Dear all, Thank you for your feedback during the recent DB-WG discussion on API key authentication for updates in the RIPE Database.
After discussions and careful consideration of the points raised, we have come to the following decisions. Firstly, we will only support the use of API keys created and used by an individual RIPE NCC Access account. When multiple people share the same login credentials, it creates security risks, leaving the system open to potential abuse. For instance, a former employee with access to shared credentials could still access sensitive data after leaving the company. Additionally, it becomes impossible to track who made specific changes in the system, leading to a lack of accountability and an incomplete audit trail, making it difficult to investigate incidents or ensure compliance. Based on these risks, we have chosen not to offer a design that allows API key sharing for better security and traceability. We will help an LIR manage how API keys are used. The LIR Portal will list who has used API keys with the default maintainer in the LIR Portal. We will also display a warning in the LIR Portal when removing or changing a user’s role when they have API keys. Secondly, we will implement mandatory API key expiration dates. We will allow the user to choose the expiry date when creating a new key, but expiry cannot be more than one year. We will notify the RIPE NCC Access user in advance by email and on our web interface(s), if any of their API keys are due to expire soon. Our top priority is the security of everyone’s data. While I understand these decisions will require members to make changes to their scripts, it's essential that we remain compliant and follow best practices here. Kind regards, Felipe Victolla Silveira Chief Technology Officer RIPE NCC
----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/db-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
