fix(cli/org): rotate-key writes member key blobs atomically (crash-safe)

2026-06-20 13:17:16 -04:00
parent 558da3bd75
commit 3b6dbbe353
1 changed files with 1 additions and 1 deletions
--- a/crates/relicario-cli/src/commands/org.rs
+++ b/crates/relicario-cli/src/commands/org.rs
@@ -376,7 +376,7 @@ pub fn run_rotate_key(dir: &Path) -> Result<()> {
        let wrapped = wrap_org_key(&new_org_key, &member.ed25519_pubkey)
            .with_context(|| format!("wrap key for {}", member.display_name))?;
        let key_path = vault.member_key_path(&member.member_id);
-        fs::write(&key_path, &wrapped)
+        crate::org_session::atomic_write(&key_path, &wrapped)
            .with_context(|| format!("write key for {}", member.display_name))?;
        staged_paths.push(format!("keys/{}.enc", member.member_id.as_str()));
    }