Kokomo

Security

API keys

Kokomo allows the creation of API keys to authenticate the CLI agents with the infrastructure.

Authenticating with the agent

As described in the core concepts, the Kokomo CLI agent is the component that initalizes the provisioning, or the update, of the Kokomo infrastructure.

There exists API key authentication between the CLI agent and the Kokomo service that uniquely identifies the agent as belonging to your Kokomo account, and the API key is necessary to consume your purchased services or update them.

Keep your API keys secret

Kokomo API keys should be kept secret and secure, since anybody who has access to them could impersonate your account and consume billing credits on your account. Losing a key is a severe security risk and you should immediately revoke the lost or stolen key and re-provision a new one from the account settings.

Managing API keys

API keys on Kokomo can be managed from your account settings after logging in.

You can create as many API keys as you need, and you can also revoke existing keys. By default Kokomo creates a unique Default API key that you can use right away.

It is best practice to use a different API key per service, although there are no limitations if you intend to use the same one for all services that you are planning to expose. By using a different API key per service, in case one of them gets stolen or lost, you can revoke it and assure that only one service will be disrupted instead of having to reconfigure all the services.

Using the API key

You can use an API key by passing the --api-key argument when starting the agent CLI:

kokomo \
  --service-name "123" \
  --local-port 123 \
  --remote-port 123 \
  --api-key 12345apikey12345

To properly configure the API key, you will need to set the following configuration:

  • --api-key or the environment variable KOKOMO_API_KEY=YOUR-API-KEY.
Previous
Agent encryption
Next
Dedicated & Static