Currently, once configured, neither the API keys nor the TOTP secret can be changed or reset. This creates a few issues:
API keys cannot be rotated as part of normal security practices.
Compromised or accidentally exposed API keys / TOTP Secret cannot be replaced.
Users who reconfigure 2FA have no self-service option.