Subgraph API keys have been introduced to improve security and streamline deployment pipelines by granting narrowly scoped permissions to specific subgraphs within an organization's graph, ideal for CI/CD workflows. Unlike the broader Graph API keys, which provide access to an entire federated supergraph and pose risks of unauthorized changes by different teams, subgraph keys restrict permissions to designated subgraphs, adhering to the security best practice of the "principle of least permissions." These keys are beneficial for autonomous teams managing their subgraphs, allowing them to perform necessary operations like running checks and publishing schema changes without affecting other areas. Available in GraphOS Standard and Enterprise plans, subgraph keys can be created using Rover or the Platform API, are immutable, and should be securely stored in a secret manager, facilitating safer and more controlled deployment processes.