Overview
Management Keys are only available to workspace admins. The Management Keys page is not visible to non-admin members.
Use cases
- Automating workspace provisioning via the API.
- Delegating API key rotation to a deployment pipeline without granting full admin access.
- Letting a billing automation script read and update Budgets without exposing API key management.
View Management Keys
Navigate to Settings → Organization → Management Keys to view all keys in the workspace.
- Edit: open the edit panel to update the key’s name, permissions, or expiration date.
- Duplicate: create a new key with the same permissions.
- Delete: permanently remove the key from the workspace.
Create a Management Key
Set permissions
Select a Permissions mode, default is All. See Permission modes below.
Set expiration (optional)
Set an Expiration date if the key should stop authenticating after a certain date.
Permission modes
| Mode | Description |
|---|---|
| All | Full read and write access to all capabilities. |
| Restricted | Configure access per capability. Each capability can be set to None, Read, or Write independently. |
| Read only | Read access to all capabilities. |
Capabilities
| Capability | None | Read | Write |
|---|---|---|---|
| API keys | No access. | List and view workspace API keys. | List, view, create, update, and revoke workspace API keys. |
| Budgets | No access. | List and view workspace Budgets. | List, view, create, and update workspace Budgets. |
Management Keys are not available through MCP. Use the REST API to manage keys programmatically.
