[DOC] Update JWT signing key setting use

[stephen-crawford]

What do you want to do?

• [x] Request a change to existing documentation
• [ ] Add new documentation
• [ ] Report a technical problem with the documentation
• [ ] Other

Tell us about your request. Provide a summary of the request.

In this change https://github.com/opensearch-project/security/pull/4632, support for multiple signing keys was added when configuring the JWT auth domain settings for OpenSearch with Security. With the new support, you can add a list of singing_keys to your configuration allowing you to provide a backup key which ultimately avoids downtime during key rotation scenarios.

Given a minimum of two keys (Key1 and Key2) consider:

1. You start sending requests using Pair1
2. You decide it is time to rotate Pair1 taking Key1 offline
3. Now you can start sending requests with Pair2 while updating the configuration to contain Key2 and Key3.
4. During the update you can still use Pair2 to send requests

Previously, you would run into trouble because with only one key, as soon as your rotated Pair1, you would have to wait for the cluster to come back online with the new configuration for Pair2 before you could resume sending requests via JWTs.

*Version: List the OpenSearch version to which this issue applies, e.g. 2.14, 2.12--2.14, or all.

Currently the change is in main, but it will be a 2.17 change.

What other resources are available? Provide links to related issues, POCs, steps for testing, etc.

please checkout the associated code change fro a more in-depth explanation.

[Naarcha-AWS]

Thanks for the info @stephen-crawford! Should we wait to make a PR for this until its merged into Main?

[stephen-crawford]

Hi @Naarcha-AWS, yeah, I think we can wait until it is merged in.