Best practices for API keys

I'm working on a CI/CD pipeline from our private gitlab server to confluence so users can publish documents directly from gitlab to confluence when they merge commits.

For testing and dev I've been using a personal token but now that I'm ready to get it into prod I want to use something more specific for this integration.

What would be great is to create separate tokens associated to a confluence space that corresponds to a gitlab group. That token would be stored in our secrets vault that the Pipeline could use to publish content.

Has anyone created a similar setup? How are you managing api access?

1 answer

0 votes

Hello @Ryan Stickney
Welcome to the Community !
Token are associated with account, hence you have a single token or many token from the same account - that would result in same action as permission assigned to that profile.

With recent changes, atlassian has added API with scope -https://support.atlassian.com/atlassian-account/docs/manage-api-tokens-for-your-atlassian-account/

Practice would be to have different API with different scope is required.
NOTE: API have max age of 1 year.

In your case - ALWAYS HAVE AN INTEGRATION ACCOUNT whose API will be used in any api calls/integrations.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Suggest an answer

Was this helpful?

Thanks!

Confluence

DEPLOYMENT TYPE

CLOUD

PRODUCT PLAN

PREMIUM

Forums

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Best practices for API keys

1 answer

Suggest an answer

Was this helpful?

Thanks!

DEPLOYMENT TYPE

PRODUCT PLAN

TAGS

Atlassian Community Events