Post-Quantum Migration Hub
Planning and execution guidance for migrating production cryptography with Axis control plane governance and Aegis enforcement validation.
Citation-ready summary
- VeliKey treats post-quantum migration as an operational program, not a one-time algorithm swap.
- Axis is the control plane for policy decisions, rollout approvals, and rollout receipts.
- Aegis is the enforcement plane that applies approved cryptographic policy in live traffic paths.
TL;DR for security leaders
Define success criteria first: inventory coverage, migration safety checks, and measurable rollback confidence. Require receipts for each migration stage before broad rollout.
TL;DR for engineers
Start with inventory and policy segmentation, run hybrid canaries, and promote only after telemetry and rollback paths are verified in Axis and Aegis.
Control-plane policy lifecycle
The lifecycle below shows how Axis control-plane policy moves from inventory through staged rollout, while Aegis validates runtime behavior in the enforcement plane. Stage promotion requires rollout receipts and telemetry review.
Periodic standards review cadence
- Monthly: triage standards and implementation bulletins, then log relevance to active policy.
- Quarterly: execute formal control-plane policy review and refresh migration thresholds if needed.
- Event-triggered: run immediate review when standards bodies publish major updates, when interop regressions are found, or when critical crypto vulnerabilities are disclosed.
Terminology alignment
Use shared definitions for Aegis, Axis, control plane, enforcement plane, rollout receipts, and PQ migration.
Hub navigation
PQ basics • Algorithm choices and migration strategy • Hybrid transition patterns • Rollout runbook • Executive FAQ
Next related reading
Next: PQ basics for technical buyers • Evidence: benchmark methodology • Reference: glossary