser extension
use read only for dashboards or reporting-style integrations
use import/export for narrow data portability workflows

Use the key with the CLI

tarnished auth init --api-key 'your-api-key'
tarnished auth doctor
tarnished auth whoami

Use the key with the extension

Open the extension settings page.
Enter the Tarnished app URL.
Enter the API key.
Save the settings.

Rotate or revoke keys

Because the web app is the source of truth for API key lifecycle, rotate or revoke keys there rather than expecting the CLI or extension to do it remotely.

What API keys are for​

Create an API key in the web app​

Choose the right preset​

Recommended preset choices​

Use the key with the CLI​

Use the key with the extension​

Rotate or revoke keys​

Related pages​