Stashbase

Personal API Keys

Access levels and permissions for personal API keys in the REST API.

Personal API keys act on behalf of a user. Compared to service accounts, access is simplified and intended for CLI usage, scripts, and developer workflows.

Access levels

  • Full access: Full access to all resources.
  • Read-only: Read access to all resources.
  • Secrets write: Full access to secrets with read-only access to context resources.

Resource permission matrix

Full access

ResourceGETPOSTPATCHDELETE
Projects
Environments
Secrets
Webhooks
Integrations

Read-only

ResourceGETPOSTPATCHDELETE
Projects
Environments
Secrets
Webhooks
Integrations

Secrets write

ResourceGETPOSTPATCHDELETE
Projects
Environments
Secrets
Webhooks
Integrations

Scans

Scans use scans.scan. Scans are not tied to HTTP methods. Scans are treated as a read-level capability.

Access levelscans.scan
Full access
Read-only
Secrets write

Notes

  • secrets_write includes read access implicitly.
  • Access is always limited by the user's own permissions.
  • Webhooks and integrations are not accessible in restricted modes.

IP allowlist

Each personal API key has its own IP allowlist configuration.

On this page