# API keys

A protos.rip API key is the prefix `ripr_` followed by a base62 encoding of 32 random bytes. The prefix shown in the dashboard after the key is dismissed is `ripr_` plus the first 8 base62 characters — enough to tell keys apart without revealing the secret. The registry stores only the SHA-256 hash of the key; the plaintext is never written to the database. As a consequence, the full key is shown once, immediately after creation, and can never be retrieved again.

A key is either user-scoped or org-scoped, depending on how it was issued. User-scoped keys come from the browser sign-in flow and grant access to every org the user belongs to. Org-scoped keys come from the dashboard and grant access to a single org. Reach for an org-scoped key in a CI environment tied to one team’s namespace; reach for a user-scoped key when one developer publishes across several orgs from their laptop.

Listing keys in an org context returns both the org’s keys and the user’s user-scoped keys, so you can see and manage your own keys from any org you’re in.

Revoke a key from the dashboard. Deletion takes effect immediately, and any subsequent CLI request using that key fails with an authentication error. There is no rotate operation — rotate by creating a new key, switching the CLI to it, then deleting the old one. There is no expiry; keys are valid until deleted. If a key is leaked, delete it immediately and create a replacement. There’s no way to invalidate older versions of “the same” key, because keys are identified by their hash, not by an identity.