colunrn is the developer platform that gives teams complete visibility and control over every API credential in their stack.
Eliminate credential sprawl, enforce least-privilege scopes, and automate key rotation — all from a single, auditable source of truth.
1const colunrn = require('colunrn-sdk');3const key = await colunrn.keys.create({4 name: 'prod-openai-service',5 scopes: ['inference:read', 'embed:write'],6 expiresIn: '30d',7 rotateOnExpiry: true,8});10// Response11{12 id: 'key_8xQr2mN9pLvT',13 key: 'col_••••••••••••7f3a',14 scopes: ['inference:read', 'embed:write'],15 expiresAt: '2025-02-14T00:00:00Z',16 autoRotate: true,17 status: 'active',18}
Trusted by engineering teams at
colunrn gives your team precise control over the full lifecycle of every API key — from creation to retirement.
Generate scoped API keys via dashboard or REST API in milliseconds — no waiting, no manual steps. Assign granular permissions and expiry policies at creation time.
Rotate secrets without breaking production — colunrn uses atomic swap semantics so the old key stays valid until the new one is confirmed active. No race conditions, no outages.
Every read, write, and revocation event is captured, timestamped to the millisecond, and exportable as JSON or CSV. Compliance reviews become a single filtered query.
All capabilities are available across every colunrn plan — no feature gating on core security infrastructure.
Purpose-built tools for the way engineering teams actually work — audit trails, zero-downtime rotation, and a CLI that fits your pipeline.
No more spreadsheets, no more digging through secret managers across five services. colunrn aggregates every API key — development, staging, production — into a single, searchable dashboard with real-time expiry tracking.
See exactly what read, write, or webhook permissions each key holds.
Color-coded badges flag keys expiring in under 30 days — before they break production.
Find any key by name, environment, service, or status in milliseconds.
The colunrn CLI handles the entire rotation lifecycle: generates a new keypair, propagates it to all bound services, then revokes the old key — all atomically. Your application never sees an invalid credential.
New key goes live before the old one is revoked — no gap, no outage.
Node, Python, Go, and Ruby SDKs expose a single rotate() call that mirrors the CLI behavior.
Every rotation is logged with actor, timestamp, and environment for compliance and debugging.
colunrn speaks your language — literally. SDKs, strict types, idempotency, and webhooks out of the box.
Every endpoint ships with first-class TypeScript types and Python dataclasses. Zero guessing about response shapes.
Pass an Idempotency-Key header and retry safely. Duplicate network calls never create duplicate keys.
Receive real-time events on key.created, key.rotated, key.revoked, and key.expired. Stay in sync effortlessly.
Grab the full OpenAPI 3.1 spec to generate clients in any language, power your internal docs, or mock the API locally.
No hidden fees. No surprise bills. Start free, scale when you're ready.
Free
Get started with secure API key management at no cost.
Pro
Everything teams need to manage keys at scale, with confidence.
Real teams. Real key sprawl. Real relief.
"Before colunrn, our API keys were scattered across Notion docs, Slack messages, and random .env files nobody could find. One rotation took half a day. Now it's a single command and we're done in under two minutes."
"Rotation anxiety was real. Every quarter I'd lie awake wondering if we'd missed a service. colunrn's dependency graph shows exactly what touches each key — we rolled all 47 keys across prod in one afternoon without a single incident."
"Our SOC 2 audit used to mean three weeks of frantic evidence collection. colunrn generates a complete access log export in seconds. The auditor literally said 'this is the cleanest API trail I've seen in ten years.'"
"We had a contractor leave and genuinely didn't know which keys they'd used. With colunrn's per-identity scoping, their access was revoked across every integration the moment HR offboarded them. Zero follow-up tickets."
"Before colunrn, our API keys were scattered across Notion docs, Slack messages, and random .env files nobody could find. One rotation took half a day. Now it's a single command and we're done in under two minutes."
"Rotation anxiety was real. Every quarter I'd lie awake wondering if we'd missed a service. colunrn's dependency graph shows exactly what touches each key — we rolled all 47 keys across prod in one afternoon without a single incident."
"Our SOC 2 audit used to mean three weeks of frantic evidence collection. colunrn generates a complete access log export in seconds. The auditor literally said 'this is the cleanest API trail I've seen in ten years.'"
"We had a contractor leave and genuinely didn't know which keys they'd used. With colunrn's per-identity scoping, their access was revoked across every integration the moment HR offboarded them. Zero follow-up tickets."
Connect your first API key, set rotation policies, and lock down access — all in under five minutes.
No credit card required — free plan includes 3 projects & 10 keys
API keys, fully under control. Manage, rotate, audit, and secure every key across your infrastructure from one unified platform.
Get product updates, security advisories, and developer tips delivered to your inbox. No spam, unsubscribe anytime.
By subscribing you agree to our Privacy Policy.
© 2026 colunrn Inc. All rights reserved.