39 lines
1.7 KiB
Go
39 lines
1.7 KiB
Go
// monorepo/cloud/maplefile-backend/internal/domain/crypto/domain/keys/rotation.go
|
|
package crypto
|
|
|
|
import (
|
|
"time"
|
|
|
|
"github.com/gocql/gocql"
|
|
)
|
|
|
|
// EncryptedHistoricalKey represents a previous version of a key
|
|
type EncryptedHistoricalKey struct {
|
|
KeyVersion int `json:"key_version" bson:"key_version"`
|
|
Ciphertext []byte `json:"ciphertext" bson:"ciphertext"`
|
|
Nonce []byte `json:"nonce" bson:"nonce"`
|
|
RotatedAt time.Time `json:"rotated_at" bson:"rotated_at"`
|
|
RotatedReason string `json:"rotated_reason" bson:"rotated_reason"`
|
|
// Algorithm used for this key version
|
|
Algorithm string `json:"algorithm" bson:"algorithm"`
|
|
}
|
|
|
|
// KeyRotationPolicy defines when and how to rotate keys
|
|
type KeyRotationPolicy struct {
|
|
MaxKeyAge time.Duration `json:"max_key_age" bson:"max_key_age"`
|
|
MaxKeyUsageCount int64 `json:"max_key_usage_count" bson:"max_key_usage_count"`
|
|
ForceRotateOnBreach bool `json:"force_rotate_on_breach" bson:"force_rotate_on_breach"`
|
|
}
|
|
|
|
// KeyRotationRecord tracks rotation events
|
|
type KeyRotationRecord struct {
|
|
ID gocql.UUID `bson:"_id" json:"id"`
|
|
EntityType string `bson:"entity_type" json:"entity_type"` // "user", "collection", "file"
|
|
EntityID gocql.UUID `bson:"entity_id" json:"entity_id"`
|
|
FromVersion int `bson:"from_version" json:"from_version"`
|
|
ToVersion int `bson:"to_version" json:"to_version"`
|
|
RotatedAt time.Time `bson:"rotated_at" json:"rotated_at"`
|
|
RotatedBy gocql.UUID `bson:"rotated_by" json:"rotated_by"`
|
|
Reason string `bson:"reason" json:"reason"`
|
|
AffectedItems int64 `bson:"affected_items" json:"affected_items"`
|
|
}
|