Signing URLs with tokens from a key

I’m trying to work out some backend flows to my project, and have some questions regarding the use of keys to generate tokens for signed urls.

Using ‘Option 2’ from the docs, we can generate tokens on our backend. We can generate up to 1,000 keys.

The docs also show how a key can be revoked, which invalidates all tokens created with that key.

Questions:

  1. Do keys have an expiry? (i.e. can I generate a key, then use it to generate a token n days in the future?)
  2. When a key is revoked, are all tokens invalidated immediately? (i.e., will any ‘active’ viewers currently streaming via a signed URL be immediately cut off?)
  3. Is there an upper limit to the number of tokens that a key can generate?
  4. Is the 1,000 keys (to generate tokens with) a hard limit?

Thanks in advance!