Key rotation

When to rotate

• Before production launch after local or staging integration work.
• After a developer, vendor, or deployment system no longer needs access.
• After suspected exposure in logs, client code, support tickets, or CI output.
• During planned security maintenance for production environments.

Safe rotation sequence

• Create a replacement key in the same environment.
• Deploy the new key to the correct server-side or client-side location.
• Verify first use in key inventory and event stream.
• Revoke the old key only after traffic has moved.
• Watch alerts and ingestion errors after revocation.

Production caution

Revoking a production secret key immediately blocks servers that still use it from publishing transaction evidence. Use the confirmation field in the control plane as a pause point, not as the only safety control.