API Keys

An API key is primarily used to authenticate against SUSE® Observability for sending telemetry data to SUSE® Observability. In a helm agent install, this is done by setting the stackstate.apiKey helm variable.

You can obtain an API key by following the StackPack install flow, which uses a Service Token from the platform.

You can also obtain an API Key in the following ways from the platform:

  • Service Token - Use this key to scope the data to be ingested. A service token is required when installing with Rancher RBAC support. It also offers expiration dates. For more information, see Service Tokens.

  • Bootstrap Service Token - Use this API key to set up a service token for data ingestion and RBAC. This is the preferred method to create a key before installation. For more information, see Bootstrap Service Tokens.

  • Receiver API Key - This key is generated during the initial installation of your SUSE® Observability instance and it never expires. As it is not scoped, it can be used for all agents.

This method will be replaced in the long run as the RBAC data cannot be ingested with the receiver API Key.

  • Ingestion API Key (Deprecated) - You can create Ingestion API Keys using the SUSE® Observability CLI (STS). These keys offer expiration dates, requiring periodic rotation for continued functionality.

Ingestion API Keys (Deprecated)

Ingestion API Keys were used by external tools to ingest data (such as metrics, events and traces) to the SUSE Observability cluster. These tools include the STS Agent or/and OTel Collector. The recommended authentication mechanism is through Service Tokens.

More info