API
API Keys
Scoped, read-only keys for the PodArmor public API.
Automate catalog, SBOM, and CVE queries from CI or the CLI with scoped API keys. Manage them in Portal → API keys (tenant admins only).
Scopes
| Scope | Grants |
|---|---|
read:catalog | List images + metadata |
read:sbom | Download SBOMs (SPDX / CycloneDX) |
read:vulns | Read vulnerabilities + CVE lookups |
admission | The Kubernetes admission-controller webhook |
Lifecycle
- Create a key with a name and one or more scopes. The full
pa_live_…secret is shown exactly once — copy it then; we only store a hash. - List shows each key's prefix, scopes, and last-used time.
- Revoke takes effect immediately; any client using the key gets
401.
Using a key
Send it as a Bearer token or an X-API-Key header — the key identifies your tenant, so any host resolves correctly:
curl -H "Authorization: Bearer pa_live_xxx" \
https://<your-subdomain>.app.podarmor.dev/v1/images
curl -H "X-API-Key: pa_live_xxx" \
https://<your-subdomain>.app.podarmor.dev/v1/imagesStore the raw key in a secrets manager or CI secret. If you lose it, revoke and create a new one — it can't be retrieved.