Authentication Key Generation#

Depending on your needs, you may require one or both of the following authentication mechanisms:

Generating a Service Account Key (SAK)#

A Service Account Key (SAK) is required specifically for authenticating with Attestation Suite cloud services.

Follow these steps to generate your SAK:

  1. Navigate to the NGC Organization page by clicking on the Organization option in the dropdown menu (as shown in the NGC Catalog Navigation section).

  2. From the left navigation panel, select “Service Keys” under the Organization section.

  3. Click the “Create Service Key” button in the top right of the Service Keys page.

  4. In the dialog that appears, provide the following information:

    • Name: Give your key a descriptive name (e.g., “AttestationSuiteKey”)

    • Description: Optional field to describe the key’s purpose (e.g., “Key for accessing Attestation Suite services”)

    • Service: Select “NVIDIA Attestation” from the available services

    • Scope: Select “All Scopes” from the available scopes

    • Entity Type: Select “All Entity” from the available entities

    • Expiration: Choose an appropriate expiration period based on your security policies

  5. Click “Next Step” and then “Confirm” to create your Service Account Key.

  6. A dialog will appear with your new key. IMPORTANT: This is the only time you will see the full key value. Copy and store it securely.

  7. Click “Close” after saving your key securely.

Create Service Key

Note: Keep your SAK confidential as it provides access to the Attestation Suite services. If your key is compromised, return to the Service Keys page to revoke it and generate a new one.

This SAK will be used to authenticate with:

  1. NVIDIA Remote Attestation Services (the remote verifier)

  2. CertZapper [OCSP] (certificate status verification)

  3. RIM Service (hosts Reference Integrity Manifests for NVIDIA hardware)

For detailed instructions on generating and managing NGC API Keys, please refer to the NGC API Keys documentation.

Generating a Personal API Key#

A Personal API Key is required for standard NGC access, including Docker client, NGC CLI, or API calls.

The general process includes:

  1. Sign in to the NGC website at https://ngc.nvidia.com/signin

  2. Click your user account icon in the top-right corner and select Setup

  3. Click “Generate API Key” from the available options

  4. On the Setup > API Keys page, click “+ Generate Personal Key”

  5. Fill in the required information, as follows:

    • Key Name: Give your key a descriptive name (e.g., “AttestationSuiteKey”)

    • Expiration: Choose an appropriate expiration period based on your security policies

    • Services Included: Select “NVIDIA Attestation” from the available services

  6. Click “Generate Personal Key”

  7. A dialog will appear with your new key. IMPORTANT: This is the only time you will see the full key value. Copy and store it securely.

  8. Click “Close” after saving your key securely.

For complete instructions with screenshots, refer to the Generating a Personal API Key section in the NGC User Guide.

On this page