Create and manage Satellite keys

Microsatellites aren’t supported for organizations hosted in the EU data center.

Microsatellites require keys to authenticate and communicate with Cloud Observability. You need to create a Satellite key when you install and configure Satellites. Satellite keys expire after a year, and you’ll need to generate a new one when they do.

Only users with the Organization Admin role can generate Satellite keys.

Create Satellite keys

You need to create a Satellite key when you install and configure your Microsatellite. You can use one key for multiple Microsatellites or create separate keys. In general, we recommend using a unique key for each logical pool of Microsatellites, but not a unique key per Microsatellite instance.

To create a Satellite key:

  1. From the left-hand navigation, click Settings > Satellite keys.

  2. Click Create a satellite key.

  3. Enter a description for the key and click Create key. Use this field to describe where this key will be used or deployed (such as a pool name or a region), or other identifying characteristics. You can’t edit the description after creating the key, so if you need to change it, create a new key with the correct description and revoke the original. Key must be shorter than 64 characters.

    Your key is shown, along with the ID, expiration date, and other information. Details about the Satellite key include who created it, the description, and key value.

  4. Copy the key to your clipboard by clicking Copy & Close. You should paste it to a safe place, as you can’t view the key again later.

    This key can’t be shown again (for security purposes), so copy this key and paste it in a safe place before moving on to the next step.

  5. Paste the key as the value for the api_key configuration parameter:

    • Docker: Update the COLLECTOR_API_KEY environment variable (in a cloud-based cluster this could be a change in an AWS task definition, or in a Kubernetes configuration map) to the newly generated Satellite key. If using Docker with a config.yml file, update the api_key variable in the .yaml file.

    • Debian: Modify /etc/lightstep/collector.yaml on the machine by setting the api_key variable to the newly generated Satellite key.

    • AMI/AWS: Modify User Data in EC2 by setting the api_key environment variable to a newly generated Satellite key.

Update a Satellite key

Satellite keys expire after a year. Cloud Observability will notify you by email when the key is about to expire. If your Satellite Key is expiring soon, generate a new Satellite Key and update your Satellite configuration to continue sending data to Cloud Observability. Once you’ve updated the Microsatellite, you can revoke the previous key.

Revoke a Satellite key

You can revoke a Satellite key if needed.

To revoke a Satellite key:

  1. From the left-hand navigation, click Settings > Satellite keys.

  2. In the Satellite Keys area, find the Satellite key and click Revoke key.

    Revoking a Satellite key immediately disables your Microsatellite. It will no longer be able to communicate with Cloud Observability. Dialog states that you can't reverse this action.

See also

Install and configure Microsatellites

Updated Apr 6, 2021