21 lines
925 B
Go
21 lines
925 B
Go
package main
|
|
|
|
// SubstrateKeyManager implements the SPIRE KeyManager plugin interface.
|
|
//
|
|
// SPIRE Server uses KeyManager plugins to generate, store, and use signing
|
|
// keys for SVID issuance. This plugin adds governance awareness:
|
|
//
|
|
// - Key generation: Standard Ed25519/ECDSA key generation
|
|
// - Key storage: Keys stored in memory (ephemeral) or filesystem (persistent)
|
|
// - Key rotation: Triggers a governance ceremony when Accord policy requires it
|
|
// - Audit: Key lifecycle events (generate, rotate, destroy) are merkle-anchored
|
|
//
|
|
// The governance integration ensures that CA key changes (which affect all
|
|
// issued SVIDs) are treated as high-impact governed mutations, typically
|
|
// requiring quorum approval.
|
|
type SubstrateKeyManager struct {
|
|
// TODO: add fields
|
|
// - key store (in-memory or filesystem)
|
|
// - governance.Client for ceremony-gated rotation
|
|
// - config for key algorithm, rotation policy
|
|
}
|