Skip to main content

Using Cloud Console Tokens

Info

Production workloads should use Workload Identity Federation instead of Cloud Console tokens. Workload Identity Federation provides a more secure, controlled way to generate time-limited Access Keys using SAML assertions.

Access Keys created using Cloud Console tokens may be permanent or temporary. Permanent keys do not expire, while temporary keys are valid for a specified duration. Access Keys may be created in the CoreWeave Cloud Console or with the CoreWeave API.

Create Access Keys in the Cloud Console

You must be logged in with an account that has admin permissions.

  1. In the Cloud Console, navigate to Object Storage > Keys.
  2. Click Create Key.
  3. In the dialog:
    • For a Temporary key, enter the desired duration in seconds and click Create.
    • For a Permanent key, select Enable Permanent Key and click Create.

Create Access Keys with the API

To create Access Keys via the API, you must first create a JSON object that defines the key's properties. The JSON object must include the durationSeconds property, which specifies how long the key is valid.

Permanent keys

Permanent keys do not expire, and can be used indefinitely. To create a permanent access key, set durationSeconds to 0 in a JSON object. The value of 0 in the example data.json indicates that the key does not expire.

data.json
{
"durationSeconds": 0
}

Then, submit the request to the /access-key endpoint with the JSON object in the body. Replace {API_ACCESS_TOKEN} with your API access token.

Example request
$
curl -X POST https://api.coreweave.com/v1/cwobject/access-key \
-H "Content-Type: application/json" \
-H "Authorization: Bearer {API_ACCESS_TOKEN}" \
-d @data.json

A successful response returns the key with the expiry field set to 1970-01-01T00:00:00Z, which indicates that the key does not expire.

Response status code 200
{
"accessKeyID": "CWABCDEFGHIJKLMN",
"expiry": "1970-01-01T00:00:00Z",
"principalName": "coreweave/[email protected]",
"secretKey": "cwo1234567890abcdefghijklmnopqrstuvwxyz1234"
}

Temporary keys

Create temporary Access Keys by setting durationSeconds to the desired duration in seconds. Temporary keys expire after the specified duration, which can be of any length.

To begin, create a JSON object that defines durationSeconds. The example below creates a key with a 300 second (5 minute) duration.

data.json
{
"durationSeconds": 300
}

Submit the request to the /access-key endpoint with the JSON object in the body. Replace {API_ACCESS_TOKEN} with your API access token.

Example request
$
curl -X POST https://api.coreweave.com/v1/cwobject/access-key \
-H "Content-Type: application/json" \
-H "Authorization: Bearer {API_ACCESS_TOKEN}" \
-d @data.json

A successful response returns the key. The expiry field is set to the time the key expires.

Response status code 200
{
"accessKeyID": "CWABCDEFGHIJKLMN",
"expiry": "2024-01-01T09:15:01Z",
"principalName": "coreweave/[email protected]",
"secretKey": "cwo1234567890abcdefghijklmnopqrstuvwxyz1234"
}