PodArmor docs
API

API Keys

Scoped, read-only keys for the PodArmor public API.

Automate catalog, SBOM, and CVE queries from CI or the CLI with scoped API keys. Manage them in Portal → API keys (tenant admins only).

Scopes

ScopeGrants
read:catalogList images + metadata
read:sbomDownload SBOMs (SPDX / CycloneDX)
read:vulnsRead vulnerabilities + CVE lookups
admissionThe Kubernetes admission-controller webhook

Lifecycle

  • Create a key with a name and one or more scopes. The full pa_live_… secret is shown exactly once — copy it then; we only store a hash.
  • List shows each key's prefix, scopes, and last-used time.
  • Revoke takes effect immediately; any client using the key gets 401.

Using a key

Send it as a Bearer token or an X-API-Key header — the key identifies your tenant, so any host resolves correctly:

curl -H "Authorization: Bearer pa_live_xxx" \
  https://<your-subdomain>.app.podarmor.dev/v1/images

curl -H "X-API-Key: pa_live_xxx" \
  https://<your-subdomain>.app.podarmor.dev/v1/images
Store the raw key in a secrets manager or CI secret. If you lose it, revoke and create a new one — it can't be retrieved.

On this page