SOLVED

What should I use as my Munkchin API private key?

Go to solution
Highlighted
Anonymous
Not applicable

What should I use as my Munkchin API private key?

Hey all,

Looking at existing posts, I am able to create my own private key value. Are there best practices on what this should be (should I use numbers and characters)? Or can it be something as simple as "CompanyNameAPI"?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Level 10 - Community Moderator

Re: What should I use as my Munkchin API private key?

There's an exact answer to this: if you abide by the common NIST recommendation (as a US-based company, this is a good idea) it should contain a minimum of 112 bits of entropy as it will be used as a SHA-1 key.

If you confine yourself to case-insensitive hex characters (0–9, A-F) 112 bits = 28 random characters.

If you use the wider (a-z, A-Z, 0–9) range then you need 22 characters. And so on.

You should use an online random key generator to gen the key. Don't try to hand-enter it if you want real randomness (the key won't be hand-entered later so it is easily machine-generated).

View solution in original post

3 REPLIES 3
Highlighted
Level 6

Re: What should I use as my Munkchin API private key?

Best Practice: Use something that nobody else can figure out easily <--- Good Luck

This principal should/can be used to generate any type of key, such as passwords. 

Highlighted
Level 10 - Community Moderator

Re: What should I use as my Munkchin API private key?

There's an exact answer to this: if you abide by the common NIST recommendation (as a US-based company, this is a good idea) it should contain a minimum of 112 bits of entropy as it will be used as a SHA-1 key.

If you confine yourself to case-insensitive hex characters (0–9, A-F) 112 bits = 28 random characters.

If you use the wider (a-z, A-Z, 0–9) range then you need 22 characters. And so on.

You should use an online random key generator to gen the key. Don't try to hand-enter it if you want real randomness (the key won't be hand-entered later so it is easily machine-generated).

View solution in original post

Highlighted
Anonymous
Not applicable

Re: What should I use as my Munkchin API private key?

awesome thank you so much Sanford!