Add key-rotation procedure and tooling for custodial wallet encryption

## Problem
Custodial wallets are encrypted with `WALLET_ENCRYPTION_KEY`. There is no implemented rotation tool/runbook, which is required for incident response and routine security hygiene.

## Acceptance criteria
- [ ] Add a CLI script to re-encrypt all `custodial_wallets` rows with a new key (old->new)
- [ ] Support dual-key read during rotation window (optional but preferred)
- [ ] Add runbook steps: backup, rotate, verify, rollback
- [ ] Add metrics/logging for rotation progress (no secrets)


Key rotation / backup: rotate WALLET_ENCRYPTION_KEY by re-encrypting all rows


## Priority
P1 / High

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add key-rotation procedure and tooling for custodial wallet encryption #160

Problem

Acceptance criteria

Priority

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Add key-rotation procedure and tooling for custodial wallet encryption #160

Description

Problem

Acceptance criteria

Priority

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions