API Keys
API keys are used for sending telemetry data to SUSE Observability. It now offers two types of API keys:
-
Receiver API Key: This key is typically generated during the initial installation of your SUSE Observability instance, and it never expires
-
Ingestion API Key: You can create Ingestion API Keys using the SUSE Observability CLI (STS). These keys offer expiration dates, requiring periodic rotation for continued functionality.
The receiver API key can be found in your values.yaml as the receiverApiKey, but you can also find it in the installation instructions of the stackpacks. For example if you installed the Kubernetes stackpack:
-
Open SUSE Observability
-
Navigate to StackPacks and select the Kubernetes StackPack
-
Open one of the installed instances
-
Scroll down to the first set of installation instructions. It shows the API key as
STACKSTATE_RECEIVER_API_KEYin text and as'stackstate.apiKey'in the command.
Ingestion API Keys
Ingestion API Keys are used by external tools to ingest data (like metrics, events, traces and so on) to the SUSE Observability cluster. These tools can be STS Agent or/and OTel Collector.
Manage Ingestion API Keys
Keys can be managed via the sts CLI. The following commands are available:
> sts ingestion-api-key --help
Manage API Keys used by ingestion pipelines, means data (spans, metrics, logs an so on) send by STS Agent, OTel and so on.
Usage:
sts ingestion-api-key [command]
Available Commands:
create Create a new Ingestion Api Key
delete Delete an Ingestion Api Key
list List Ingestion Api Keys
Use "sts ingestion-api-key [command] --help" for more information about a command.Create Ingestion API Keys
To create a Key in your instance of SUSE Observability, you can use the sts CLI.
> sts ingestion-api-key create --name {NAME}|
Note that the Key will only be displayed once. It isn’t possible to see the token again. |
This command takes the following command line arguments:
| Flag | Description |
|---|---|
|
The name of the Key. |
|
Optional description of the API Key. |
|
The expiration date of the Key, the format is yyyy-MM-dd. The expiration is optional. |
For example, the command below will create a Key with the name my-ingestion-api-key:
> sts ingestion-api-key create --name my-ingestion-api-key
✅ Ingestion API Key generated: iapikeyok-aaaaa-bbbb-ccccc-dddddAuthenticate using Ingestion API keys
Once created, an Ingestion API Key can be used to authenticate:
-
suse-observability-agent
-
OTel Collector
suse-observability-agent
The SUSE Observability agent requires an API key for communication, historically known as the Receiver API Key. SUSE Observability now offers two options for authentication:
-
Receiver API Key: This key is typically generated during the initial installation of your SUSE Observability instance,
-
Ingestion API Key: You can create Ingestion API Keys using the SUSE Observability CLI (STS). These keys offer expiration dates, requiring periodic rotation for continued functionality.
OTel Collector
When using the SUSE Observability collector, you’ll need to include an Authorization header in your configuration. The collector accepts either a Receiver API Key or an Ingestion API Key for authentication.
The following code snippet provides an example configuration:
extensions:
bearertokenauth:
scheme: SUSE Observability
token: "${env:API_KEY}"
exporters:
otlp/suse-observability:
auth:
authenticator: bearertokenauth
endpoint: <otlp-suse-observability-endpoint>:443
# or
otlphttp/suse-observability:
auth:
authenticator: bearertokenauth
endpoint: https://<otlp-http-suse-observability-endpoint>