PureKit

This guide shows how to manage your Virgil PureKit credentials using Virgil CLI.

This command is used to generate all Pure key pairs for an application:

$ virgil purekit keygen all

Example: Alice has created her application and wants to initialize PureKit in it. Therefore, she generates all the required keys with the CLI:

> virgil purekit keygen all

----------------------------------------------------------------------------------
Backup keypair - is used to decrypt any data in case of some failure
Backup Public key: BU.MCowBQYDK2VwAyEAm...fKqPmuPMtzPW4=
Backup Private key (must be placed in some cold storage (HSM or safe)): MDACAQAwBwYDK2VwB...+m7yJnxNhlM58XvbzOjrY=
==================================================================================
NM.UVZ5Tdzwz12zV34...VJcSyGb4mVZruU=
==================================================================================
SK.1.DbqoNjDeUE...+kY3hlLb4jmOzg=.OYqXMAS3q7HPYGd...YxuHDaHVMPg=.bcC6y8oI6Ddz6EsoWb...DoYu23boqE=
----------------------------------------------------------------------------------

All Keys successfully generated.

This command is used to generate a new Secret key for an application:

virgil purekit keygen secret

New secret key:
SK.1.YyQVqDCjDJq6Zx1+...jr245EgRGRr1Nv6r5QAPvzU0QPQ=
App Secret Key successfully created.

This command is used to generate a new Auth key for an application:

$ virgil purekit keygen auth

Example: Alice generates an Auth key for her Pure application:

> virgil purekit keygen auth
o9Hu6YfhDiaOr2Bi31Xt.....YA8aOoU4rh7Z+t5O8=
Auth Key successfully created.

This command is used to generate a Backup key pair for an application:

$ virgil purekit keygen backup

Example: Alice generates a Backup key pair separately:

> virgil purekit keygen backup

Backup keypair - is used to decrypt any data in case of some failure
Backup Public key: BU.MCowBQYDK2VwAyEANp/pRgiQD2B...ACPan15kaE8syy/ZJ8GvEZO025BHg=
Backup Private key (Must be placed in some cold storage (HSM or safe)): MDACAQAwBwYDK2Vw...FWwFvi2Ylz6y5tciZxSE=
Backup keypair successfully generated.

This command is used to generate a Virgil Storage key pair for an application:

$ virgil purekit keygen signing

Example: Alice generates a Virgil Storage key pair for her Pure application:

> virgil purekit keygen signing

VSSK.MDACAQAwBwYDK2..5Js0uiuVYNzr3tO6IemZVSU8xcgZqo8I=
VSPK.MCowBQYDK2VwAy...Frl8ECUs2HUTloo3v8icGu4JxzdaKE=
Storage Keypair successfully generated.

This command is used to generate Own Signing key for an application:

$ virgil purekit keygen own

Example: Alice generates an Own Signing key for her Pure application:

> virgil purekit keygen own

OSSK.MDACAQAwBwY...6bksSa7klSMHKaei1EXNMZvXo6dWesIpaoA=
OSPK.MCowBQYDK2...8M+AaBqYXrWPK4y5U2yMzGQd6+wE5YgU=
Own Signing Keypair successfully generated.

This command is used to generate a new Non-Rotatable Master Secret key:

$ virgil purekit keygen nonrotable-master

Example: Alice generates a Non-Rotatable Master Secret key separately:

> virgil purekit keygen nonrotable-master

NM.YsjOH1IRLaH3OdFSUZ...cpq3yrwZhdxOdqaRpXc494=
Non-Rotatable secret Key succcessfully generated.

This command is used to update the Secret key and Service Public key of a Pure application if your database has been compromised or you need to carry out regular rotation of keys and records:

virgil purekit update-keys <Service Public Key> <Secret Key> <Update Token>

Example

Alice needs to update her PureKit application keys. Firstly, she navigates to Virgil Dashboard and clicks the "BEGIN ROTATION PROCESS" button. As a result, she gets an Update Token. Secondly, she uses the update-keys command to get her new Secret key and Service Public key:

> virgil purekit update-keys PK.1.BFGA3bGvIT...ZBPI4eaISBXi+sA= SK.1.aob9fNEq6...UqCD/wUPvOzfE= UT.2.CiD6g/LR.../3qy7qFPh4XEp0Q=

New service public key:
PK.2.BGDUzYngmv0Doaj...pYa0axg7h8WOzvfrWgLysYww4=
New app secret key:
SK.2.yAhSCl0od...szUMVTl3aQd5A=
Secret Key and Service Public Key successfully updated.