Getting Started with Keys and Key Management in the SDK

This guide will introduce you to Grapheene Keys and how to manage them.

Keys are the set of credentials required for access to the Grapheene SDK. The Key is comprised of the Key Client and the Key Ring in which the Key Client is stored. This Key Ring is the space where both the master and the derived keys (the pair of public and private keys for each Member of the keyring) are stored.

The Key Rings are stored within the KEY WARDEN. The Key Warden helps support the Key Ring management for creation, naming, rotating and deleting. This is extremely helpful when managing multiple sets of Keys.

Creating a Key Client and Key Ring

let client = await KeyClient.create({
   store: {
      file: {
         rootDir: KeyStoreDir
      }
   }
})

let ring = await client.ring.create('new')

Creating a New Key Ring

  • name: {required; string} Update this with the desired Key Ring name.
create(name: string, algo?: Algorithm): Promise<IKeyRing>

Rotating a Key Client

Caution when Rotating

This command rotates a Key Client.

await ring.rotate()

Deleting a Key Ring

Caution when Deleting

If a Key Ring is deleted, all Key Clients within that Key Ring are also deleted.

Keys cannot be restored once deleted.

Before proceeding be sure to have moved your data to encryption under a different set of credentials or removed the encryption from the data.

Key Rings need to be deleted using the Key Ring name.

  • Replace ring with the name of the Key Ring you are looking to delete.
delete(name: ring): Promise<void>  

Setting up Auto Rotation

Grapheene provides an option to setup Auto Rotation for your Key Rings.

let client = await KeyClient.create({
   store: {
      file: {
         rootDir: KeyStoreDir
      }
   }
})
let ring = await client.ring.create('new')
ring.saveConfig({
 algos: {
  [Algorithm.AES256]: { 
    maxEncryptCount: X
  }
 }
))