34 lines
1.6 KiB
Markdown
34 lines
1.6 KiB
Markdown
# Key Rotation CLI
|
|
|
|
## Module
|
|
Cli
|
|
|
|
## Status
|
|
IMPLEMENTED
|
|
|
|
## Description
|
|
Comprehensive key rotation lifecycle: list keys (with include-revoked filtering), add, revoke, rotate, check status, view history, and verify validity.
|
|
|
|
## Implementation Details
|
|
- **Command Group**: `src/Cli/StellaOps.Cli/Commands/KeysCommandGroup.cs` -- `KeysCommandGroup` for `stella keys` commands
|
|
- **Key Rotation**: `src/Cli/StellaOps.Cli/Commands/Proof/KeyRotationCommandGroup.cs` -- key rotation operations
|
|
- **Issuer Keys**: `src/Cli/StellaOps.Cli/Commands/IssuerKeysCommandGroup.cs` -- issuer key management
|
|
- **Commands**:
|
|
- `stella keys list` -- list signing keys. Options: `--include-revoked`
|
|
- `stella keys add --algorithm <alg> --label <label>` -- add a new signing key
|
|
- `stella keys revoke <key-id>` -- revoke a signing key
|
|
- `stella keys rotate` -- rotate to a new active key
|
|
- `stella keys status` -- check key status and validity
|
|
- `stella keys history` -- view key rotation history
|
|
- `stella keys verify <key-id>` -- verify key validity
|
|
|
|
## E2E Test Plan
|
|
- [ ] Run `stella keys list` and verify active keys displayed
|
|
- [ ] Run `stella keys list --include-revoked` and verify revoked keys also shown
|
|
- [ ] Run `stella keys add --algorithm ecdsa-sha256 --label "production-2024"` and verify key added
|
|
- [ ] Run `stella keys revoke <id>` and verify key revoked
|
|
- [ ] Run `stella keys rotate` and verify new active key generated
|
|
- [ ] Run `stella keys status` and verify key validity status
|
|
- [ ] Run `stella keys history` and verify rotation history timeline
|
|
- [ ] Run `stella keys verify <id>` and verify key validity check
|