SendGrid provides programmatic options to incorporate email and marketing tools into your application using only an API key. It is an easy way to add rich functionality to your app; however, if you lose your API key, it's also an easy way to leak sensitive information and rack-up fraudulent charges.
- Understand the Doppler rotation methodology
- Ability to create a SendGrid API key with the following permissions
- Full API key access
- Any permission(s) you want to assign to your rotated key
Doppler rotates SendGrid API keys using our issuer methodology. After you complete the rotated secret creation process, Doppler will issue the first rotated secret instance. At the defined frequency, Doppler will then issue a new SendGrid key instance before revoking a previous SendGrid key instance (reminder: there's always two).
Doppler leverages a SendGrid API key as the managing user to facilitate rotation. This API key can only create other API keys that have, at most, the same privileges as itself.
You can choose to select only a subset of the privileges the managing user has; this is recommended because the managing user requires SendGrid Full API access, which most API keys likely won't need.
SendGrid Rotated Secret Creation
- Navigate to the secrets config that the rotated secret will reside in
- Go to the Advanced Secrets tab
- Select New Rotated Secret
- Select SendGrid
- Name your integration
- The Managing User Key is a SendGrid API key you create to facilitate rotation. Read more about its requirements here.
- Hit Next
- Name your rotated secret. As you do, you'll get a live look at the secrets we'll be dynamically injecting into your config.
- Select the Scopes the rotated secret should receive
- Select the Interval at which you'd like your rotated secret instances to be rotated
- Hit Next
- The setup is complete and Doppler has created the first rotated secret instance, which is immediately available in your config
Updated 5 months ago