# All channels
Sachin D. Shinde@sachin-shinde
No api keys per environment in graph manager. How do you secure things?January 31, 2020 at 8:53pm (Edited 6 months ago)
In graph manager, you define a graph and can have multiple variants for different environments. While a graph can be secured by an api key, variants cannot. This means anyone on the team can see the api key for the graph and push updates to the production environment.
We are used to the practice of using different api keys to help secure different environments. We can then limit the people and processes that have access to those keys. But in graph manager, the key is there and visible to anyone with access to graph manager so this doesn't really work.
What is the best practice here for securing changes around environments/variations? How do you keep keys secure so anyone on the team can't just log onto graph manager and grab them? Especially because we want the observability that graph manager provides to the team.
January 31, 2020 at 10:43pm
February 3, 2020 at 3:18pm