Update api-key.mdx

[SU-Cloudsmith]

Added a script for rotating keys from Slack conversation: https://cloudsmith-io.slack.com/archives/C09FGB58GGP/p1760016902086189?thread_ts=1760015830.183479&cid=C09FGB58GGP

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
cloudsmith-docs	Ready	Preview, Comment	Jan 20, 2026 1:44pm

[aptkingston]

We need to strip the double quotes from the new token, as running jq '.data.key' will return "mytoken" (literally including the double qutoes). When we then export this to our env it'll still persist these quotes, so the token is invalid, and means the whoami will fail.

We need the -r flag for raw output, so it should be jq -r '.data.key'

One other suggestion might just be to add set -Eeuo pipefail at the top of the script to ensure we abort execution in the event something fails, rather than continuing to try the next commands.

Maybe worth mentioning that normal users will need to use cloudsmith login instead of cloudsmith auth? I know you already say that this uses SSO to login, but might be nice to mention that non-SAML users can still do this programmatically as long as they authenticate differently.

[paulmay-cloudsmith]

Can we please, never user the term "webapp".