With the option to expire keys, Bitbucket should also restrict re-use of the same expired keys ie deletion and re-addition.
The user can re-add his key, but it should use the original expiry date in that case.
Just store the keys in Bitbucket and maybe allow the System Administrator to cleanup expired keys older than XX days.