I was wondering if it is possible for the administrator to periodically remove all personal API keys.
In the documentation, I did find that it's possible to create personal API keys, but no function to reference or delete them.
It would be good to understand a little the requirements behind this since these are user credentials and users can either regenerate such keys at any time.
This would help us in understanding the need for such functionality and highlight to the product team.
My collegue @antonstam also asked this question yesterday. (https://community.dataiku.com/t5/Setup-Configuration/API-key-lifespan/m-p/7147).
Because of security reasons we don't want users to generate personal API keys which last forever. We would like to limit the existence of these kinds of keys for just a few days.
Unfortunately, as you have pointed out, it's not possible to delete personal API keys programmatically right now via the python API (as only the "create_personal_api_key" method exists currently). If you wish to do this using python code, our recommendation remains the same from the other thread. You would need to write your own custom code or script to modify the config/personal-apikeys.json file directly.
As an aside, the ability to add expiration to personal API keys is an existing enhancement request that's already been captured and undergoing review in our backlog.