Skip to content

feat: add key autorotate policy#900

Open
Manuthor wants to merge 6 commits into
developfrom
feat/key_autorotate_policy
Open

feat: add key autorotate policy#900
Manuthor wants to merge 6 commits into
developfrom
feat/key_autorotate_policy

Conversation

@Manuthor
Copy link
Copy Markdown
Contributor

@Manuthor Manuthor commented Apr 3, 2026
edited
Loading

Key Auto-Rotation (Scheduled / Policy-Driven)

  • KMIP link chain: ReKey links old and new keys via ReplacementObjectLink / ReplacedObjectLink (#859).
  • Auto-rotation background task: run_auto_rotation() scans all objects due for rotation and rotates them automatically; supports SymmetricKey (ReKey), Certificate (Certify upsert), and PrivateKey/PublicKey (RSA/EC/PQC key pairs).
  • Policy inheritance: new key inherits rotate_interval, rotate_name, rotate_offset from the old key; old key gets rotate_interval = 0 to prevent re-rotation.
  • Rotation lineage in key names: user-defined UIDs produce "toto_<uuid>" children; UUID suffix stripped on subsequent rotations.
  • Certificate renewal: creates entirely new objects (cert + key pair) with ReplacementObjectLink/ReplacedObjectLink; serial number mixed with timestamp to guarantee unique DER bytes per RFC 5280.
  • CLI: sym keys set-rotation-policy sub-command; --rotate-interval/--rotate-name/--rotate-offset flags on all create commands; re-key sub-commands for RSA, EC, PQC.
  • Web UI: Re-Key pages for all key types; Auto Rotation Policy panel in all Create and Certificate Certify forms; inline Auto-Rotate button in the Locate table.
  • Server flag: --auto-rotation-check-interval-secs to configure the background cron interval.

Renewal Notification System

  • NotificationsStore trait: backed by SQLite, PostgreSQL, MySQL (notifications table); Redis uses a no-op store.
  • dispatch_renewal_warnings: scans objects approaching rotation deadline, creates DB notifications, and sends e-mails via optional SMTP notifier (no feature flag — controlled by KMS_SMTP_HOST).
  • HTTP routes: GET /api/notifications, GET /api/notifications/count-unread, POST /api/notifications/{id}/read, POST /api/notifications/read-all.
  • Web UI: NotificationBell in header with live unread badge and inline Popover; full list at /notifications.
  • Security: SmtpConfig::Debug redacts the SMTP password with <redacted>.

Closes #859

@Manuthor Manuthor force-pushed the feat/key_autorotate_policy branch 6 times, most recently from ef7ba40 to 8e7485d Compare April 8, 2026 11:46
@Manuthor Manuthor marked this pull request as ready for review April 10, 2026 20:50
@Manuthor Manuthor force-pushed the feat/key_autorotate_policy branch 4 times, most recently from 948fe9f to 114b984 Compare April 16, 2026 22:12
HatemMn
HatemMn reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@HatemMn HatemMn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Partial review only,

UI review will follow soon

As a general comment, some clippy allow might be omitted or if they are necessary is it possible to pls add a comment in from of them to explain "why" ? (otherwise they will be catched at later works)

Image

Comment thread crate/server/src/core/operations/auto_rotate.rs
Comment thread crate/server/src/core/operations/auto_rotate.rs
Comment thread crate/server/src/core/operations/auto_rotate.rs
Comment thread crate/server/src/core/operations/auto_rotate.rs
Comment thread crate/server/src/notifications/email.rs
HatemMn
HatemMn reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@HatemMn HatemMn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other than than those comments amazing work, looks good and working well !

Comment thread ui/src/pages/NotificationsPage.tsx
Comment thread ui/src/pages/NotificationsPage.tsx
Comment thread ui/src/SymKeysReKey.tsx
Comment thread ui/src/actions/Keys/SetRotationPolicy.tsx
HatemMn
HatemMn approved these changes Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@HatemMn HatemMn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

@Manuthor Manuthor force-pushed the feat/key_autorotate_policy branch from 065a9a4 to 7c3c6e7 Compare April 18, 2026 22:22
@Manuthor Manuthor force-pushed the feat/key_autorotate_policy branch from 3cc9c88 to f87b359 Compare May 6, 2026 14:30
@Manuthor Manuthor force-pushed the feat/key_autorotate_policy branch from b38c497 to 76d0a51 Compare May 7, 2026 12:22
@Manuthor Manuthor force-pushed the feat/key_autorotate_policy branch from 76d0a51 to 348d562 Compare May 7, 2026 12:23
github-actions Bot and others added 4 commits May 7, 2026 12:52
@github-actions
build: update Nix vendor hashes (macOS)
561947b
@Manuthor
fix: wip
fde611a
@Manuthor
fix: allow sub-day rotate_interval in test builds
c558d73 
The validation enforcing rotate_interval >= 86400 was guarded only by
#[cfg(not(feature = "insecure"))], but Nix CI builds tests without
the insecure feature, causing all rekey_rotation_tests to fail with
"rotate_interval must be 0 (disabled) or at least 86400 (1 day)".

Guard with #[cfg(not(any(feature = "insecure", test)))] so unit-test
builds (which always set cfg(test)) can use small intervals for fast
lifecycle tests, while production builds still enforce the 1-day floor.
@github-actions
build: update Nix vendor hashes (Linux)
51ce8a0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@HatemMn HatemMn HatemMn approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Scheduled / policy-driven key auto-rotation

2 participants

@Manuthor @HatemMn