
Rotate API Keys Before They Burn You: Anthropic Console Now Sets Key Expiration Dates
Chris Harper
1 min read
Jul 11, 2026 · 20:04 UTC
Anthropic Console now lets you set an expiration on any API key — presets from 3 hours to 30 days, custom durations, or Never for secrets-manager-managed keys.
When creating a new key (or Admin API key) in the Claude Console, choose a lifetime: 3h, 1d, 7d, 30d, a custom duration, or Never. Existing keys are unaffected. For keys with a lifetime of at least 7 days, Anthropic emails the key creator before expiration — 7 days out for keys with a lifetime of 14 days or more; 1 day out for keys with a lifetime of at least 7 days. The Admin API's List API Keys and Get API Key endpoints now return an expires_at timestamp, so programmatic rotation pipelines can audit and pre-rotate before expiration.
Why it matters: Leaked API keys in .env files, CI config, and hardcoded strings remain one of the most common credential exposures in AI-assisted development teams. Forced key expiration enforces a rotation floor without relying on manual process — and the expires_at field makes automated key-rotation scripts straightforward to build against.