packagist icon indicating copy to clipboard operation
packagist copied to clipboard

Published 20 hours ago verified publisher icon composer

Regenerate API key

Open ancarda opened this issue 4 years ago • 4 comments

Is there any way to regenerate my API key? I've accidentally exposed it... thankfully it's on an unlisted / hard to find page on the Internet, but nevertheless I need to trash this one. There doesn't seem to be a way to request a new API key.

Is this supported by Packagist?

ancarda avatar Mar 27 '21 13:03 ancarda

I manually reset your API token.

Seldaek avatar Mar 27 '21 19:03 Seldaek

Thank you for resetting my key, @Seldaek!

Can this issue be re-opened as a feature request? It's great that I can ask for the key to be changed, but not so great that it took almost 6 hours for that to happen. A lot of abuse could have happened in that time period.

I noticed within minutes that the key had been printed in the CI logs, but there was nothing I could do about it. Manual revocation really should be possible.

ancarda avatar Mar 27 '21 20:03 ancarda

Fair enough, I can reopen but given the very few things that the api token allow you to do currently, I don't think this is very high prio. There is little potential for abuse AFAICT.

Seldaek avatar Mar 27 '21 20:03 Seldaek

Second this. If the API key gets compromised or leaked you'd want to be able to act quickly.

xorinzor avatar Aug 31 '23 14:08 xorinzor