Identify applications utilizing PowerShell Gallery API keys and last access times

[pcgeek86]

Synopsis

I am using API keys in PowerShell Gallery to automatically publish modules from source code in GitHub. I'm using GitHub Actions as a continuous deployment system.

However, I also occasionally publish modules to PowerShell Gallery manually, from other locations. I have multiple API keys configured in PowerShell Gallery, but I don't know which API keys are being used by which applications.

Question

• How do I determine which API key is being used by a particular application?
• Is there any kind of access log that indicates which IP addresses or reverse DNS names are using a particular API key?
• How do I know the last time that an API key was actually used, and by whom?

cross-posted from: https://stackoverflow.com/questions/68926131/identify-applications-utilizing-powershell-gallery-api-keys-and-last-access-time

[StevenBucher98]

Thanks @pcgeek86! Here are our answers to your questions:

• How do I determine which API key is being used by a particular application?

When you initially create the API key you have option to specify which modules it applies to, there is no way to retrieve this information from the keys themselves.

• Is there any kind of access log that indicates which IP addresses or reverse DNS names are using a particular API key?

Simply put, no there isn't. We do not keep track of this information.

• How do I know the last time that an API key was actually used, and by whom?

We cannot figure out that information from the keys, if you suspect it is being used by someone else we suggest you deactivate that API key and create a new one.