Skip to main content

Authentication & Authorisation Mechanisms

For Data Custodians

The default mechanism for authenticating a Pod is to run the Pod and log in via the web-based Bitfount Hub app to verify your credentials. You are welcome to leave this as the default behaviour, however we have also provided an alternative mechanism in the form of API keys detailed below.

Pod API Keys

Bitfount has enabled a mechanism to ensure you are no longer required to authenticate via the online Hub each time you wish to run a Pod. Instead, each Pod is assigned a set of API keys, which are used to authenticate upon initialisation.

You can enable an API Key by going to the Hub > My Pods > API Keys tab and clicking "Add API Key". Be sure to:

  • Type the desired Pod's name correctly.
  • Copy the accessKeyID and accessKey values.

To run the Pod indefinitely using these keys, you can add them to your YAML Pod configuration file like so prior to running the Pod runner script (details on how to do the whole process can be found here):

access_key: type key here
access_key_id: id key here
pod_name: name of pod
### rest of Pod config

If you'd prefer to configure the Pod in python, you can set the access_key and access_key_id as environment variables on your machine. Then, specify these variables for the pod class using the pod_keys parameter.

In terminal:

export BITFOUNT_API_KEY="access key value"
export BITFOUNT_API_KEY_ID="id key value"

When configuring the Pod, you do not have to specify these variables once they've been stored as environment variables.

Changing & Deleting API Keys

In the event of a breach of your systems or to enable shared ownership of a Pod, you can change API keys as desired via the Pod’s “API Keys” tab within “My Pods” in Bitfount Hub.


Pods are limited to two API keys per Pod.

If you wish to use API keys for multiple Pods, you will need to specify the different API keys in different YAML files.

Pod API keys can also be used to enable you to build a network of distributed Pods with the same set of credentials. This is most typically done using Bitfount’s SDK. For more information on how to deploy Bitfount for this use case, please reach out to