Currently, the only way to prevent an API key from being used is to delete it. However, this also deletes all audit log entries along with the key record. That's bad, because it leaves us no way to inspect what was done with the key after the fact. And, it makes it impossible to find what documents might have been affected (eg. for a mass-revert feature). So, we need to make it hard to delete an API key (ie. from admin panel only), and instead add a "disabled" flag that makes the system no longer honor it for auth yet keep it around for forensics and recovery. Change the UI on the key management side to "disable" rather than "delete"
Priority: -- → P3
Whiteboard: [triaged] → [points=2]
You need to log in before you can comment on or make changes to this bug.