signaloid-cli keys
Manage API keys for Signaloid Cloud Compute Engine.
Synopsis
signaloid-cli keys <command> [options]
Description
The keys command group allows you to manage API keys for programmatic access to Signaloid. Create keys for different applications, set expiration dates, and revoke keys when needed.
Subcommands
- signaloid-cli keys list - List all API keys
- signaloid-cli keys create - Create a new API key
- signaloid-cli keys delete - Delete an API key
- signaloid-cli keys validate - Validate an API key
API Key Types
Production Keys
Long-lived keys for production environments.
Best practices:
- Set expiration dates (e.g., 1 year)
- Rotate regularly
- Store in secure secrets manager
- Monitor usage
EXPIRY=$(date -d '+1 year' -u +"%Y-%m-%dT%H:%M:%SZ")
signaloid-cli keys create \
--name "Production-2025" \
--valid-until "$EXPIRY"
Development Keys
Keys for local development and testing.
Best practices:
- Keep separate from production keys
- Shorter expiration (30-90 days)
- Revoke when no longer needed
EXPIRY=$(date -d '+90 days' -u +"%Y-%m-%dT%H:%M:%SZ")
signaloid-cli keys create \
--name "Dev-$(whoami)" \
--valid-until "$EXPIRY"
CI/CD Keys
Keys for automated pipelines.
Best practices:
- Use environment-specific keys
- Set reasonable expiration
- Rotate during security reviews
- Scope to minimum required permissions
EXPIRY=$(date -d '+6 months' -u +"%Y-%m-%dT%H:%M:%SZ")
signaloid-cli keys create \
--name "GitHub-Actions-$(date +%Y%m)" \
--valid-until "$EXPIRY"
Temporary Keys
Short-lived keys for specific tasks.
Best practices:
- Very short expiration (hours/days)
- Delete after use
- For one-time operations
EXPIRY=$(date -d '+24 hours' -u +"%Y-%m-%dT%H:%M:%SZ")
signaloid-cli keys create \
--name "Demo-$(date +%Y%m%d)" \
--valid-until "$EXPIRY"
Security Best Practices
Key Storage
DO:
- ✅ Store in environment variables
- ✅ Use secrets managers (AWS Secrets Manager, HashiCorp Vault)
- ✅ Use encrypted files with restricted permissions
- ✅ Rotate keys regularly
DON'T:
- ❌ Commit keys to version control
- ❌ Share keys via email or chat
- ❌ Store in plain text configuration files
- ❌ Use same key across environments
Key Rotation
#!/bin/bash
# Rotate API key safely
OLD_KEY_ID="key_old123"
KEY_NAME="Production API Key"
# 1. Create new key
echo "Creating new key..."
NEW_KEY_RESPONSE=$(signaloid-cli keys create --name "$KEY_NAME")
NEW_KEY=$(echo "$NEW_KEY_RESPONSE" | jq -r '.Key')
# 2. Test new key
export SIGNALOID_API_KEY="$NEW_KEY"
if signaloid-cli auth whoami; then
echo "✓ New key works"
else
echo "✗ New key failed"
exit 1
fi
# 3. Update deployment
echo "Update your deployment with new key: $NEW_KEY"
read -p "Press enter after updating deployment..."
# 4. Delete old key
signaloid-cli keys delete --key-id $OLD_KEY_ID
echo "Old key deleted"
Complete Workflow Example
#!/bin/bash
set -e
# 1. Create new API key for project
echo "Creating API key..."
KEY_RESPONSE=$(signaloid-cli keys create \
--name "Project-Alpha-$(date +%Y%m)" \
--valid-until "$(date -d '+90 days' -u +"%Y-%m-%dT%H:%M:%SZ")")
KEY_ID=$(echo "$KEY_RESPONSE" | jq -r '.KeyID')
API_KEY=$(echo "$KEY_RESPONSE" | jq -r '.Key')
echo "Key ID: $KEY_ID"
echo "API Key: $API_KEY"
# 2. Save key securely
mkdir -p ~/.secrets
echo "$API_KEY" > ~/.secrets/project-alpha-key.txt
chmod 600 ~/.secrets/project-alpha-key.txt
# 3. Test key
export SIGNALOID_API_KEY="$API_KEY"
if signaloid-cli auth login --api-key "$API_KEY"; then
echo "✓ Key authentication successful"
signaloid-cli auth whoami
else
echo "✗ Key authentication failed"
exit 1
fi
# 4. List all keys
echo "Current API keys:"
signaloid-cli keys list | jq -r '.Keys[] | "\(.Name)\t\(.KeyID)"'
echo "Setup complete!"
Exit Codes
| Code | Description |
|---|---|
0 | Success |
1 | Error (invalid parameters, key not found, etc.) |
Troubleshooting
"Invalid date format" Error
Problem: Date validation fails.
Solutions:
- Use ISO 8601 format:
2025-12-31T23:59:59Z - Ensure UTC timezone (Z suffix)
- Verify date is in the future
- Use date command to generate:
date -d '+30 days' -u +"%Y-%m-%dT%H:%M:%SZ"
"Key not found" Error
Problem: Cannot delete or access key.
Solutions:
- List all keys to verify ID:
signaloid-cli keys list - Check for typos in key ID
- Verify key wasn't already deleted
- Ensure you have permission to manage keys
"Authentication failed" with New Key
Problem: Newly created key doesn't work.
Solutions:
- Verify you copied the full key including prefix
- Check for extra spaces or newlines
- Ensure key hasn't expired
- Wait a few seconds for key to propagate
- Try re-authenticating:
signaloid-cli auth logout
signaloid-cli auth login --api-key <your-key>
See Also
- signaloid-cli auth - Authentication commands
- signaloid-cli users - User management
- Security Best Practices - Secure key usage
Learn More
- API Authentication Guide - Complete authentication guide