Problem
SecuScan needs a production-grade improvement in this area: Vault encryption and credential lifecycle..
Scope
Add a key version field for vault entries, support decrypting old entries during rotation, provide an admin rotation command/API, and ensure failed rotations leave data untouched.
Acceptance Criteria
- The implementation is focused and does not introduce unrelated UI, docs, lockfile, or formatting churn.
- Security-sensitive behavior has explicit negative tests where applicable.
- Existing tests continue to pass, and new tests cover the main success and failure paths.
- Documentation or configuration examples are updated when operator behavior changes.
Verification
Unit tests should cover old-key decrypt, new-key encrypt, interrupted rotation rollback, and missing key errors.
Difficulty
Hard, useful issue intended for experienced contributors.
Problem
SecuScan needs a production-grade improvement in this area: Vault encryption and credential lifecycle..
Scope
Add a key version field for vault entries, support decrypting old entries during rotation, provide an admin rotation command/API, and ensure failed rotations leave data untouched.
Acceptance Criteria
Verification
Unit tests should cover old-key decrypt, new-key encrypt, interrupted rotation rollback, and missing key errors.
Difficulty
Hard, useful issue intended for experienced contributors.