There's no built in key rotation feature. If you think that'd be valuable, please open an GitHub issue outlining the use case.

You can use the keys api: to create a new key. You can then use either the application or tenant APIs to update the signing key. Update the value of the ....jwtConfiguration.accessTokenKeyId key.