User Roles - Assign Specific Variant to an API Key

[setchy]

As originally being discussed in issue #10, it would be great as an administrator of Apollo Studio to have the ability to assign a specific graph variant to each API Key.

This would allow us to have an API Key dedicated for each environment/variant, which is common policy in most corporate organizations around secrets management, and would ensure that graph operations (ie: schema push) is limited to the specific varianet

[ndintenfass]

Thanks for posting this @setchy -- Have you looked at the new Protected Variants feature? https://www.apollographql.com/docs/studio/org/graphs/#protected-variants-enterprise-only

We are definitely aware of the desire to limit API keys to specific variants, but we are finding that Protected Variants are a good alternative approach for most use cases. I'd be interested to hear if that does or doesn't solve your acute needs.

[setchy]

Thanks @ndintenfass - we are using the Protected Variants feature already. That said, it doesn't cover our API Key Management concerns around dedicated keys per environment, key rotation being limited to a graph+variant combination and eliminate any chance of incorrectly influencing change to the wrong graph variant through misconfiguration of the cli (both from local dev environments, CI/CD tooling and finally deployed running instances)

[ndintenfass]

Thanks for the detail @setchy - I will leave this issue open. This isn't yet on any of our teams' roadmaps, so I don't want to set false expectations at this time, but it's on our radar for future enhancements, and this is a good place to gather more feedback...