Skip to main content
Almanac API keys are workspace-scoped. Read-only is the default.
almanac keys create "Search service" --workspace acme
The full waka_... secret appears once. Store it in a secret manager. Later list output shows a separate API key ID and obfuscated value; deletion uses the API key ID.

Grant write access deliberately

almanac keys create "Wiki automation" --workspace acme --write
PermissionAllows
almanac:wiki:readList, search, and read wikis, pages, sources, and jobs
almanac:wikis:createCreate wikis
almanac:sources:uploadUpload source files
almanac:jobs:gardenStart Garden jobs
--write grants all four permissions. For a narrower key, repeat --permission with only the required values.

Send the bearer token

curl "$ALMANAC_API_URL/v1/me" \
  -H "Authorization: Bearer $ALMANAC_TOKEN"
Do not put keys in committed files, command examples with real secrets, client-side browser code, or screenshots. See Configuration for the supported environment variables.