Changing roles after api key creation?

Is it possible to change the permissions of an API key after creation or do you have to create a new key and change all the configurations every single time you want to grant access to a new index?

There is no way to change an API key after it is created, except to invalidate it.

If you need mutable privileges, then you probably don't want to use API Keys for that.
Users and Roles have modifiable privileges and maybe better suited to the problem you are solving.