Better security with fine grained API permissions

Instead of general API key for all functions, can we generate API key that can only be used for certain function like create TXT record with particular name such as for ACME challenge? That API key can’t do anything else than what it was created for.

This is tracked here: api: Scoped tokens · Issue #347 · desec-io/desec-stack · GitHub

Stay secure,
Peter

1 Like

The feature is implemented now: