Regenerate API key

[ancarda]

Is there any way to regenerate my API key? I've accidentally exposed it... thankfully it's on an unlisted / hard to find page on the Internet, but nevertheless I need to trash this one. There doesn't seem to be a way to request a new API key.

Is this supported by Packagist?

[Seldaek]

I manually reset your API token.

[ancarda]

Thank you for resetting my key, @Seldaek!

Can this issue be re-opened as a feature request? It's great that I can ask for the key to be changed, but not so great that it took almost 6 hours for that to happen. A lot of abuse could have happened in that time period.

I noticed within minutes that the key had been printed in the CI logs, but there was nothing I could do about it. Manual revocation really should be possible.

[Seldaek]

Fair enough, I can reopen but given the very few things that the api token allow you to do currently, I don't think this is very high prio. There is little potential for abuse AFAICT.

[xorinzor]

Second this. If the API key gets compromised or leaked you'd want to be able to act quickly.