[Bug] CLI key rotation leaves outdated authentication key in original profile, causing invalid_auth_key errors #17982
Description
🐛 Bug
When running the Aptos CLI to rotate account keys, the original CLI profile retains the old authentication key instead of updating to the new one. As a result, any transaction using the original profile fails with PROLOGUE_EINVALID_ACCOUNT_AUTH_KEY, even though the on-chain rotation completes successfully.
This behavior can confuse users or lock them out of their funds if they don’t realize a new profile was created.
aptos init --profile test_account --network devnet --assume-yes
aptos account fund-with-faucet --profile test_account
aptos key generate --output-file new_key.json
aptos account rotate-key --new-private-key-file new_key.json --profile test_account --save-to-profile new_profile --assume-yes
# Now compare the profiles
cat ~/.aptos/config.yaml
# Then try sending funds with both:
aptos account transfer --account <recipient> --amount 1000000 --profile test_account --assume-yes
aptos account transfer --account <recipient> --amount 1000000 --profile new_profile --assume-yesThe new_profile will works, but the test_account will fails with INVALID_AUTH_KEY
After rotating the authentication key, the CLI should: either update the existing profile with the new key, or prompt the user to replace the old key in place, or display a clear warning that the old profile is no longer valid.
.
System information
Please complete the following information:
- Aptos Core Version: latest version
- Rust Version: latest
- Computer OS: wsl,Ubuntu,debian
Additional context
Add any other context about the problem here.