[Unit]
Description=KeyManager Agent
Documentation=https://github.com/your-org/keymanager
After=network.target
Wants=network-online.target

[Service]
Type=simple
ExecStart=/usr/local/bin/keymanager-agent
Restart=always
RestartSec=10
User=root
StandardOutput=journal
StandardError=journal
SyslogIdentifier=keymanager-agent

# Security hardening
NoNewPrivileges=true
ProtectSystem=false
ProtectHome=false

[Install]
WantedBy=multi-user.target