Time-based transit key autorotation (#13691)

* Add auto_rotate_interval field to transit key creation path. * Add auto_rotate_interval field to transit key config update path. * Implement transit automatic key rotation on an hourly interval. * Fixes transit key autorotation key listing typo. * Add unit tests for transit key autorotation. * Add unit tests for transit key creation with autorotation interval. * Add unit tests for transit key config update with autorotation interval. * Document new auto_rotate_interval fields in key creation and key config update endpoints. * Add changelog for transit key autorotation. * Wrap individual transit key autorotation in a policy lock. * Add a safeguard to transit key autorotation to ensure only one execution happens simultaneously.
2025-11-02 03:27:54 +00:00 · 2022-01-20 09:10:15 -06:00
parent 4183183318
commit df217c6e2c
10 changed files with 558 additions and 5 deletions
--- a/sdk/helper/keysutil/policy.go
+++ b/sdk/helper/keysutil/policy.go
@@ -374,6 +374,10 @@ type Policy struct {
 	// policy object.
 	StoragePrefix string `json:"storage_prefix"`

+	// AutoRotateInterval defines how frequently the key should automatically
+	// rotate. Setting this to zero disables automatic rotation for the key.
+	AutoRotateInterval time.Duration `json:"auto_rotate_interval"`
+
 	// versionPrefixCache stores caches of version prefix strings and the split
 	// version template.
 	versionPrefixCache sync.Map