Class: KeyManager
Defined in: src/auth/jwt/key-manager.ts:151
ES256 key manager.
Remarks
Manages ES256 (ECDSA P-256) key pairs for JWT signing. Keys are stored in Redis and support rotation with overlap.
Example
const keyManager = new KeyManager({ redis, logger });
// Get current signing key
const key = await keyManager.getCurrentKey();
// Get all valid keys for verification
const allKeys = await keyManager.getValidKeys();
// Rotate keys
await keyManager.rotateKeys();
Constructors
new KeyManager()
new KeyManager(
options):KeyManager
Defined in: src/auth/jwt/key-manager.ts:171
Creates a new KeyManager.
Parameters
options
Key manager options
Returns
Methods
getCurrentKey()
getCurrentKey():
Promise<KeyPair>
Defined in: src/auth/jwt/key-manager.ts:185
Gets the current signing key.
Returns
Promise<KeyPair>
Current key pair for signing
Remarks
Creates a new key if none exists.
getJWKS()
getJWKS():
Promise<JSONWebKeySet>
Defined in: src/auth/jwt/key-manager.ts:250
Gets JWKS (JSON Web Key Set) for public key distribution.
Returns
Promise<JSONWebKeySet>
JWKS containing all valid public keys
getKey()
getKey(
kid):Promise<null|KeyPair>
Defined in: src/auth/jwt/key-manager.ts:221
Gets a specific key by ID.
Parameters
kid
string
Key ID
Returns
Promise<null | KeyPair>
Key pair or null if not found
getValidKeys()
getValidKeys():
Promise<ReadonlyMap<string,KeyPair>>
Defined in: src/auth/jwt/key-manager.ts:204
Gets all valid keys for verification.
Returns
Promise<ReadonlyMap<string, KeyPair>>
Map of kid to KeyPair
Remarks
Includes current key and any keys in overlap period.
rotateKeys()
rotateKeys():
Promise<void>
Defined in: src/auth/jwt/key-manager.ts:232
Rotates keys.
Returns
Promise<void>
Remarks
Creates a new key and moves old key to overlap period.