kenoir
commented
1 year ago Aiming to achieve this in https://github.com/guardian/hmac-headers/pull/20 & https://github.com/guardian/panda-hmac/pull/20.
Open davidfurey opened 1 year ago
kenoir
commented
1 year ago Aiming to achieve this in https://github.com/guardian/hmac-headers/pull/20 & https://github.com/guardian/panda-hmac/pull/20.
It would be useful to support multiple shared secrets. This would allow different API consumers to have different keys, which would simplify the revocation process if one API consumer leaks the key. It would also simplify the process of key rotation, since you could temporarily accept the old and new key.
Before I look at implementing this, it would be great to get others opinions on this.