Cryptographic Key Lifecycle¶
This page describes how the Identity Operations Platform manages cryptographic signing keys over time to keep signatures secure, verifiable, and operationally reliable.
Purpose¶
Key lifecycle management exists to:
- limit long-term key exposure
- enforce predictable rotation
- preserve verification continuity
- remove expired key material in a controlled way
Lifecycle States¶
Signing keys progress through defined lifecycle states:
| State | Meaning |
|---|---|
| Active | Key may be used for signing and verification. |
| Retired | Key is no longer used for signing but may still be used for verification until hard expiry. |
| Expired | Key is no longer valid for signing or verification. |
| Deleted | Key material is permanently removed as part of cleanup policy. |
Rotation and Retirement¶
The platform rotates keys before hard expiry based on configured lifecycle intervals.
When rotation occurs:
- a new key is created
- the previous active key is marked as retired
- signing shifts to eligible active keys
This creates controlled key turnover without breaking short-term verification continuity.
Hard Expiry and Cleanup¶
After the configured maximum key lifetime:
- the key is treated as expired
- it is no longer valid for signing or verification
- cleanup removes expired internal key material
This enforces a hard security boundary and prevents indefinite key reuse.
Lifecycle Parameters¶
Two lifecycle controls define timing behavior:
SIGNER_KEY_RETIRE_AFTER: scheduled retirement interval (rotation trigger)SIGNER_KEY_LIVETIME: maximum key lifetime (hard expiry boundary)
The retirement interval must remain smaller than the maximum lifetime to ensure safe overlap and deterministic progression.
Priority and Eligibility¶
Signing uses eligible keys only. Eligibility is based on lifecycle and status conditions, and key priority is used to select preferred signing keys.
This ensures stable signing behavior during normal operation and lifecycle transitions.
Internal vs Externally Managed Keys¶
The platform distinguishes between:
- internally managed key material
- externally managed key material
Internal key rotation and cleanup are automated by lifecycle policy. Externally managed key material follows external governance and is not treated as internally generated key material.
Why This Matters for Operations and Audit¶
A controlled key lifecycle is essential for:
- trustworthy signature validation over time
- predictable maintenance operations
- reduced cryptographic risk
- defensible audit evidence
Without disciplined rotation and expiry controls, signature trust degrades and long-term assurance weakens.
Customer Guidance¶
- Define retirement and lifetime intervals that match your risk and compliance profile.
- Monitor rotation and cleanup jobs as part of normal operations.
- Keep secure backup and recovery procedures for required verification keys.
- Review key lifecycle settings after major policy or regulatory changes.
Related Principle¶
For signed audit records and non-repudiation behavior, see Audit Integrity and Non-Repudiation.
Summary¶
The Identity Operations Platform key lifecycle model combines rotation, retirement, hard expiry, and cleanup to keep signature operations secure and auditable across the full operational lifecycle.