I need a robust process that can generate, revoke, and rotate API keys for my web application while meeting a high-security bar. The solution must create unique, unpredictable keys, enforce configurable expiry dates, and store the secrets in an encrypted vault or key-management service rather than in plain text. Here’s what I expect: • A small, well-documented module or micro-service (language is flexible—Node.js, Python or Go are all fine) that exposes a simple endpoint or CLI for “create”, “list”, “revoke”, and “rotate” actions. • Integration guidance so my front-end can request and validate the key on each call. • Clear instructions on how you’re achieving high security—e.g., rate-limiting on generation, AES-256 at rest, salted HMAC for verification, and optional use of AWS KMS, Azure Key Vault, or HashiCorp Vault. • Short README and a few sample requests that prove everything works end-to-end in a typical web app flow. If you have prior experience hardening API key systems, mention the tooling or frameworks you used and any audits or penetration testing you performed. I’m ready to review a quick outline first, then we can iterate until the acceptance tests pass (keys are unique, cannot be guessed in a randomness test, and cannot be retrieved in plain text from storage). Looking forward to your secure implementation!