22 lines
799 B
Go
22 lines
799 B
Go
// Substrate KeyManager — SPIRE KeyManager plugin.
|
|
//
|
|
// Runs in SPIRE Server. Manages signing keys with governance-aware rotation.
|
|
// Key rotation events require ceremony approval when the Accord policy demands it,
|
|
// ensuring that CA key changes are governed mutations.
|
|
package main
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
)
|
|
|
|
func main() {
|
|
// TODO: wire up go-plugin serve with SPIRE KeyManager interface
|
|
// The plugin will:
|
|
// 1. Generate and store signing keys (Ed25519 for SSH, ECDSA for X.509)
|
|
// 2. Provide signing operations to SPIRE Server
|
|
// 3. On key rotation: create a governance intent and await ceremony approval
|
|
// 4. Submit key rotation events to NotaryService for merkle anchoring
|
|
fmt.Fprintln(os.Stderr, "substrate-keymanager: SPIRE KeyManager plugin (not yet implemented)")
|
|
os.Exit(1)
|
|
}
|