Skip to main content

What Living Security needs

Scopes: Read access to assets and vulnerability exports Required role: Basic, Scan Operator, Standard, Scan Manager, or Administrator with API access enabled

Prerequisites

  • You must have one of the roles above in Tenable Vulnerability Management.
  • Your administrator must have enabled API access for your user account.

Part A — In Tenable Vulnerability Management

Your Tenable administrator completes these steps.
1

Navigate to API Keys

  1. Sign in to Tenable Vulnerability Management at cloud.tenable.com.
  2. Click your profile icon in the top-right corner, then select My Account.
  3. Click the API Keys tab.
2

Generate new API keys

  1. Click Generate.
Generating new keys immediately invalidates any existing keys for your account. If other applications use the current keys, update them before proceeding. Tenable API keys are account-wide — rotating keys affects all Tenable products (Vulnerability Management, Web App Scanning, Container Security).
  1. Review the warning, then click Generate to confirm.
Tenable displays the new Access key and Secret key.
3

Copy and save your keys

Copy both keys immediately and store them securely.
Tenable displays both keys only once — on the same page immediately after generation. If you close the tab without copying them, you must generate a new pair, which invalidates the current pair.
4

Identify your regional API host

Select the host that matches your Tenable environment:Enter the host only — no https:// prefix and no trailing slash.

Part B — In the Living Security Platform

The program owner completes this step, or the system admin if using delegated setup.
1
You are now connected to Tenable Vulnerability Management.

Troubleshooting

The keys are invalid or have been rotated. Generate a new key pair from My Account → API Keys.
Your user account lacks permissions to export assets or vulnerabilities. Verify:
  1. Your account has a role of Basic or higher
  2. API access is enabled for your account (ask your Tenable administrator)
API access is not enabled for your account. Contact your Tenable administrator to enable API access under your account settings.
Tenable API keys are account-wide. If another application or team member generated new keys, your existing keys are invalidated. Coordinate key rotation with other applications using the same Tenable account.
Using the wrong host causes authentication to fail. Verify:
  • US accounts use cloud.tenable.com
  • EU accounts use eu.cloud.tenable.com
  • FedRAMP accounts use fedcloud.tenable.com