Enable changing the API Secret in case it is compromised

silinternational / serverless-mfa-api

A Serverless API for registering and validating Multi-Factor Authentication methods. Currently supports Time-based One Time Passwords (TOTP) and FIDO U2F devices (YubiKeys).

MIT License

12 stars 8 forks source link

Enable changing the API Secret in case it is compromised #6

Open forevermatt opened 7 years ago

forevermatt commented 7 years ago

This would require a call from the API consumer that provides the API Secret, which we could then use to decrypt the TOTP Keys, re-encrypting them with a new API Secret that we then return to the consumer.

devon-sil commented 6 months ago

Putting in backlog to consider.