Scoped API Keys (Especially for Organisations)
Hi There,
We currently have access to the Organisations preview and have been setting up some custom Github Workflows to handle deployment between Neon and Vercel as we have a few different Projects for Environments (Allowing us to separate permissions and project wide settings) as well as a few different branch setups required.
As part of this we are making sure we handle security sensibly and one of the areas we saw a bit of a hole between our environments was that, currently, Neon API keys are scoped to a user and include all the rights they have rather then being able to limit this. This stops you from being able to generate an API key for one project within an organisation that won't work for all the other projects in the organisation (If your user is part of the Org permissions are wide open!).
It seems sensible to be able to scope API Keys which you can then use in specific Github Repo's or Github Environment etc, whilst still keeping billing under one Organisational Roof Neon side!
Is this on the roadmap at all?
*NOTE - We have created a work around for now by creating a Neon user specifically for each API key we need, keeping the users outside of the organisation and sharing the project specifically to that user. However, it's a bit of a faff requiring valid email addresses etc! *
Another thread requesting this but in Support and without the Organisations element:
https://discord.com/channels/1176467419317940276/1187526405223882802
4 Replies
extended-salmon•14mo ago
Do you have a paid plan?
frozen-sapphireOP•14mo ago
We do!
extended-salmon•14mo ago
I would reach out to support to express your need for this feature.
frozen-sapphireOP•14mo ago
Ticket # 3434