CreateKey

CreateKey( param_object )
CreateKey( param_object )
CreateKey( param_object )
CreateKey( param_object )
create_key( param_object )
CreateKey( param_object )

Description

CreateKey creates a new key, based on the settings in param_object, which can be used to access the current database. If you provide an optional ref to a child database, the key is associated with (and provides access to) that database. An admin key must be used when calling CreateKey.

Once the key is created, the key’s secret can be used to connect to FaunaDB and execute queries within the associated database, with the permissions associated with the key’s role.

If you would prefer to use FaunaDB’s Attribute-based access control (ABAC), you should use the Login function instead.

Parameters

Argument Type Definition and Requirements

param_object

The param_object fields are described below.

param_object

Field Name Field Type Definition and Requirements

role

The access roles include admin, server, server-readonly, client, or a user-defined role.

database

Optional - A ref of an existing child database. If not provided, the new key grants access to the current database.

name

Optional - A name to apply to the key, to help differentiate this key from any others that may exist.

priority

Optional - A relative weight between 1 and 500, inclusive, indicating how many resources this key should be allowed to utilize. Defaults to 1. A higher number means more resources.

The priority option is deprecated as of release 2.10.0. You should avoid specifying priority. In some future FaunaDB release, priority will be removed. See Deprecations for more details.

data

Optional - Contains user-defined metadata for the key. It is provided for the developer to store key-relevant information.

Returns

An object containing the metadata about the results of CreateKey operations.

Field Name Field Type Definition and Requirements

ref

The reference is an automatically-generated, unique identifier within the database to the key that was created.

database

The ref of the database that the key belongs to.

role

The access role for this key.

name

The name for this key. Only present when specified during key creation.

ts

The timestamp, with microsecond resolution, associated with the creation of the key.

secret

The key’s authentication secret. It is only present at creation. You must copy the key’s secret and store it securely for future use.

hashed_secret

The key’s hashed authentication secret.

Examples

The following query creates a key for the prydain database with an access role of server.

curl https://db.fauna.com/ \
    -u fnAChGwBacACAEZtRZFDXpyjIvq-sln34m-va4Km: \
    -d '{
          "create_key": {
            "object": { "database": { "database": "prydain" }, "role": "server" }
          }
        }'
client.Query(
  CreateKey(
    Obj("database", Database("prydain"), "role", "server")));
System.out.println(
      client.query(
          CreateKey(
              Obj(
                 "database", Database(Value("prydain")),
                 "role", Value("server")
              ))
        ).get());
result, _ := client.Query(
    f.CreateKey(
        f.Obj{"database": f.Database("prydain"), "role": "server"},
    ),
)

fmt.Println(result)
client.query(
  CreateKey(
    Obj("database" -> Database("prydain"), "role" -> "server")))
client.query(
  q.create_key(
    {"database": q.database("prydain"), "role": "server"}
  ))
client.query(
  q.CreateKey({
    database: q.Database('prydain'),
    role: 'server',
  })
)
.then((ret) => console.log(ret))
HTTP/1.1 201 Created
{
  "resource": {
    "ref": { "@ref": "keys/181388642789360128" },
    "class": { "@ref": "keys" },
    "ts": 1509244539905476,
    "database": { "@ref": "databases/prydain" },
    "role": "server",
    "secret": "fnAChGwCc8ACAJ14XId4jxQlr2sn496g1J7Ysq42",
    "hashed_secret": "$2a$05$xVX/E8zRRLTPgRvVGacOJOVUDa9UdaY9wTGoDOCbqoLQj9yJHwNsO"
  }
}
{
  "ref": { "@ref": "keys/181388642789360128" },
  "class": { "@ref": "keys" },
  "ts": 1509244539905476,
  "database": { "@ref": "databases/prydain" },
  "role": "server",
  "secret": "fnAChGwCc8ACAJ14XId4jxQlr2sn496g1J7Ysq42",
  "hashed_secret": "$2a$05$xVX/E8zRRLTPgRvVGacOJOVUDa9UdaY9wTGoDOCbqoLQj9yJHwNsO"
}
{
  ref: ref(id = "199665350603702784", collection = ref(id = "keys")),
  ts: 1526674566735005,
  database: ref(id = "prydain", collection = ref(id = "databases")),
  role: "server",
  secret: "fnACxVqUGLACAMdiPcGMWvtTPn__pBKRjqwjkj38",
  hashed_secret: "$2a$05$bwfQwJxBr468C15NHM37KOo4krZbdvxiEXyDZ6Xll6DN5MhAjSvqa"
}
map[ref:{181388642789360128 0xc4201c3a40 <nil>} ts:1509244539905476 database:{prydain 0xc4201c3be0 <nil>} role:server secret:fnAChGwCc8ACAJ14XId4jxQlr2sn496g1J7Ysq42 hashed_secret:$2a$05$xVX/E8zRRLTPgRvVGacOJOVUDa9UdaY9wTGoDOCbqoLQj9yJHwNsO]
{
  "ref": { "@ref": "keys/181388642789360128" },
  "class": { "@ref": "keys" },
  "ts": 1509244539905476,
  "database": { "@ref": "databases/prydain" },
  "role": "server",
  "secret": "fnAChGwCc8ACAJ14XId4jxQlr2sn496g1J7Ysq42",
  "hashed_secret": "$2a$05$xVX/E8zRRLTPgRvVGacOJOVUDa9UdaY9wTGoDOCbqoLQj9yJHwNsO"
}
{
  "ref": { "@ref": "keys/181388642789360128" },
  "class": { "@ref": "keys" },
  "ts": 1509244539905476,
  "database": { "@ref": "databases/prydain" },
  "role": "server",
  "secret": "fnAChGwCc8ACAJ14XId4jxQlr2sn496g1J7Ysq42",
  "hashed_secret": "$2a$05$xVX/E8zRRLTPgRvVGacOJOVUDa9UdaY9wTGoDOCbqoLQj9yJHwNsO"
}
{ ref: Ref(id=200295040051839490, collection=Ref(id=keys)),
  ts: 1527275085327966,
  database: Ref(id=prydain, collection=Ref(id=databases)),
  role: 'server',
  secret: 'fnACx5dHGJACAvbi1rpiKJFPsvWEdwvJjmEllT1q',
  hashed_secret:
   '$2a$05$cNALKjEyHHbx5XcxdQDd1uFlg9w7ILiGCkPiOBm.GkqdRvqLYTJpe' }

Was this article helpful?

We're sorry to hear that.
Tell us how we can improve!
Visit Fauna's Discourse forums or email docs@fauna.com

Thank you for your feedback!