Scoped API Keys Now Live: Secure, Fine-Grained Access Control on Runpod

Runpod has enhanced its API key management by introducing new features that offer more detailed control over API key permissions. Users can now define access by endpoint and select between read/write, read-only, or no access on a per-endpoint basis, enhancing security and control. The update also allows users to view the creation and last-used dates for API keys, and to disable or re-enable keys as needed. Existing keys remain functional without these new features unless users choose to create new ones, which will have an "rpa_" prefix. Two main permission levels are highlighted: GraphQL access, which is powerful and should be managed carefully to avoid unauthorized account activities, and endpoint access, which allows for specific key-based endpoint permissions. These changes aim to bolster account security, especially against potential misuse like unauthorized pod creation. Users are encouraged to apply the principle of least privilege when assigning access.