Documentation
¶
Overview ¶
Package keys is the gtb-only `keys` command group. Houses subcommands for the cryptographic operations a tool author runs during release-binary signing setup: mint an OpenPGP key from an existing signer, generate a fresh keypair locally, and (in future revisions) verify, fingerprint, import-from-wkd, etc.
This package lives under `internal/cmd/` rather than `pkg/cmd/` because the commands belong to the framework author, not the framework's downstream consumers — a scaffolded `mytool` whose users build a CLI for managing customer databases has no reason to expose `mytool keys mint`.
See docs/development/specs/2026-06-08-keys-mint-command.md.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewCmdKeys ¶
NewCmdKeys returns the top-level `gtb keys` command group with its subcommands attached. Mirrors the shape of internal/cmd/generate's constructor so the gtb root can compose it the same way.
func NewCmdKeysGenerate ¶
NewCmdKeysGenerate returns the `gtb keys generate` subcommand. Generates a fresh keypair entirely in-process (no shell-out, no external dependencies) and writes both halves to disk. Used during onboarding for the rotation-authority key and the tutorial / local signing key.
func NewCmdKeysMint ¶
NewCmdKeysMint returns the `gtb keys mint` subcommand. Wraps an existing signer (KMS or local PEM file) in OpenPGP framing and writes the armored public half to a file.
func NewCmdKeysWKD ¶
NewCmdKeysWKD returns the `gtb keys wkd` subcommand. Reads one or more armored OpenPGP public keys and emits a Web Key Directory tree (per draft-koch-openpgp-webkey-service §3.1) ready to upload to a static host.
Spec: docs/development/specs/2026-06-09-keys-wkd-command.md.
Types ¶
This section is empty.
Source Files