Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Each KeyVersion has one of the following status values:
- Primary: This key can verify or decrypt existing data and can sign or encrypt new data.
- Active: This key can only verify or decrypt existing data.
- Inactive: This key can only verify or decrypt existing data and may be revoked at any time.
A primary key can only be demoted to an active key. An active key can be promoted to primary or made inactive. A key that is inactive can be promoted to active or removed entirely (i.e. revoked).
A key set can have at most one primary key at any time. Thus promoting an active key to be the new primary key automatically demotes the old primary key (if one exists) to an active key. Demoting a primary key has no effect on the rest of the key set. It is permissible for a key set to not have a primary key at all (e.g. a legacy key set of just active keys).
KeyStatus values are represented as the string "PRIMARY", "ACTIVE" or "INACTIVE", respectively.