Is it needed/Is there a way to rotate/renew server secret, except restarting nginx ?

bungle / lua-resty-session

Session library for OpenResty – flexible and secure

BSD 2-Clause "Simplified" License

320 stars 111 forks source link

Is it needed/Is there a way to rotate/renew server secret, except restarting nginx ? #56

Closed yw662 closed 1 year ago

yw662 commented 6 years ago

If the server need to run for a long time without restarting, server secret will need to be renewed periodically. So, will lua-resty-session do it automatically, or does it provide a way to do that ?

bungle commented 5 years ago

@yw662,

At the moment it does not support secret rotation, or multiple secrets at same time. Perhaps adding support for secret arrays would be a fix to this. You can of course try to open session with different secrets and do the secret management on your own. Or make a wrapper around session library to do secret management on top.

bungle commented 1 year ago

The new version 4.0.0 has options for secret rotation (aka fallback secrets)