Password rotation

[simoncarbajal]

Support plan

• is this issue currently blocking your project?: no
• is this issue affecting a production system?: no

Context

• node version: v18.2.0
• module version: 11.0.0
• environment (e.g. node, browser, native): node, browser
• used with (e.g. hapi application, another framework, standalone, ...): hapi app
• any other relevant information: no

How can we help?

In the documentation you write: "Consider rotating your cookie session password on a regular basis" but you fail to explain how to do this. Is straightforward if we restart the server every time we want to rotate the session password:

import yar from '@hapi/yar'
const server = new hapi.Server({ port })
const yarPlugin = {
    plugin: yar,
    options: {
      name: 'yarCookie',
      cookieOptions: {
        password: randomPassword(),
      }
    }
  }
await server.register(yarPlugin)

How can we do this without restarting the server?