Internal Tools

Five developers share one admin key. You can't tell who did what.

Admin scripts hit production with a shared API key from 1Password. No way to know who ran what. When someone leaves, nobody rotates the key.

The problem with shared admin keys

No individual accountability
Multiple developers use the same key to run scripts against production. Your logs show one API key for every admin action. When something breaks, you can't tell who did it.
Offboarding is a coordination nightmare
When a developer leaves, you should rotate the shared key. But that means updating every script, every developer's .env, and every pipeline that uses it. So nobody does it.
Auditors ask who accessed what
Compliance requires attributing actions to individuals. A shared API key makes this impossible without building a separate logging layer on top.

The solution

// Admin script — identity comes from the developer's laptop
import { amesh } from '@authmesh/sdk';

// No API key. The developer's device IS the credential.
const res = await amesh.fetch(
  'https://admin.internal/cache/purge',
  { method: 'POST', body: JSON.stringify({ pattern: 'users:*' }) }
);

console.log(`Purged: ${(await res.json()).count} keys`);

What changes

Before
Shared admin key in 1Password
"Someone ran the reset-db script"
Offboarding = rotate shared key
After
Each developer's laptop IS their identity
"Alice ran it from alice-macbook at 10:15 AM"
amesh revoke <device-id>. Others unaffected.
Related
Doc Integration Guide
Express setup, remote pairing, Redis nonce store
Use Cases
Cron Jobs
Use Cases
Remote Shell