---
title: Managing agent keys
summary: null
url: >-
  https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/agent-management/managing-agent-keys
---

For each site (also known as workspace), the Next-Gen WAF agent has a set of keys or credentials that authorize it for the site (workspace).

- The **Agent Access Key** (`accesskeyid`) identifies the site (workspace) that the agent is configured for.
- The **Agent Secret Key** (`secretaccesskey`) authenticates and authorizes the agent.

You'll need these keys to [start](https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/agent-management/getting-started-with-the-agent#installing-the-agent) and [update](https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/agent-management/getting-started-with-the-agent#upgrading-the-agent) the agent.

## Viewing agent keys

To view the agent keys for a site (workspace), complete the following steps:

### Next Gen Waf Control Panel

1.   Log in to the [Next-Gen WAF control panel](https://dashboard.signalsciences.net).

2.   From the **Sites** menu, select a site if you have more than one site.

3. Click **Agents** in the site navigation bar.
4. Click **View agent keys**.
5. _(Optional)_ Click **Copy** to copy the Agent Access Key (`accesskeyid`) and Agent Secret Key (`secretaccesskey`).

### Fastly Control Panel

1.   Log in to the [Fastly control panel](https://manage.fastly.com).

2.   Go to **Security** > **Next-Gen WAF** > [**Deployment**](https://manage.fastly.com/security/ngwaf/deployment).

3.   From the workspaces bar, click the menu <span class="inline-icons"><img src="/img/icons/chevron-down.png" alt="Menu icon" /></span> to the right of the workspace name and select a workspace.

4. Click **View agent keys**.
5. _(Optional)_ Click **Copy** to copy the Agent Access Key (`accesskeyid`) and Agent Secret Key (`secretaccesskey`).

## Rotating the agent keys

To rotate the agent keys for a site (workspace), use [HashiCorp Vault](https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/agent-management/hashicorp-vault/#rotate-agent-keys) or make the following Next-Gen WAF API calls in a terminal application:

> **IMPORTANT:** For each API endpoint step, you'll need to replace `${SIGSCI_EMAIL}` and `${SIGSCI_TOKEN}` with your email and [Next-Gen WAF API token](https://www.fastly.com/documentation/guides/next-gen-waf/developer/using-an-api-with-the-next-gen-waf#about-api-access-tokens) and `${corpName}` and `${siteName}` with those of your corp (account) and site (workspace). You can find these values in the address of the Next-Gen WAF control panel, such as `https://dashboard.signalsciences.net/corps/${corpName}/sites/${siteName}`.

1. Call the [create agent keys](https://www.fastly.com/documentation/signalsciences/api/#_corps__corpName__sites__siteName__agentKeys_post) API endpoint.

   ```term copy nolinenums
   $ curl -X POST "https://dashboard.signalsciences.net/api/v0/corps/${corpName}/sites/${siteName}/agentKeys?pretty=true" \
   -H "x-api-user:${SIGSCI_EMAIL}" \
   -H "x-api-token:${SIGSCI_TOKEN}" \
   -H "Content-Type: application/json"
   ```

2. Call the [list agent keys](https://www.fastly.com/documentation/signalsciences/api/#_corps__corpName__sites__siteName__agentKeys_get) API endpoint and make a note of the `accessKey` value for the set that you're retiring and for the set that you just created.

   ```term copy nolinenums
   $ curl -X GET "https://dashboard.signalsciences.net/api/v0/corps/${corpName}/sites/${siteName}/agentKeys?pretty=true" \
   -H "x-api-user:${SIGSCI_EMAIL}" \
   -H "x-api-token:${SIGSCI_TOKEN}" \
   -H "Content-Type: application/json"
   ```

3. Call the [make agent keys primary](https://www.fastly.com/documentation/signalsciences/api/#_corps__corpName__sites__siteName__agentKeys__accessKey__makePrimary_post) API endpoint in a terminal application. Be sure to replace `${newAccessKey}` with the `accessKey` value from your new agent key set.

   ```term copy nolinenums
   $ curl -X POST "https://dashboard.signalsciences.net/api/v0/corps/${corpName}/sites/${siteName}/agentKeys/${newAccessKey}/makePrimary" \
   -H "x-api-user:${SIGSCI_EMAIL}" \
   -H "x-api-token:${SIGSCI_TOKEN}" \
   -H "Content-Type: application/json"
   ```

4. [Replace the old agent keys](https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/agent-management/installing-the-agent/#install-and-configure-the-agent-package) with the new agent keys in your agent configuration file.

5. Call the [delete agent keys](https://www.fastly.com/documentation/signalsciences/api/#_corps__corpName__sites__siteName__agentKeys__accessKey__delete) API endpoint in a terminal application to delete the old set of agent keys. Be sure to replace `${oldAccessKey}` with the `accessKey` value from the agent key set that you're retiring.

   ```term copy nolinenums
   $ curl -X DELETE "https://dashboard.signalsciences.net/api/v0/corps/${corpName}/sites/${siteName}/agentKeys/${oldAccessKey}" \
   -H "x-api-user:${SIGSCI_EMAIL}" \
   -H "x-api-token:${SIGSCI_TOKEN}" \
   -H "Content-Type: application/json"
   ```

## Related content

- [Getting started with the agent](https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/agent-management/getting-started-with-the-agent)
- [Using an API with the Next-Gen WAF](https://www.fastly.com/documentation/guides/next-gen-waf/developer/using-an-api-with-the-next-gen-waf)