Available Now: Fastly Automation Tokens
We are pleased to announce the general availability of Fastly Automation Tokens – a type of authentication token that enables non-human clients, such as continuous integration and build systems, to perform actions via the Fastly API. Fastly Automation Tokens are essentially service accounts. We have simplified the service account concept by abstracting the underlying pseudo user identity.
As Fastly Automation Tokens are not tied to human user identities, they mitigate the risk of business interruption for our customers if an individual departs their organization. The tokens also help increase your security posture, as you get the flexibility to use these tokens in accordance with the “least privilege” security principle. You can configure Fastly Automation Tokens to assign a specific role, scope and expiry period, as well as restrict access to specific services. The tokens also help with compliance as a result of accurate representation of service activity in the audit log.
Check out our User Guide and API Reference to learn how to create and manage Fastly Automation Tokens.
These tokens fulfill an important need for our customers. We received some great feedback from customers who participated in the beta program:
“I no longer have to worry about an outage due to use of the personal account token of someone who just left the company. This is a big deal!”
“The automation token beta feature has allowed our team to uncouple our automation changes from a personal user token. This is much more preferable, since it increases visibility into version history changes, eliminates the single point of failure of access to a personal token, and allows us to limit the scope of that token to just what automation needs.”
We will continue to listen to our customers and add more functionality, such as token expiry notifications and ability to create tokens through APIs regardless of the account settings, to make Fastly Automation Tokens more valuable for our customers. Going a step further, we are also looking into ways to eliminate the need for our customers to store secrets for cross platform interactions. Stay tuned!