Hey everyone, I need some help regarding API key rotation.
One of our service_role keys was accidentally exposed, and we would like to regenerate both the anon and service_role keys for our project.
We already rotated the JWT secret in Auth settings, but the keys shown in Project Settings → API → Project API Keys did not change.
Could you please confirm the correct procedure to regenerate these keys? Is there a way to reset or rotate the Project API keys so that new anon and service_role keys are issued and the previous ones are revoked?
Thanks in advance!
The user exposed a service_role key and wants to regenerate both anon and service_role keys. They rotated the JWT secret but noticed the keys in Project Settings did not change. They seek confirmation on the correct procedure to regenerate these keys.
If you rotated the JWT secret then the anon and service_role keys are rotated. Are you still using the old anon and service_role keys setup or the new API keys setup which has a publishable and secret keys?