> ## Documentation Index
> Fetch the complete documentation index at: https://docs.turen.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Registration Keys

> Generate keys to onboard new agent machines

Registration keys authorize new machines to join your organization. Keys can be configured for single or multiple registrations.

## Key Format

Registration keys use the prefix `rk_live_` followed by a random string:

```
rk_live_abc123def456...
```

## Creating a Registration Key

Registration keys are managed separately from API keys. Navigate to **Devices > Settings** (`/agent-control/settings`).

<Steps>
  <Step title="Click Create Registration Key">
    Fill in the key details:

    | Field                 | Required | Description                                                    |
    | --------------------- | -------- | -------------------------------------------------------------- |
    | **Name**              | Yes      | A descriptive name for the key (e.g., "Engineering Team Q1")   |
    | **Description**       | No       | Additional context about the key's purpose                     |
    | **Max Registrations** | No       | How many machines can use this key (leave empty for unlimited) |
    | **Expires In**        | No       | Key expiration: 7 days, 30 days, 90 days, 1 year, or Never     |
  </Step>

  <Step title="Copy the key">
    The full key is shown once. Copy it immediately: you won't be able to see it again.
  </Step>

  <Step title="Share with your team">
    Distribute the key securely to developers who need to install the agent.
  </Step>
</Steps>

<Note>
  Registration keys are managed at **Devices > Settings** (`/agent-control/settings`), not in Org Settings > API Keys. They are a separate concept from dashboard API keys.
</Note>

## How Registration Works

When a developer installs the Turen agent with a registration key:

1. The agent generates a unique machine fingerprint
2. It sends the fingerprint and registration key to the Turen API
3. The API validates the key, creates an agent record, and returns a permanent **agent secret** (`as_live_`)
4. The key's usage count is incremented
5. The agent stores the agent secret securely for future authentication

## Key Properties

| Property               | Detail                                                           |
| ---------------------- | ---------------------------------------------------------------- |
| **Configurable usage** | Set max registrations per key, or allow unlimited                |
| **Expirable**          | Keys can be configured to expire after a set period              |
| **Revocable**          | Keys can be revoked at any time to prevent further registrations |
| **Auditable**          | Key creation and usage is logged                                 |

## Managing Keys

From **Devices > Settings** (`/agent-control/settings`), you can:

* **View all keys**: See key name, description, usage count (current / max), and expiration status
* **Revoke a key**: Prevent any further registrations with this key
* **Delete a key**: Permanently remove a revoked key

<Tip>
  For large deployments, create a key with a high max registration count rather than generating individual keys for each machine.
</Tip>
