General Information About Admin Tokens and API Keys

Last modified on October 24, 2023

What are admin tokens and API keys?

Admin tokens are used by admin users or service accounts to authenticate to and use StrongDM via the CLI. The main purpose of an admin token is to automate administrative tasks normally performed by admin users (such as managing users and roles) or to allow service accounts to access resources.

A service account is a type of user account meant to be used by machines for programmatic access to resources. When service accounts are created, they come with an admin token that has no admin permissions. Service accounts are granted access to resources via roles, just like regular user accounts.

Admin users and service accounts use admin tokens instead of a username and password to log in to the CLI (and desktop app). For authentication, admin tokens can be used directly with the sdm login CLI command, or they can be set as environment variables to avoid having to log in via the CLI or desktop app for every session.

An admin token only allows the user or service account to perform the tasks that the admin token has been granted permissions to do, rather than what the user is permitted to do from an assigned permission level. You can use admin tokens to authenticate service accounts in order to automate administrative tasks or to access resources.

API keys are to authenticate applications making calls to the StrongDM API using the SDKs or the StrongDM Terraform provider.

Both admin tokens and API keys are generated in the Access > API & Admin Tokens section of the Admin UI. Permissions and an expiration period are specified for each admin token and API key to determine what they are allowed to do and for how much time. An admin token is a string, whereas an API key is key pair consisting of an access key (string) and secret key (string).

For more information about admin tokens, service accounts, and API keys, see the documentation:

For language-specific information on how to use API keys, see the SDK and Terraform provider repositories: