Skip to main content

Managing Keys

This guide walks you through creating and managing access keys and signing keys in the Ecosystem Hub.

To get started, log in to the Ecosystem Hub and navigate to Settings > Agent Integrations.

Access Keys

Access keys authenticate your managed integration's requests to the Agent Integrations API.

Creating an Access Key

  1. In the Access Keys section, click Create Key.
  2. Fill in the following fields:
    • Name — A descriptive name for the key (e.g., "MainWP Production").
    • Description — A short description of what the key is used for (e.g., "Access key for my MainWP dashboard").
    • Expiration — Choose when the key expires: Never, 30 days, 90 days, or 1 year.
  3. Click Create.

After creation, the full key value is displayed in a green alert box. Copy and store it securely.

tip

The key value is shown only once. If you lose it, you will need to create a new key.

Editing an Access Key

  1. In the access keys table, click the edit (pencil) icon on the key you want to modify.
  2. Update the Name or Description as needed.
  3. Click Save.

Note that the expiration date cannot be changed after creation.

Deleting an Access Key

  1. In the access keys table, click the delete (trash) icon on the key you want to remove.
  2. Click Confirm within 2 seconds to complete the deletion.
info

Deleting an access key immediately revokes it. Any integration using this key will no longer be able to authenticate.

Signing Key

The signing key is an RSA key pair used to sign JWT tokens for managed integrations. You need a signing key before your managed integration can exchange access keys for JWTs.

Generating a Signing Key

If no signing key exists for your tenant:

  1. In the Signing Key section, click Generate Signing Key.
  2. In the confirmation dialog, click Generate Key.

Once generated, the public key is displayed on the settings page. The private key is securely stored and managed by Cartesian — you never need to handle it directly. Your Outposts are automatically configured to use the public key for JWT verification, so no manual setup is required on your part.

tip

The Download Public Key option is available for reference, but you do not need to download or use the public key yourself. Cartesian handles key distribution to your Outposts automatically.

Rotating the Signing Key

If you need to replace your current signing key:

  1. Click Get new key.
  2. Review the warning — rotating the key invalidates all existing JWTs signed with the current key.
  3. Click Rotate Key.

After rotation, your Outposts are automatically updated to use the new public key. Deployed Outposts may take a few minutes to pick up the change — you can restart your Outpost to speed this up.

Resetting Outposts

In rare cases, an Outpost may fall out of sync with the current signing key. To re-sync it:

  1. Click Reset outpost to use this key.
  2. In the confirmation dialog, click Reset Outposts.

This updates all connected Outposts to use the current tenant signing key for JWT verification. Deployed Outposts may take a few minutes to pick up the change — you can restart your Outpost to speed this up.