🚀Launch Week 13: June 8th - 12th, 2026🚀
← Changelog

openai v5.0.3 - Admin API Key discovery fix and Rotate action removal

Jun 11, 2026GuardrailsMods

Warning

  • Removed the OpenAI > Admin API Key > Rotate action. The action was never wired to a control and the safeguards on OpenAI > Admin API Key > Delete and OpenAI > Admin API Key > Active already prevent Guardrails from stranding its own workspace connection. To rotate the calling admin key, mint a new admin key in the OpenAI Console and update the OpenAI > Config > Admin API Key connection-config policy with the new secret first; once the new key is the calling key, the old key falls through to deletion on the next Active control run.

Bug fixes

  • The OpenAI > Admin API Key > Discovery control previously discovered project API keys (sk-proj-...) as admin keys, because the OpenAI organization admin-keys endpoint returns project keys alongside genuine admin keys. This inflated and mixed the OpenAI > Admin API Key inventory in Guardrails. The control now only discovers keys whose redacted value begins with sk-admin-, so project keys are no longer surfaced as admin-key resources.
  • Discovery of paginated lists (project users, service accounts, API keys, and similar collections) no longer silently returns a partial list when a transient error interrupts pagination after the first page. Previously, a 404 or empty response received part-way through walking the pages was treated as the end of the list, so the run could quietly drop resources for that cycle with no error logged. The client now raises a retry-eligible error in this case, so the run retries and re-walks the full list instead of dropping resources.
  • The OpenAI > Project > Update Rate Limit action previously trusted OpenAI's success response as proof the update persisted. OpenAI silently no-ops the update for some (organization, model) pairs, returning success with the request body echoed but leaving the row at its tier-baseline values. The action now re-reads the project's rate limits immediately after the update and surfaces a fatal action error if the persisted values do not match the requested snapshot. CMDB is always written from the authoritative re-read, so state stays accurate even when the upstream update silently fails.

Action Types

Removed

  • OpenAI > Admin API Key > Rotate