A Developer's Guide to Post-Quantum Migration

You probably have RSA or ECDSA keys in your codebase right now. Maybe in your JWT auth. Maybe in your TLS config. Maybe in that encryption module someone wrote three years ago. Here's the thing: NIST is planning to deprecate RSA by 2030 and disallow it by 2035 (NIST IR 8547). Not because RSA is broken today — but because quantum computers will break it, and that timeline is closer than most developers realize. This isn't a theoretical threat. It has a name: Harvest Now, Decrypt Later (HNDL). What is Harvest Now, Decrypt Later? The concept is simple: Today : Adversaries intercept your encrypted traffic (TLS sessions, API calls, database backups) Store : They stockpile the encrypted data — storage is cheap Future : When quantum computers can run Shor's algorithm at scale, they decrypt everything retroactively The NSA has confirmed that nation-state actors are doing this right now. If your encrypted data has a shelf life longer than ~10 years, it's already at risk. This matters for every