Here I am submitting a PR for a branch from @luos' fork that's under the core team review.
I have participated in discussions around it but authored no code at the time
of submission.
Add possibility to set a secondary secret to be able to migrate between
multiple secret values.
API was kept to be compatible with previous behaviour, ie. strings are
converted to binaries.
Encrypted values are now wrapped to be able to identify when a
decryption failed, as if the secret is invalid, it may succeed and
return junk data.
Here I am submitting a PR for a branch from @luos' fork that's under the core team review. I have participated in discussions around it but authored no code at the time of submission.
Add possibility to set a secondary secret to be able to migrate between multiple secret values.
API was kept to be compatible with previous behaviour, ie. strings are converted to binaries.
Encrypted values are now wrapped to be able to identify when a decryption failed, as if the secret is invalid, it may succeed and return junk data.