Machine Identities
Machine identities let CI/CD pipelines, automated workflows, and shared environments access Driver without tying access to a specific user account. Machines authenticate with API keys instead of browser-based OAuth.
Managing machine identities requires the Org Admin role. Navigate to Settings > Machines to get started.
Creating a machine identity
Open the machines page
Go to Settings > Machines in the Driver web app.
Click Create Machine
Enter a name (must be unique within your organization), an optional description, and select an expiration period: 30 days, 90 days, 6 months, 1 year, or never.
Copy the API key
The full API key is displayed once. Copy it and store it securely. After you close this dialog, only the key prefix (e.g., drvm_Ab3xK7...) is visible. The full key cannot be retrieved again.
The API key is shown exactly once at creation. If you lose it, you must regenerate a new key, which invalidates the old one.
Using the API key
Machine API keys start with the drvm_ prefix. Use the key in the Authorization header when connecting to Driver's MCP server:
Authorization: Bearer drvm_your_api_key_hereFor MCP client configuration, add the key to the headers:
{
"mcpServers": {
"driver-mcp": {
"type": "http",
"url": "https://api.us1.driverai.com/mcp/v1",
"headers": {
"Authorization": "Bearer drvm_your_api_key_here"
}
}
}
}The URL above is for Driver's shared multi-tenant environment. If your organization uses a single-tenant deployment, your URL will follow the format https://api.<tenant>.driverai.com/mcp/v1. Check with your Driver admin for the correct URL.
Driver's MCP server detects the drvm_ prefix and routes to API key authentication automatically. No OAuth flow is required.
Managing access
Machines access sources through two paths:
Direct source assignment
Assign a machine directly to specific sources with a role:
- Source Admin: full control over the source
- Source Member: read access to the source content
Go to the machine's Sources tab to add, update, or remove direct source assignments.
Team membership
Add a machine to a team. The machine inherits access to all sources assigned to that team. Go to the machine's Teams tab to manage team assignments.
The machine's effective role for any source is the highest role from all grants (direct and team-inherited). Source Admin takes priority over Source Member.
Machines do not receive organization-wide grants. A machine can only access sources that are explicitly assigned to it, either directly or through a team. This is different from users, who may inherit org-wide source access.
Key lifecycle
Expiration
Keys can be set to expire after 30 days, 90 days, 6 months, 1 year, or never. Expired keys stop working immediately. The machine's overview page shows the expiration date and current status.
Regeneration
To rotate a key, click Regenerate Key on the machine's overview page. You can choose a new expiration period. The old key is invalidated immediately. Any system using the old key loses access and must be updated with the new key.
Monitoring usage
The Last Used field on the machine overview shows when the key was last used to authenticate. Use this to identify inactive machines or verify that automation is working.
Deleting a machine
Deleting a machine removes its API key, all team memberships, and all source access grants. Any pipeline or workflow using the key stops working immediately.
Go to the machine's Settings tab and click Delete Machine in the danger zone.