I’ve experienced my service account API key being deleted without explanation twice now. Looking for anyone who has encountered the same issue or any insight from the community.
Environment:
- Key type: Service account key
- Organization: Multi-member
- Plan: Non-enterprise (unable to contact support directly)
What happens:
- The service account key completely disappears — not just from the UI, but the key stops working entirely (API requests return authentication errors).
- This has happened twice so far, with no pattern I can identify.
What I’ve ruled out:
- No leak notification email from OpenAI (so this doesn’t appear to be an automated revocation due to detected exposure).
- Audit logging is enabled, but there is no
api_key.deletedevent or any related event in the audit logs around the time the key disappeared. - No other org member has reported deleting the key.
- The key was not committed to any public repository or exposed in client-side code.
What I’m looking for:
- Has anyone else experienced service account keys disappearing silently?
- Are there any known scenarios where OpenAI deletes keys without generating an audit log entry?
- Is there a way to get more information about why a key was revoked without enterprise support?
The fact that audit logs show nothing is particularly concerning — it defeats the purpose of having audit logging if key deletions can happen outside of it.
Any help or shared experiences would be greatly appreciated.