Seq API key issues

1.4k views Asked by At

We are currently adopting Serilog & Seq - amazing products so far, by the way - and the following API key related questions arose (I think they are quite closely related and concise so I'd rather post them together):

  1. Is there any property automatically stored in the event identifying the API key?

    Our first approach is to add an applied property to each API key. Specifically, we add an "App" property containing the copy-pasted API key title applied property.

  2. Are event types global or local to each API key?

    From the documentation, I understand that the same template logged with different API keys will have the same event type - therefore being "global":

    Working with message templates is verbose though, so Seq produces a 32-bit hash of the message template and makes this available in the @EventType built-in property. (Source: official docs)

  3. Can the API key token be specified instead of being automatically generated?

    The motivation is avoiding having to update the code / configs after installing a new instance of Seq. More so when we understand that backing up is not supported when upgrading the server version:

    The version must be identical to the one used when creating the backup. (Source: official docs)

2

There are 2 answers

0
jnovo On BEST ANSWER
  1. Is there any property automatically stored in the event identifying the API key?

No, applied properties must be used.

  1. Are event types global or local to each API key?

They are global. Indeed this is useful if you have the same event template (ie. event type) across different applications (ie. API keys) so that you can filter by event type and application (using an applied property per API key such as "App").

  1. Can the API key token be specified instead of being automatically generated?

It seems that this will be possible starting with version 3.4.

3
C. Augusto Proiete On

I think you are confusing API key and Master Key, both of which are not logging concepts.

API key is what you use, from the client-side, to authenticate with Seq, so that it allows you to push logs into it.

Master key is the encryption key used, on the server-side, to encrypt the data.


So to answer your questions:

  1. Is there any property automatically stored in the event identifying the API key?

A: No... And it would be a huge security issue if the API key were ever leaked in the log message

  1. Are event types global or local to each API key?

A: Event types have no relation to API key whatsoever, so to put it on your terms: "global"

  1. Can the API key token be specified instead of being automatically generated?

A: Yes. You can generate API keys for each of your apps, and they will stay the same across upgrades