Render API keys / tokens are not per-workspace or per-org, and has access to all workspaces that I have.

Vanta, one of the most common SOC 2 compliance vendor, requires Render API key for integration, and this limitation complicates as we don't want to provide a personal API key that can access to a lot more external organizations and workspaces.