Authentication

There are two options for managing cluster authentication depending on RBAC (Role-Based Access Control) being enabled:

• Authentication with RBAC enabled
• Authentication with RBAC disabled

Authentication with RBAC enabled

This section only applies to clusters that have RBAC (Role-Based Access Control) enabled. New clusters with Weaviate version v1.30 (or later) have RBAC enabled by default.

Create an API key

When connecting to a Weaviate Cloud cluster, you need an API key and the REST endpoint URL for authentication.

If you don't have an existing API key, you'll need to create one. Follow these steps to find the API keys section and create a new key if necessary:

1. Open the Weaviate Cloud console and select your cluster.
2. Navigate to the API Keys section, found in the Cluster details panel.
3. If you need a new API key, click the Create API key button (1 in the image below).

Navigate to the API Keys section.

4. In the Create API Key form, provide a descriptive name for your key (1).
5. Choose the role for this API key (2). You can either select an existing role like admin or viewer, or create a new role with specific permissions.
6. Click the Create button (3).

Create a new API key.

7. Important: This is the only time your API key will be displayed. Make sure to copy it (1) or download it (2) and store it in a secure location immediately after creation. You will not be able to retrieve the full key again.

Save your API key.

Rotate an API key

Rotating an API key allows you to generate a new key while invalidating the old one, enhancing security.

1. Open the Weaviate Cloud console.
2. Select your cluster and navigate to the API Keys section.
3. Locate the API key you want to rotate and click the Rotate button next to it (1 in the image below).

Rotate an API key in Weaviate Cloud.

4. A confirmation dialog will appear, explaining that the old key will be invalidated. Click Rotate key to proceed (1 in the image below).
5. A new API key will be generated. 2 Make sure to copy and save the new key immediately, as you won't be able to see it again.

Confirm API key rotation.

Edit an API key

Editing an API key allows you to modify its name or associated roles. To edit an API key for a cluster:

1. Open the Weaviate Cloud console.
2. Select your cluster and navigate to the API Keys section.
3. Locate the API key you want to edit and click the Edit button next to it (1 in the image below).

Edit an API key in Weaviate Cloud.

4. In the Edit API key form, you can modify the key's description/name (1).
5. You can also update the roles associated with this API key. Choose from the existing roles or assign different roles (2).
6. Click the Save button (3) to apply your changes.

Edit API key details.

Delete an API key

To delete an API key, follow these steps:

1. Open the Weaviate Cloud console.
2. Select your cluster and navigate to the API Keys section.
3. Locate the API key you want to delete and click the Delete button next to it (1).

Delete an API key in Weaviate Cloud.

4. A confirmation dialog will appear. Enter the necessary text (usually the API key name or a confirmation phrase) to confirm the deletion (1).
5. Click on the Confirm and delete button (2).

Confirm API key deletion.

Authentication with RBAC disabled

If RBAC (Role-Based Access Control) is not enabled, there will be two default API keys, ReadOnly and Admin:

• Admin keys are read-write.
• ReadOnly keys do not grant write access to the database.

If you have a Serverless cluster, you can create, delete, edit, and rotate API keys. You cannot modify the Sandbox cluster keys.

Retrieve an API keys

When connecting to a Weaviate Cloud cluster, you need an API key and the REST endpoint URL for authentication. To retrieve your connection details, follow these steps:

1. Open the Weaviate Cloud console and select your cluster.
2. On the Cluster details page, find the Admin API key and REST Endpoint URL.
3. Copy the needed key and URL and store them in a safe location.

Grab the REST Endpoint URL.

Grab the Admin API key.

REST Endpoint vs gRPC Endpoint

When using an official Weaviate client library, you need to authenticate using the REST Endpoint. The client will infer the gRPC endpoint automatically and use the more performant gRPC protocol when available.

Create an API key

If you have a Serverless cluster, you can create new API keys. To create a new API key, follow these steps:

1. Open the Weaviate Cloud console.
2. Select your cluster and find the API Keys section.
3. Click on the New Key button (1).

Add new API key to a cluster.

4. Choose if you want an Admin or ReadOnly key.
5. Click on the Create button.

Choose a type for the new API key.

info

This action restarts the cluster. If you have a stand-alone cluster, there is a short downtime while the cluster restarts. There is no downtime if you have a high availability cluster.

Delete an API key

If you have a Serverless cluster, you can delete API keys. To delete an API key, follow these steps:

1. Open the Weaviate Cloud console.
2. Select your cluster and find the API Keys section.
3. Click on the Delete button next to the key you want to delete (1).

Delete an API key in Weaviate Cloud.

4. Enter the necessary text to confirm the deletion.
5. Click on the Confirm and delete button.

Confirm API key deletion.

info

This action restarts the cluster. If you have a stand-alone cluster, there is a short downtime while the cluster restarts. There is no downtime if you have a high availability cluster.

Further resources

• Manage authorization in WCD
• RBAC documentation

Support

For help with Serverless Cloud, Enterprise Cloud, and Bring Your Own Cloud accounts, contact Weaviate support directly to open a support ticket.

For questions and support from the Weaviate community, try these resources:

• Community forum
• GitHub
• Slack

To add a support plan, contact Weaviate sales.