Skip to content

feat: add keygen subcommand to the platform binary #3673

Description

@marythought

The PQC keygen (service/cmd/keygen/) is currently a standalone main package, separate from the opentdf cobra CLI. This means it's not included in the platform Docker image, and the quickstart docker-compose has to spin up a golang:1.25-alpine container, do a sparse git checkout, and go run the keygen — which is slow and creates version-mismatch risk.

Proposal: Move the keygen logic into a cobra subcommand on the existing opentdf binary, alongside start, provision, and migrate. For example:

opentdf keygen --output /keys

Benefits:

  • The keygen is always the same version as the platform binary — no format mismatches
  • The quickstart generate-pqc-keys service becomes a one-liner using the existing platform image (no Go toolchain, no git clone)
  • Faster quickstart startup

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions