pub fn rotate_key(
alias: &str,
new_passphrase: &str,
keychain: &(dyn KeyStorage + Send + Sync),
) -> Result<(), AgentError>Expand description
Rotates the keypair for a given alias in the secure storage only.
This generates a new Ed25519 keypair, encrypts it with the new_passphrase,
and overwrites the existing entry for alias in the platform’s keychain or
secure storage. The key remains associated with the same Controller DID
as the original key.
Warning: This function does not update any corresponding identity
representation in a Git repository (e.g., changing the Controller DID stored
in an identity commit or creating a KERI rotation event). Using this function
alone may lead to inconsistencies if the identity representation relies on the
public key associated with the Controller DID. It also does not automatically
update the key loaded in the running agent; load_keys_into_agent or restarting
the agent may be required.
§Arguments
alias: The alias of the key entry in secure storage to rotate.new_passphrase: The passphrase to encrypt the new private key with.
§Returns
Ok(()) on success, or an AgentError if the alias is not found, key generation
fails, encryption fails, or storage fails.