This idea has been merged into another idea. To comment or vote on this idea, please visit DO-I-7 Restrict API personal access token to a specific project.
I'm currently setting up a wildcard Let's Encrypt cert and it needs an API key so it can do its thing with the DNS records of my domain. But to do this I need to give it access to my whole account! It goes against the most fundamental security principle - the principle of least privilege. So this feature request (I've been waiting for a few years already) is similar to DO-I-320, except that we should be able to generate project-specific API keys and I should be able to add my *domain name* to a specific *project* and then create an API key for that project only.
Ideally I'd be able to add even more fine-grained controls - e.g. only allowing that API key to mess with DNS stuff.