Comment 2 for bug 1246556

Progress report: I have now found two ways not to do it.

I think the correct approach here is to add an api end point to get the authorized keys, and then modify all the call sites.