kAudit

Appearance

API Keys

kAudit uses two types of API keys. Understanding the difference is important before creating keys.

Key types

TypePurposeUsed by
Agent API KeysAuthenticate the kAudit Windows Service Agent to the central APIThe kAudit Agent service on each SQL Server host
Public API KeysProgrammatic read-only access to the kAudit REST API for scripts and integrationsCI/CD pipelines, SIEM integrations, monitoring scripts

Agent API Keys

Agent API keys are scoped to a tenant and are used exclusively by the kAudit Agent service. The agent uses its key to:

  • Send audit events to the platform
  • Receive configuration updates
  • Send heartbeat signals for health monitoring

Creating an agent API key

  1. Navigate to Administration → Tenant Agents.
  2. Find the tenant in the Tenant Instances table.
  3. Click the actions menu () and select Manage API Keys.
  4. In the API Key Management dialog, click Create Key.
  5. Enter a label (e.g., Production SQL 01 Agent) and optionally set an expiry date.
  6. Click Create.
  7. Copy the key immediately — it is shown only once.

Use this key in the agent configuration file in the AgentApiKey field.

Rotating an agent API key

  1. Create a new key following the steps above.
  2. Update the agent configuration on the host with the new key.
  3. Restart the agent service.
  4. Delete the old key from the API Key Management dialog once the agent is confirmed healthy.

Zero-downtime rotation

Always create the new key first, update and restart the agent, then delete the old key — not the other way around.

Public API Keys

Public API keys let you query the kAudit REST API programmatically. Use these for scripts, dashboards, SIEM integrations, or any tool that needs read access to your audit data.

Creating a public API key

  1. Navigate to your Profile page (click your avatar in the top-right, then Profile).
  2. In the API Keys section, click New API Key.
  3. Enter a label describing the use case (e.g., SIEM Integration, Audit Export Script).
  4. Select the permissions scopes you need:
    • Read Audit Activity — access to audit activity events (read:audit-activity) ✅ Active
    • Read Alerts — access to alerts (coming soon)
    • Read Findings — access to findings (coming soon)
    • Read Compliance — access to compliance health data (coming soon)
    • Read Reports — generate and download reports (coming soon)
  5. Set an optional expiry date.
  6. Click Create and copy the key immediately.

Using a public API key

Include the key in the X-Api-Key request header:

http
GET /api/v1/public/audit-activity
X-Api-Key: your-api-key-here

See the API Reference for full endpoint documentation.

Revoking a public API key

  1. Navigate to your Profile page.
  2. In the API Keys section, find the key and click Revoke.
  3. Confirm the revocation.

Revoked keys stop working immediately.

Security best practices

  • Store API keys in secrets managers (Azure Key Vault, GitHub Secrets) — never commit them to source control
  • Use labels to track where each key is used
  • Set expiry dates for keys with limited-time use cases
  • Rotate keys annually or when team members leave
  • Review active keys periodically and revoke any that are no longer needed

SQL Audit Monitoring, made simple.

Copyright © 2024–2026 Kovoco. All rights reserved.