Add an ability to temporarily suspend organization and client keys
The use case is primarily on hosted.
There are times when we want to "suspend" an organization or client key similar to how AWS allows you to deactive an access/secret key pair.
The idea is to be able to create a new key, use the new key while you rotate through your infrastructure but still allow for the existing key to be used.
Finally you can 'deactivate' the old key but it still exists (and see if stuff breaks).
After a burn-in period then you can delete the old key.
This helps if you want to rotate the key but need to gracefully rotate it throughout your infrastructure.
Thank you for the feedback, and sorry for the delayed response. With multi-key support this is currently possible. You can issue a new set of keys for all clients and users via the API (no direct tooling exists, but a knife script could do it).
You can also set expiration dates on keys so that they are not accepted beyond a specific date. This would meet the other part of this - setting a key to be expired would effectively disable it while keeping it in the system.