Authentication

There are two options for managing cluster authentication depending on RBAC (Role-Based Access Control) being enabled:

• Authentication with RBAC enabled
• Authentication with RBAC disabled (deprecated)

Authentication with RBAC enabled

This section only applies to clusters that have RBAC (Role-Based Access Control) enabled. New clusters with Weaviate version v1.30 (or later) have RBAC enabled by default.

Create an API key

If you don't have an existing API key, you'll need to create one. Follow these steps to find the API keys section and create a new key if necessary:

Steps to create a new API key

To create an API key, follow these steps:

1. Open the Weaviate Cloud console and select your cluster.
2. Navigate to the API Keys section, found in the Cluster details panel.
3. If you need a new API key, click the New key button.
4. In the Create API Key form, provide a descriptive name for your key.
5. Choose the role for this API key. You can either select an existing role like admin or viewer, or create a new role with specific permissions.
6. Click the Create key button.
7. Important: This is the only time your API key will be displayed. Make sure to copy it or download it and store it in a secure location immediately after creation. You will not be able to retrieve the full key again.

Rotate an API key

Rotating an API key allows you to generate a new key while invalidating the old one, enhancing security.

Steps to rotate an API key

To rotate an API key, follow these steps:

1. Open the Weaviate Cloud console.
2. Select your cluster and navigate to the API Keys section.
3. Locate the API key you want to rotate and click the Rotate button next to it.
4. A confirmation dialog will appear, explaining that the old key will be invalidated. Click Rotate key to proceed.
5. Important: This is the only time your API key will be displayed. Make sure to copy it or download it and store it in a secure location immediately after creation. You will not be able to retrieve the full key again.

Edit an API key

Editing an API key allows you to modify its assigned roles. To edit an API key for a cluster:

Steps to rotate an API key

To edit an API key's roles and permissions, follow these steps:

1. Open the Weaviate Cloud console.
2. Select your cluster and navigate to the API Keys section.
3. Locate the API key you want to edit and click the Edit button next to it.
4. In the Edit API key form, you can modify the key's description/name.
5. You can also update the roles associated with this API key. Choose from the existing roles or assign different roles.
6. Click the Save button to apply your changes.

Delete an API key

To delete an API key, follow these steps:

Steps to delete an API key

To delete an API key, follow these steps:

1. Open the Weaviate Cloud console.
2. Select your cluster and navigate to the API Keys section.
3. Locate the API key you want to delete and click the Trash can button next to it.
4. A confirmation dialog will appear. Enter the necessary text (usually the API key name or a confirmation phrase) to confirm the deletion.
5. Click on the Delete key button.

Authentication with RBAC disabled (deprecated)

If RBAC (Role-Based Access Control) is not enabled, there will be two default API keys, ReadOnly and Admin:

• Admin keys are read-write.
• ReadOnly keys do not grant write access to the database.

If you have a Shared Cloud cluster, you can create, delete, edit, and rotate API keys. You cannot modify the Sandbox cluster keys.

Steps to retrieve an API key

Retrieve an API key

When connecting to a Weaviate Cloud cluster, you need an API key and the REST endpoint URL for authentication. To retrieve your connection details, follow these steps:

1. Open the Weaviate Cloud console and

   ssselect your cluster

   .

2. On the Cluster details page, find the Admin API key and REST Endpoint URL.

3. Copy the needed key and URL and store them in a safe location.

Grab the REST Endpoint URL.

Grab the Admin API key.

REST Endpoint vs gRPC Endpoint

When using an official Weaviate client library, you need to authenticate using the REST Endpoint. The client will infer the gRPC endpoint automatically and use the more performant gRPC protocol when available.

Steps to create an API key

Create an API key

If you have a Shared Cloud cluster, you can create new API keys. To create a new API key, follow these steps:

1. Open the Weaviate Cloud console.

2. Select your cluster

   and find the API Keys section.

3. Click on the New Key button (1 ).

Add new API key to a cluster.

4. Choose if you want an Admin or ReadOnly key.

5. Click on the Create button.

Choose a type for the new API key.

info

This action restarts the cluster. If you have a stand-alone cluster, there is a short downtime while the cluster restarts. There is no downtime if you have a high availability cluster.

Steps to delete an API key

Delete an API key

If you have a Shared Cloud cluster, you can delete API keys. To delete an API key, follow these steps:

1. Open the Weaviate Cloud console.

2. Select your cluster

   and find the API Keys section.

3. Click on the Delete button next to the key you want to delete (1).

Delete an API key in Weaviate Cloud.

4. Enter the necessary text to confirm the deletion.

5. Click on the Confirm and delete button.

Confirm API key deletion.

info

This action restarts the cluster. If you have a stand-alone cluster, there is a short downtime while the cluster restarts. There is no downtime if you have a high availability cluster.

Further resources

• Manage authorization in WCD
• RBAC documentation

Support

For help with Shared Cloud and Dedicated Cloud, contact Weaviate support directly to open a support ticket. To add a support plan, contact Weaviate sales.

If you have any questions or feedback, let us know in the user forum.

Technical questions

If you have questions feel free to post on our Community forum.

Documentation feedback

Leave feedback by opening a GitHub issue.