Skip to content

Security Keys

🧠 Philosophy

Modern AI workflows often include external access β€” such as API integrations, private deployments, and automation scripts. These integrations require a secure and reliable way to authenticate programmatically.

That’s why INTELLITHING includes Security Keys β€” cryptographically signed API tokens that allow external systems to interact with your deployed applications.

Unlike legacy tokens that are hard to rotate or revoke, our approach:

  • Is opt-in and scoped to a specific project
  • Can be managed from the UI with full visibility
  • Integrates tightly with deployment and runtime security

Security Keys are designed to give developers just enough access, with full traceability and governance.

πŸ”‘ Key Concepts

Concept Description
Security Key A generated, base64-encoded token used to authenticate external requests
Key ID A UUID tied to the token, used to identify and manage keys
Activation Toggle A workspace-level switch to enable/disable key-based access
Build Dependency Key access is only applied after a fresh compile, build, and deploy
One-time Visibility The full secret is shown once upon creation β€” download it securely

πŸ“˜ Key Definitions

  • Security Key: The base64 token used in HTTP headers or SDKs to authorize access.
  • Key ID: An immutable identifier (UUID) used to track the key in the system.
  • Enabled Toggle: A workspace-wide flag that determines whether any key access is allowed.
  • Deployment Awareness: Security keys are wired into your deployed containers. Changes to keys require a redeploy.
  • Revocation: You can delete a key anytime β€” it will immediately stop working in the next deployed version.

🧩 Security at a Glance

One-line Form

SecurityKey = generate() β†’ store() β†’ deploy() β†’ use()

Example Flow

  1. Create a new key β†’ it shows once.
  2. Toggle "Enable Security Keys" β†’ this affects all keys.
  3. Build and deploy β†’ key access is baked into the container.
  4. Use the key in external requests.
  5. Revoke key anytime via UI.

βš™οΈ How Security Keys Fit into INTELLITHING

The Security tab inside Studio is your access hub.

  • You generate and manage keys from the Security section of your workspace.
  • Each key is tied to a specific workspace β€” not individual apps or users.
  • Keys only work if the "Enable Security Keys" toggle is ON.
  • Even with the toggle ON, key access only becomes active after a successful build & deploy.

This ensures your deployments stay secure and predictable β€” key changes are opt-in and controlled.

πŸ› οΈ How to Create and Use a Key

Step-by-step:

  1. Go to Security Tab

  2. Found under: Studio β€Ί Security

  3. Click "Create a new secret key +"

  4. Copy or download the key

  5. You'll see:

    Id: 0fe6f7ae-f50c-45d7-83c2-64a9bec7a88e
Security Key: eyJhbGciOiJ...
    * You won’t be able to see it again.

  6. Toggle ON "Enable Security Keys"

  7. Found top-right in the Security UI.

  8. This allows API access for the current workspace.

  9. Rebuild and Deploy

  10. Key changes only take effect after a fresh deploy.

  11. This applies the updated access settings.

  12. Use your key

  13. Example HTTP Header:

    Authorization: Bearer <your-security-key>

🧬 Key Behavior and Runtime Model

Behavior Description
βœ… Created A new key is stored in the system. You see the full value once.
⚠️ Enable Toggle OFF No keys will work, even if built into the container.
πŸš€ Build/Deploy Required A new or toggled key does not take effect until you redeploy.
πŸ—‘οΈ Deleted Key The key ID is revoked; removed keys stop working in the next deploy.

πŸ” The deployment process embeds the key state into your running container. πŸ” Changes require a new deploy to take effect.

πŸ“Š UI Overview

Section Purpose
Create a new secret key + Opens the key generation modal
Enable Security Keys Master toggle to allow or deny all key usage
Key Table Lists key IDs, creation dates, and last used
πŸ—‘οΈ (Red bin icon) Permanently delete a key

🚨 Best Practices

Tip Why It Matters
βœ… Download the key on creation It will never be shown again
βœ… Enable toggle only when needed Minimize exposure during inactive periods
πŸ” Re-deploy after changes Keys only take effect after recompile/build/deploy
πŸ§ͺ Test with forked deployments Use fork/test branches before pushing changes to main
❌ Never expose or share the key create individual keys

πŸ” Permissions

Action Required Role/Permission
View/Create Keys admin, owner, or moderator
Enable/Disable Keys Same as above
Delete Keys Same as above

Regular users cannot create or access keys.

πŸ’¬ Summary

  • INTELLITHING provides first-class support for secure API keys.
  • Keys are tied to the workspace, controlled via a central toggle.
  • Changes only take effect after a build and deploy.
  • Keys are one-time view only β€” download them safely.
  • The UI makes it easy to create, revoke, and monitor keys without touching infrastructure.