Credential overview
The page summarizes the health of your credentials:- Total active keys. Keys currently able to authorize requests.
- Expiring soon. Keys due to expire within seven days, so you can rotate them before they lapse.
- Key usage. Usage volume over the last 30 days.
The credentials table
Each row shows the key name and ID, the agent it is assigned to, its status (Active, Expiring Soon, or Revoked), and its creation and expiration dates. Revoked keys are visually de-emphasized. Hovering a row reveals the actions available for that key, which may include copy, edit, rotate, view audit log, and revoke. You can search and page through the list, and export it.Issuing a KIT
Select Issue KIT to start the issuance flow. See Issue a KIT for the full walkthrough.Key generation policy
A workspace-level key generation policy sets the defaults applied to new keys, including the default expiration and the allowed source IP ranges in CIDR notation. Edit it to match your environment’s requirements.Expired and revoked keys stop authorizing requests immediately. An agent must obtain a fresh KIT to continue.
Related
Identity tokens (KITs)
What a KIT is and how its lifecycle works.
Audit logs
Trace how each credential was used.