Need to keep the key hash in place (can also serve as a marker that the backup key exists), and provide a mechanism to obtain the backup key when needed for rollover.
(possibly an http call to an endpoint that will scp the backup key to the server, but needs to prevent an intruder from using this to obtain the backup key. alternative would be to schedule backup key delivery and just defer key rotation until backup key is available.)
(also provide notification/http call when rollover is complete to have new backup keys removed from server.)
Add a mode where backup keys are stored offline.
Need to keep the key hash in place (can also serve as a marker that the backup key exists), and provide a mechanism to obtain the backup key when needed for rollover.
(possibly an http call to an endpoint that will scp the backup key to the server, but needs to prevent an intruder from using this to obtain the backup key. alternative would be to schedule backup key delivery and just defer key rotation until backup key is available.) (also provide notification/http call when rollover is complete to have new backup keys removed from server.)