What problem are you trying to solve?

Focus on the what and why of the need you have, not the how you'd like it solved.

Atlas Administration API keys require public IP whitelisting to function. In enterprise environments running on private cloud infrastructure (e.g., AKS on Azure with VNet peering), all internal services communicate over private networks. Forcing API traffic through public IPs introduces unnecessary exposure and adds operational overhead to manage and maintain static public IP entries.

What would you like to see happen?

Describe the desired outcome or enhancement.

Allow Atlas Administration API key access to be scoped to peered VNets / private networks, so that API calls can be routed entirely over private networking without requiring a public IP in the access list. This would align API key security with how cluster connectivity already works via Private Endpoints and VNet peering.

Why is this important to you or your team?

Explain how the request adds value or solves a business need.

Our automation, tooling, and internal services run inside private AKS clusters with no stable public egress IPs. Managing public IP whitelisting for API keys is operationally fragile — public IPs change, NAT gateway IPs can rotate, and maintaining this list is a manual security risk. Private-network-only API access would significantly reduce our attack surface and simplify our security posture.

What steps, if any, are you taking today to manage this problem?

We currently whitelist the NAT gateway public egress IPs of our AKS clusters and update these entries manually when IPs change. This is error-prone and creates unplanned access disruptions when IPs rotate.