Algolia API Key

Bridgecrew Policy ID: BC_GIT_22
Checkov Check ID: CKV_SECRET_22
Severity: LOW

Algolia API Key


Algolia is a proprietary search engine offering, usable through the software as a service (SaaS) model. API keys are necessary to work with Algolia. They give you code-level access to your account, data, and index settings. Whether you’re sending or updating your data, searching your index, or doing anything else with Algolia’s API, you need to use a valid API key.

Fix - Buildtime


Revoking an API key makes it unusable. It’s crucial to revoke any compromised key, for example, a leaked write API key, a search API key being abused. However, keep in mind that you need to update your applications to avoid breaking them when the key they use becomes invalid.

You can revoke an API key by deleting it from the dashboard, or through the API, with the deleteApiKey method. When deleting a main API key, you’re also deleting all derived Secured API keys. You can never restore Secured API keys, even if you later restore the main key.