Key Management
Generate and manage cryptographic keys for agent identity.
Commands
- sekuire keygen - Generate Ed25519 keypair
- sekuire hash - Calculate Sekuire ID
keygen
Generate a new Ed25519 keypair for signing your agent.
sekuire keygen [OPTIONS]
Options
| Option | Description |
|---|---|
--force | Overwrite existing keys |
Example
Terminal
$ sekuire keygen
Generating Ed25519 Keypair...
Keys generated!
Private: .sekuire/secret.key (KEEP SAFE)
Public: .sekuire/public.key
Public Key Hash: a1b2c3d4e5f6...
Generated Files
| File | Description |
|---|---|
.sekuire/secret.key | Private key (hex-encoded) - Never share or commit |
.sekuire/public.key | Public key (hex-encoded) - Safe to share |
important
Add .sekuire/secret.key to your .gitignore. Losing your private key means losing your agent identity.
hash
Calculate the deterministic Sekuire ID (fingerprint) for your agent without publishing.
sekuire hash
The Sekuire ID is a content-addressable hash computed from your sekuire.yml manifest. It uniquely identifies your agent based on its configuration.
Example
Terminal
$ sekuire hash
Sekuire ID (Fingerprint): 7f8a9b3c2d1e...
How It Works
The ID is computed using BLAKE3:
SekuireID = BLAKE3(
canonicalize(model_name) ||
BLAKE3(system_prompt) ||
BLAKE3(tools_schema)
)
Components hashed:
- Project name and version
- Identity configuration (model, provider)
- System prompt content
- Tools schema
- Public key
Any change to these values produces a different ID.
Use Cases
- Preview ID before publishing - See what your agent's ID will be
- Verify ID matches expected value - Ensure manifest hasn't changed unexpectedly
- CI/CD validation - Check ID consistency in deployment pipelines
CI/CD Example
# Verify ID matches expected value
EXPECTED_ID="7f8a9b3c2d1e..."
ACTUAL_ID=$(sekuire hash | grep "Sekuire ID" | awk '{print $NF}')
if [ "$EXPECTED_ID" != "$ACTUAL_ID" ]; then
echo "Error: Sekuire ID mismatch!"
exit 1
fi
Key Security
Best Practices
- Never commit
.sekuire/secret.key - Backup your private key securely
- Rotate keys if compromised using
sekuire keygen --force - Use different keys for dev/staging/production
Recovery
If you lose your private key:
- Generate a new keypair with
sekuire keygen --force - Re-publish your agent with
sekuire push - Your agent will have a new identity