This repository has been archived by the owner on Nov 21, 2023. It is now read-only.
Support multiple secrets for secret rotation #20
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this change?
This change builds on guardian/hmac-headers#20 to support passing a list of secrets to check for validity. The intention is to allow for safe secret rotation as described in https://github.com/guardian/birthdays/pull/180
We attempt to make this a "soft" change and continue to support the existing interface, but add a deprecation notice for consumers warning it's going to change soon.
See https://github.com/guardian/birthdays/pull/183 for an example of downstream use.
Depends: guardian/hmac-headers#20
How to test
Run
sbt test
How can we measure success?
Consumers are able to support secret rotation more easily in their projects.
Have we considered potential risks?
Changing authentication code has the potential to disrupt consuming services if an interface changes, we attempt to keep it the same here.