Migrate from Token flow to Key flow authentication

This guide helps you migrate your STACKIT service account access tokens from Token flow to Key flow. Follow these steps to prepare for the upcoming changes and ensure your services remain secure.

Plan Your Token Migration

First, figure out where you’re using service account access tokens. This will help you plan your migration.

1. Get a complete overview of every service that uses service account access tokens.
2. Estimate the time it will take you to update each implementation.
3. Create a timeline for rolling out these changes to your production environments.

If your migration won’t be finished by December 17, 2025, you must renew your current service account access tokens by December 16, 2025, at the latest.

Update Your Authentication

Now, let’s update your authentication method.

1. Create a key for each service account if you haven’t already. Check out our guide on how to do this.
2. Choose an implementation method for each of your applications. STACKIT offers a few options:
   • CLI Application: Use the command-line tool to get a short-lived token or complete a task without writing your own code or scripts.
   • SDKs: We have SDKs for Go and Python that can help you acquire tokens programmatically.
   • Manual Implementation: If you prefer, you can manually implement token acquisition by following this guide.
3. Test your new implementation in your development and testing environments.
4. Deploy to production after your tests are successful.

Finalize the Process

Once you’ve successfully migrated everything, it’s time to clean up. Delete your long-lived service account access tokens from the STACKIT Portal.