Update Key
Endpoint
PUT /apiops/projects/{projectName}/keys/{keyName}/
Authentication
Requires a Personal API Access Token.
Header
Authorization: Bearer YOUR_TOKEN
Request
Headers
| Header | Value | Required |
|---|---|---|
| Authorization | Bearer {token} | Yes |
| Content-Type | application/json | Yes |
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| projectName | string | Yes | Project name |
| keyName | string | Yes | Name of the key to update |
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| jwkUpdateAction | string | No | Action to take on referenced JWKs: NULLIFY (clear references) or UPDATE (re-parse and update JWKs). Defaults to NULLIFY if not provided. |
| updateScope | string | No | Scope for updating JWKs: SAME_PROJECT or ALL_PROJECTS (used when jwkUpdateAction is UPDATE) |
Request Body
The request body should contain a KeyUpdateDTO object with the following structure:
{
"name": "updated-key",
"description": "Updated key description",
"keyType": "PRIVATE_KEY",
"cryptoKeyInfoEnvironmentList": [
{
"environmentName": "production",
"content": "base64-encoded-updated-key-content",
"alias": "updated-alias"
}
]
}
Request Body Fields
| Field | Type | Required | Description |
|---|---|---|---|
| name | string | No | Key name (can be changed) |
| description | string | No | Key description |
| keyType | string | No | Key type: SECRET_KEY, PRIVATE_KEY, or PUBLIC_KEY |
| cryptoKeyInfoEnvironmentList | array[object] | No | List of key environments |
Key Environment Object
| Field | Type | Required | Description |
|---|---|---|---|
| environmentName | string | Yes | Environment name where key will be deployed |
| content | string | Yes | Base64-encoded key content |
| alias | string | No | Key alias (optional identifier) |
Notes
- Request Format: This API uses
application/jsoncontent type. Key content must be base64-encoded and included in the JSON body (not uploaded as a file). - All fields are optional - only provided fields will be updated
namecan be changed, but must remain unique within the projectenvironmentNameis used to identify the environment (notenvironmentId)- Key content must be base64-encoded if provided
Response
Same as Create Key response format.
cURL Example
Example 1: Update Key with JWK Updates
curl -X PUT \
"https://demo.apinizer.com/apiops/projects/MyProject/keys/my-key/?jwkUpdateAction=UPDATE&updateScope=SAME_PROJECT" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "updated-key",
"description": "Updated key description",
"keyType": "PRIVATE_KEY",
"cryptoKeyInfoEnvironmentList": [
{
"environmentName": "production",
"content": "base64-encoded-updated-key-content",
"alias": "updated-alias"
}
]
}'
Example 2: Update Key and Clear JWK References
curl -X PUT \
"https://demo.apinizer.com/apiops/projects/MyProject/keys/my-key/?jwkUpdateAction=NULLIFY" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"description": "Updated description only",
"cryptoKeyInfoEnvironmentList": [
{
"environmentName": "production",
"content": "base64-encoded-updated-key-content",
"alias": "updated-alias"
}
]
}'
Example 3: Update Key Name Only
curl -X PUT \
"https://demo.apinizer.com/apiops/projects/MyProject/keys/my-key/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "new-key-name"
}'
Notes and Warnings
-
Key Name:
- Can be changed during update
- New name must be unique within the project
- If name is changed, the key will be accessible by the new name
-
Referenced JWKs:
- If
jwkUpdateAction=UPDATE, JWKs created from this key will be re-parsed and updated - If
jwkUpdateAction=NULLIFYor not provided (default), JWK references will be cleared updateScopedetermines which JWKs to update whenjwkUpdateAction=UPDATE:SAME_PROJECTorALL_PROJECTS- Default behavior (
NULLIFY) ensures JWKs don't reference deleted or updated keys
- If
-
Environment Name:
- Use
environmentName(notenvironmentId) to specify the environment - Environment name must exist and be accessible
- Use
-
Partial Updates:
- Only provided fields will be updated
- Omitted fields will remain unchanged
-
Automatic Deployment:
- Key is automatically deployed to all specified environments after update
- Deployment results are returned in the response
Permissions
User must have SECRETS + MANAGE permission in the project. For deployment operations (when deploying keys to environments), user must also have SECRETS + DEPLOY_UNDEPLOY permission.
Related Documentation
- List Keys - List all keys
- Create Key - Create a new key