Complete cryptographic key lifecycle management with rotation and storage.
Manage cryptographic keys throughout their entire lifecycle - generation, rotation, storage, and destruction.
- Key Generation: Generate RSA, ECDSA, AES, and other cryptographic keys
- Lifecycle Management: Track key status from generation to destruction
- Key Rotation: Automated key rotation with configurable policies
- Key Storage: Secure key storage with multiple backend support
- Policy Enforcement: Enforce key policies for compliance
- Comprehensive Reporting: Detailed lifecycle and rotation reports
git clone https://github.com/hallucinaut/keyvault.git
cd keyvault
go build -o keyvault ./cmd/keyvault
sudo mv keyvault /usr/local/bin/go install github.com/hallucinaut/keyvault/cmd/keyvault@latest# Generate a new cryptographic key
keyvault generate --algorithm rsa --key-size 2048# List all keys in vault
keyvault list# Rotate an existing key
keyvault rotate key-123# Schedule key rotation
keyvault schedule key-123 --policy policy-90-days# Check rotation schedules
keyvault check# Export a key
keyvault export key-123
# Import a key
keyvault import key.pem# Generate key vault report
keyvault reportpackage main
import (
"fmt"
"github.com/hallucinaut/keyvault/pkg/lifecycle"
"github.com/hallucinaut/keyvault/pkg/storage"
"github.com/hallucinaut/keyvault/pkg/rotation"
)
func main() {
// Create lifecycle manager
manager := lifecycle.NewKeyLifecycleManager()
// Generate key
key, err := manager.GenerateKey(lifecycle.AlgorithmRSA, 2048, []lifecycle.KeyUsage{
lifecycle.UsageEncryption, lifecycle.UsageDecryption,
})
if err != nil {
panic(err)
}
fmt.Printf("Generated key: %s\n", key.ID)
// Activate key
err = manager.ActivateKey(key.ID)
if err != nil {
panic(err)
}
// Store key
keyStorage := storage.NewKeyStorage(&storage.StorageConfig{
Backend: storage.BackendMemory,
})
metadata := storage.KeyMetadata{
ID: key.ID,
Algorithm: string(key.Algorithm),
KeySize: key.KeySize,
}
keyData, _ := manager.ExportKeyPEM(key.ID)
keyStorage.StoreKey(key.ID, keyData, metadata)
// Set up rotation
rotationManager := rotation.NewRotationManager()
rotationManager.AddPolicy(rotation.CreateDefaultPolicy())
schedule, _ := rotationManager.CreateSchedule(key.ID, "default")
fmt.Printf("Next rotation: %s\n", schedule.NextRotation.Format("2006-01-02"))
// Check rotation status
overdue := rotationManager.GetOverdueKeys()
fmt.Printf("Overdue keys: %d\n", len(overdue))
}| Algorithm | Key Sizes | Use Case |
|---|---|---|
| RSA | 2048, 3072, 4096 | Encryption, Signing |
| ECDSA | 256, 384, 521 | Signing, Key Agreement |
| AES | 128, 192, 256 | Symmetric Encryption |
| ChaCha20 | 256 | Stream Encryption |
| Ed25519 | 256 | Digital Signatures |
| State | Description |
|---|---|
| Generated | Key created but not yet active |
| Active | Key is in use |
| Deprecated | Key being phased out |
| Revoked | Key revoked due to compromise |
| Destroyed | Key securely deleted |
| Policy | Rotation Period | Max Rotations | Auto Rotate |
|---|---|---|---|
| 90 Day | 90 days | 10 | No |
| 180 Day | 180 days | 8 | Yes |
| Annual | 365 days | 5 | Yes |
keyvault/
βββ cmd/
β βββ keyvault/
β βββ main.go # CLI entry point
βββ pkg/
β βββ lifecycle/
β β βββ lifecycle.go # Key lifecycle management
β β βββ lifecycle_test.go # Unit tests
β βββ storage/
β β βββ storage.go # Key storage
β β βββ storage_test.go # Unit tests
β βββ rotation/
β βββ rotation.go # Key rotation
β βββ rotation_test.go # Unit tests
βββ README.md
# Run all tests
go test ./...
# Run with coverage
go test -cover ./...
# Run specific test
go test -v ./pkg/lifecycle -run TestGenerateKey$ keyvault generate
Generate Cryptographic Key
==========================
Available Policies:
[1] RSA 2048 Standard
ID: policy-rsa-2048
Algorithm: rsa
Key Size: 2048
Max Lifetime: 365h0m0s
Auto Rotate: false
[2] RSA 4098 High Security
ID: policy-rsa-4096
Algorithm: rsa
Key Size: 4096
Max Lifetime: 730h0m0s
Auto Rotate: true
Generating sample keys...
[1] Key Generated:
ID: key-1234567890
Algorithm: rsa
Key Size: 2048 bits
Status: generated
Created: 2024-01-15 10:30:00
Expires: 2025-01-15 10:30:00
- Key Generation: Generate secure cryptographic keys
- Key Storage: Store keys securely with encryption
- Key Rotation: Automatically rotate keys per policy
- Key Lifecycle: Track keys from creation to destruction
- Compliance: Meet regulatory key management requirements
- Use strong algorithms: Prefer RSA-4096, ECDSA-384, or AES-256
- Regular rotation: Rotate keys every 90-180 days
- Secure storage: Use HSM or encrypted storage
- Access control: Limit key access to authorized personnel
- Audit logging: Log all key operations
- Backup keys: Maintain secure key backups
- Destroy properly: Securely destroy old keys
MIT License
- Cryptographic standards bodies
- Key management community
- Security professionals
build with GPU by hallucinaut