feat(ui): add zero-downtime api key rotation blog post

[analogpvt]

Adds the new blog post explaining zero-downtime API key rotation using LLM Gateway, including competitive comparisons to OpenRouter and custom visual cover art.

Summary by CodeRabbit

• Documentation
  • Published a new guide on zero-downtime API key rotation for secure LLM applications, including provider- vs gateway-based approaches, gateway “double-key roll” procedures, optional automatic expiration (TTL), and best practices for safer key management (project-specific keys, scoped access, auditing). Added a FAQ and links to get started, along with supporting compliance guidance.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 5a2ea8fb-99f2-46ba-be0d-e038dc676efe

📥 Commits

Reviewing files that changed from the base of the PR and between 59f0c37 and ec33891.

⛔ Files ignored due to path filters (1)

• apps/ui/public/blog/api-key-rotation.png is excluded by !**/*.png

📒 Files selected for processing (1)

• apps/ui/src/content/blog/2026-06-18-api-key-rotation.md

✅ Files skipped from review due to trivial changes (1)

• apps/ui/src/content/blog/2026-06-18-api-key-rotation.md

---

Walkthrough

A new blog post titled "API Key Rotation - How we secure your api keys" is added. It covers rotation concepts, BYOK provider key rotation, the double-key roll pattern for gateway keys, TTL-based automatic expiration, best practices, FAQ, and a closing CTA with links to sign up and documentation.

Changes

Blog Post: API Key Rotation Guide

Layer / File(s)	Summary
Front matter, intro, and foundational concepts apps/ui/src/content/blog/2026-06-18-api-key-rotation.md	Adds post metadata (slug, date, title, categories), the opening narrative on periodic and emergency rotation, definition of API key rotation, LLM-specific security and compliance context, and a comparison table of manual provider-key rotation versus LLM Gateway rotation.
Key rotation workflows: BYOK, double-key roll, and TTL apps/ui/src/content/blog/2026-06-18-api-key-rotation.md	Documents provider key rotation via the BYOK dashboard with zero code changes, the four-step double-key roll pattern for gateway keys (create, update secrets, verify traffic, disable), and automatic key expiration via TTL with reactivation behavior.
Best practices, FAQ, and CTA apps/ui/src/content/blog/2026-06-18-api-key-rotation.md	Adds secure key management best practices (project-specific keys, IAM scoping, recurring budgets, auditing), FAQ on rotation rationale and automation, and closing CTA with links to sign up, API keys/IAM documentation, and SOC 2 Type II resources.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding a blog post about zero-downtime API key rotation, which matches the PR objectives and the new blog post content.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@apps/ui/src/content/blog/2026-06-18-api-key-rotation.md`:
- Around line 25-26: The heading "What is API Key Rotation?" currently uses
three hash marks (###) which creates an h3 heading, but this violates markdown
heading level rules since there is an h2 heading appearing later in the
document. Change the heading "What is API Key Rotation?" from three hash marks
(###) to two hash marks (##) to create an h2 heading and maintain proper heading
level incrementing in the markdown structure.
- Around line 69-73: Add a language specifier to the fenced code block
containing the ASCII diagram showing the gateway key architecture. Change the
opening backticks from ``` to ```text (or ```plaintext) to comply with the
markdown linting rule MD040 that requires language declarations for all fenced
code blocks. The diagram starts with [ Your App ] and shows the flow through the
LLM Gateway.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: f6dbdb3d-1e74-46d3-b9e5-c02875ccaa2e

📥 Commits

Reviewing files that changed from the base of the PR and between 561b625 and 3194448.

⛔ Files ignored due to path filters (1)

• apps/ui/public/blog/api-key-rotation.png is excluded by !**/*.png

📒 Files selected for processing (1)

• apps/ui/src/content/blog/2026-06-18-api-key-rotation.md