Trust anchors
What is missing?
allowlist match
missing
org hints
partial context
API Keys meaning layer
API key inventory should surface trust gaps, shared credential lanes, and company consequence before it behaves like a masked credential list.
Credentials are one of the clearest blast-radius surfaces in the inventory. The first read should make that consequence obvious.
1 key changes the story
Which credential lane matters most right now?
Keys seen
3
Only one is story-defining
Unknown keys
1
This is the main inventory trust break
Shared usage
NaN
One expected, one weakly explained
Immediate review value
NaN
Closing the key story clarifies much else
Meaning anchors
Why api keys matter before the raw catalog
3 anchors
Anchor | Summary | Operator note |
|---|---|---|
Credentials are trust surfaces first | The inventory page should say quickly whether a key is known, expected, shared, or weakly explained. | That is more useful than a masked prefix list. |
A single unknown key can reframe many rows | Because credentials sit above sessions and external traffic, one trust break can explain much of the dashboard story. | This is why keys deserve meaning-first treatment. |
Key detail should expose containment value | Operators should know immediately what gets clearer if the key is suspended, matched, or rotated. | That is the operational abstraction the page should add. |
Priority queue
Fastest drill paths for this entity type
Significance
Story | Summary | Why it matters |
|---|---|---|
sk-ant-...C001 | Unknown key with active usage and a direct alert relationship. | Fastest path to clarifying the current trust story. |
Shared org key | Known but broad lane. | Useful baseline and blast-radius comparison. |
Service key lane | Automation-only path with lower consequence. | Useful to separate routine from the current unknown. |
c6 reference
Raw API Key Inventory
3
1 unknown API key
sk-ant-...C001 is not in the org allowlist and has an active session.
Keys observed
3
Unknown keys
1
Immediate review
Primary org
NaN
Live unknown spend
NaN
Key prefix | Organization | Sessions | Total cost | Status |
|---|---|---|---|---|
| sk-ant-...A3F2 | qpoint-dev | 33 | $47.20 | known |
| sk-ant-...7B91 | qpoint-ci | 11 | $0.82 | known |
| sk-ant-...C001 | unknown | 1 | $0.61 | unknown |
Representative detail
sk-ant-...C001
The unknown key should read like a trust break: unclear ownership, shared reach, and immediate containment value.
Key Prefix :
sk-ant-...C001
display-safe prefix only
Organization :
unknown
Rate Limit (req) :
500 / min
Rate Limit (tokens) :
50K / min
First Seen :
today
Last Seen :
22 min ago
Credential trust map
The unknown key should be shown as a trust break that widens several adjacent stories.
credential
Use the map to connect the key to sessions, hosts, files, and outbound traffic in one operator view.
Focus
sk-ant-...C001
Unknown owner with active usage and shared scope.
trust break
Attached work
Where is it used?
1 active session
flagged now
5 recent sessions
adjacent context
Company context
Why does it matter?
auth repo path
sensitive work
.env + config
credential-adjacent files
Boundary paths
What does it unlock?
api.anthropic.com
provider traffic
secondary host
supporting path
trust level
low
linked sessions
6
containment value
high
next drill
session + file story