Create and Manage Access Keys

Learn how to generate an access key and enable secure access to the Prisma Cloud API.

Access Keys are a secure way to enable programmatic access to the Prisma Cloud API, if you are setting up an external integration or automation. By default, only the System Admin has API access and can enable API access for other administrators.

You can enable API access either when you Add Administrative Users On Prisma Cloud, you can modify the user permissions to enable API access. If you have API access, you can create up to two access keys per role for most roles; some roles such the Build and Deploy Security role can generate one access key only. When you create an access key, the key is tied to the role with which you logged in and if you delete the role, the access key is automatically deleted.

Create an access key for a limited time period and regenerate your API keys periodically to minimize exposure and follow security best practices. On the Settings > Audit Logs, you can view a record of all access key related activities such as an update to extend its validity, deletion, or a revocation.

Select Settings > Access Control > Access Keys and select Add > Access Key.

If you do not see the option to add a new key, it means that you do not have the permissions to create access keys.
Enter a descriptive Name for the key.
Set the Key Expiry term.

Select the checkbox and specify a term—date and time for the key validity—that adheres to your corporate compliance standards. If you do not select key expiry, the key is set to never expire; if you select it, but do not specify a date, the key expires in a month. In the event a key is compromised, you can administratively disable (Make Inactive) the key.
Create the key.

If you have multiple roles, you must switch roles to create an access key for each role.

Copy or download the Access Key ID and the Secret Key as a CSV file. After you close the window, you cannot view the secret key again, and must delete the existing key and create a new key.
View the details for your keys.

You can verify the expiry date for the key and can update it here, review when it was last used and the status —Active or Expired.

If you have multiple roles, the access key details display only for the role with which you are logged in.

If you delete a role, the access keys associated with the role are automatically deleted, and any integrations that use the access key to make calls to Prisma Cloud will stop working.