API keys

Per-organization secrets that give the SDK access to your flags. Treat them like passwords.

Creating a key

1
Go to Settings → API Keys
You'll see all active keys for your organization.
2
Click "Create key"
Give it a descriptive name like "Production" or "Staging SDK".
3
Copy the key immediately
It is shown only once. If you miss it, you'll need to create a new one.
4
Add it to your environment variables
Store it as VEXIL_API_KEY in your app's environment. Never commit it to source control.

API keys are shown in full only at creation time. Store them in a secrets manager or your deployment platform's environment variable system — not in .env files that might be committed.

Using a key in the SDK

const ff = new Vexil({
  apiKey: process.env.VEXIL_API_KEY,   // ← here
  baseUrl: 'https://your-api.example.com',
})

Revoking a key

Click Revoke next to a key to immediately invalidate it. Any SDK instance using that key will fall back to configured default values. To rotate a key safely:

Create a new key.
Update your app's environment variable to the new key and redeploy.
Revoke the old key once traffic has shifted.

← PreviousAudit log