API Keys
API keys are associated with accounts on a customer instance and enable API access for all licensed Tenable Vulnerability Management products. API keys interact with licensed Tenable products and customer data within an instance. You must protect these keys by storing them in a secure password vault. API keys are scoped to the user's role and permission for which they are generated. Users with the Basic, Scan Operator, Standard, Scan Manager, or Administrator role can generate their own API keys. Users with Custom Roles can be prevented from generating or updating API keys and administrators can disable API access for any specific user who does not have the ability to manage User Access Control. Administrators can generate API keys for any user in the instance. For instructions on how to generate API Keys, see the Generate API Keys documentation.
Regenerating API keys replaces any existing API keys generated for a given account. If an API key is ever exposed, regenerate the key to revoke the exposed key and obtain new credentials. Be sure to copy the access and secret keys as soon as they are generated and store them in a password vault. After closing the browser tab, you cannot retrieve the keys from Tenable Vulnerability Management. Tenable recommends that your organization periodically rotates API keys in a manner that aligns with your organization's risk tolerance and operational requirements. Regular key rotation helps mitigate potential security risks and must be conducted as part of ongoing security hygiene practices.