How To: Recover a lost Umbrella Secret Key

Objective

If you've ever lost an irretrievable key, you know how quickly blood can begin pumping through your body. This article will show you how to recover from losing your secret Application Programming Interface (API) key. This secret key displays only once when generated, and is not displayed again. If you navigate the browser away from the API key screen then you may lose that information.

Applicable Devices

• WAP125
• WAP581

Software Version

• 1.0.1

Requirements

• An active Umbrella account (Don't have one? Request a quote or start a free trial)

Help, I've lost my Secret Key!

Here's the tough news, your secret key, it's lost to the ether-net, gone. Where this turns into better news, is that the recovery process isn't all that painful. By generating a new API key, you generate a new secret key. So the recovery process involves deleting the API key associated with the lost key and generating the new API key set.

Where this guide is navigating, starts by grabbing the API key and Secret key from your Umbrella account dashboard. After, we'll log into your WAP device to add the API and Secret key. If you run into any issues, check here for documentation, and here for Umbrella Support options.

Step 1. After logging into your Umbrella Account, from the Dashboard screen click on Admin > API Keys.

Anatomy of the API Keys Screen -

1. Add API Key - Initiates the creation of a new key for use with the Umbrella API.
2. Additional Info - Slides down/up with an explainer for this screen.
3. Token Well - Contains the all keys and tokens created by this account. (Populates once a key has been created)
4. Support Documents - Links to documentation on the Umbrella site pertaining to the topics in the each section.

Step 2. Click on the Umbrella Network Devices button in the Token well.

Step 3. Select Umbrella Network Devices and then click the Create button.

Step 4. The key will be instantly deleted. Click on the Add API Key button in the upper-right hand corner, or click the Create API Key button. They both function the same.

Step 5. Select Umbrella Network Devices and then click the Create button.

Step 6. Click the Copy button to the right of your Secret Key, a pop-up notification will confirm the key is copied to your clipboard.

After you've copied the key and secret key to a safe location, click the checkbox to confirm to complete acknowledgement then click the Close button.

Step 7. Open a text editor such as notepad and paste your secret and API key into the document, label them for future reference. In this case its label is "Umbrella secret key". Include the API key with your secret key along with a short description of its use in this same text file. Then save the text file to a secure location that's easy to access later should you need.

Important Note: If you lose or accidentally delete the secret key there is no function or support number to call to retrieve this key. Keep it secret, keep it safe. If lost, you will need to delete the key and re-authorize the API key with each WAP device you wish to protect with Umbrella.

Best Practice: Keep just a single copy of this document on a device, like a USB thumb drive, inaccessible from any network.

Configuring Umbrella on your WAP Device

Now that we've created API keys within Umbrella, we'll take those keys and install them on our WAP Devices. In our case we are using a WAP581.

Step 1. After logging into your WAP Device, click on Umbrella in the sidebar menu.

Step 2. The Umbrella screen is straightforward, but there are two fields worth defining here:

• Local Domains to Bypass - This field contains your internal domains that you would like to be excluded from the Umbrella service.
• DNSCrypt - Secures the transfer of packets between the DNS client and the DNS Resolver. This feature is on by default, disabling this feature will make your network less secure.

Step 3. Paste your API and Secret Key into the corresponding fields

Step 4. Ensure the checkboxes for Enable and DNSCrypt are toggled to the check state.

Note: DNSCrypt secures DNS communication between a DNS client and a DNS resolver. Default is enabled.

Step 5. (Optional) Enter the local domains you would like Umbrella to allow through the DNS resolution process.

Note: This is required for all intranet domains and split DNS domains. If your network requires the use of local area domains for routing, you will need to contact Umbrella support to get this feature up and running. Most users will not need to use this option.

Step 6. After you are satisfied with the changes or have added your own Local Domains to Bypass, click the Save button in the upper-right hand corner.

Step 7. When the changes are complete, the field Registration Status will read "Successful".

Confirming everything is in its right place

Congratulations, you are now protected Cisco's Umbrella. Or are you? Let's be sure, Cisco has created a website dedicated to determining this as quickly as the page loads. Click here or type https://InternetBadGuys.com into the browser bar.

If Umbrella is configured correctly you will be greeted by a screen similar to this!