[alias_neo]

I don't know anything about these bikes; but what is one supposed to do once they retrieve their keys? Does the app/bike provide an alternative method of presenting the key? Are keys rotated, so they need to be downloaded more than once (I assume that's that's the case since this code is intended to be run as a service, in a Docker container)? If so, what happens when their servers do shut down and there is no API?

Are people like the creator of this tool hoping for a future option to make use of the keys, and they're just being backed up for a rainy day at this point?

[rjacksonm1]

The keys in this case are used for bluetooth comms locally between somebody's device and their bike.

These are ordinarily used by the VanMoof app to unlock the bike and control the bike's settings.

There are already some third-party apps (Moofer, Mooovy) to allow alternate access to those settings – including some hidden ones.

With a few tweaks those third-party apps should be able to support direct key upload, rather than having to log in and proxy authentication through to VanMoof's API.