Hi @eff
Welcome to the Auth0 Community!
Thank you for posting your question. Unfortunately, Auth0 doesn’t offer an out-of-the-box solution for managing API keys (similar to what Github offers), so if that’s what you are looking for, I would encourage you to open a new thread in the Product Feedback category explaining your use case. If the thread becomes popular among other community members, our product team will evaluate the idea.
To address your current implementation with POC, the first limitation that you can hit is the number of applications per your subscription tier (Free ≤ 10, Paid ≤ 100 → https://auth0.com/docs/troubleshoot/customer-support/operational-policies/entity-limit-policy), the 2nd thing is mapping between the user and the application, and probably the best place for that would be a small external database table.
For the Client Secret rotation, you can use this endpoint-> https://auth0.com/docs/api/management/v2/clients/post-rotate-secret
Just to set expectations—while feature requests are reviewed periodically, there’s no guaranteed timeline for when (or if) something like this would be implemented in production, as it depends on factors like demand, security implications, and broader roadmap priorities.
Thanks
Dawid