> ## Documentation Index
> Fetch the complete documentation index at: https://docs.insforge.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Rotate anon key

> Rotate the project's opaque anon key (`anon_...`). A new key is generated and returned; the old key stays valid for the grace period (default 168 hours / 7 days, max 720) so already-deployed frontends and mobile binaries keep working while the new key ships. Admin only.



## OpenAPI

````yaml https://raw.githubusercontent.com/InsForge/InsForge/main/openapi/secrets.yaml post /api/secrets/anon-key/rotate
openapi: 3.0.3
info:
  title: Insforge Secrets API
  version: 1.0.0
  description: >-
    Secure secrets management for storing API keys, tokens, and sensitive
    configuration
servers: []
security: []
paths:
  /api/secrets/anon-key/rotate:
    post:
      tags:
        - Admin
      summary: Rotate anon key
      description: >-
        Rotate the project's opaque anon key (`anon_...`). A new key is
        generated and returned; the old key stays valid for the grace period
        (default 168 hours / 7 days, max 720) so already-deployed frontends and
        mobile binaries keep working while the new key ships. Admin only.
      requestBody:
        required: false
        content:
          application/json:
            schema:
              type: object
              properties:
                gracePeriodHours:
                  type: integer
                  minimum: 0
                  maximum: 720
                  default: 168
                  description: How long the old key remains valid after rotation
      responses:
        '200':
          description: Anon key rotated successfully
          content:
            application/json:
              schema:
                type: object
                properties:
                  success:
                    type: boolean
                  message:
                    type: string
                  anonKey:
                    type: string
                    description: The new anon key
                  oldKeyExpiresAt:
                    type: string
                    format: date-time
                    description: When the previous key stops being accepted
              example:
                success: true
                message: >-
                  Anon key rotated successfully. Old key will remain valid
                  during grace period.
                anonKey: >-
                  anon_1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcd
                oldKeyExpiresAt: '2026-06-18T00:00:00.000Z'
        '400':
          description: Invalid grace period
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '403':
          description: Forbidden - admin access required
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
      security:
        - bearerAuth: []
components:
  schemas:
    ErrorResponse:
      type: object
      required:
        - error
        - message
        - statusCode
      properties:
        error:
          type: string
          description: Error code for programmatic handling
          example: INVALID_INPUT
        message:
          type: string
          description: Human-readable error message
          example: Invalid input data
        statusCode:
          type: integer
          description: HTTP status code
          example: 400
        nextActions:
          type: string
          description: Suggested action to resolve the error
          example: Check the request body format
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT

````