> ## Documentation Index
> Fetch the complete documentation index at: https://cobo.com/developers/llms.txt
> Use this file to discover all available pages before exploring further.

# Key management

> Generate and manage API and app key pairs for authentication to the WaaS 2.0 service.

<Tip>
  Try [Cobo WaaS Skill](/v2/guides/overview/cobo-waas-skill) in your AI coding assistant (Claude Code, Cursor, etc.). Describe your needs in natural language to auto-generate production-ready SDK code and debug faster 🚀
</Tip>

This guide explains how to generate and manage API key paris and app key pairs using Cobo CLI. All keys are used for authenticating with Cobo WaaS 2.0.

## Generate keys

Use the `keys generate` command to generate a new API key pair (an API key and an API secret) or an app key pair (an app key and an app secret).

### Usage

```shell theme={null}
cobo keys generate [options]
```

### Options

* `--key-type <key_type>`: Specify the type of key to generate (`API` or `APP`). Default is `API`.
* `--alg <algorithm>`: Specify the key generation algorithm. Default is `ed25519`.
* `--force`: Force replacement of existing keys.

### Example

Generate a new API key pair:

```shell theme={null}
cobo keys generate
```

Generate a new app key pair:

```shell theme={null}
cobo keys generate --key-type APP
```

Force replacement of existing API key pair:

```shell theme={null}
cobo keys generate --force
```

## Key storage

Generated keys are securely stored in your configuration file (default: `~/.cobo/config.toml`).

<Warning>
  Never share your API secret or app secret. Keep it secure and use the API key only when registering it on Cobo Portal.
</Warning>

## Best practices

* Regularly rotate your API key pairs or app key pairs to maintain security.
* Use different keys for the development and production environments.
* Limit the permissions associated with each key to the minimum required for its intended use.
* Monitor key usage and revoke any keys that may have been compromised.