Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(core): Add support for secret key rotation #1039

Merged
merged 4 commits into from
Nov 16, 2024

Conversation

jamesejr
Copy link
Contributor

This PR adds support for secret key rotation and fixes #1038

@jwag956
Copy link
Collaborator

jwag956 commented Nov 15, 2024

This iooks great - thanks! The test failures are due to latest Flask 3.1 which I am looking into in the next few days.

Copy link

codecov bot commented Nov 15, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.36%. Comparing base (7f3977d) to head (6a971a6).
Report is 1 commits behind head on main.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #1039   +/-   ##
=======================================
  Coverage   98.36%   98.36%           
=======================================
  Files          37       37           
  Lines        4762     4764    +2     
=======================================
+ Hits         4684     4686    +2     
  Misses         78       78           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Copy link
Collaborator

@jwag956 jwag956 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks

.. py:data:: SECRET_KEY_FALLBACKS

This is a list of old secret keys that can still be used to unsign tokens
that were created with previous secret keys.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you add the same wording as above - that is is a Flask (>=3.1) configuration used by Flask-Security. I would also remove the 'default' since we don't control that - users should look at the Flask documentation.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated! Let me know what you think. Happy to change it again if you prefer something different. Thanks for the quick review!

@jwag956 jwag956 merged commit 17ff0eb into pallets-eco:main Nov 16, 2024
17 checks passed
@jamesejr jamesejr deleted the secret-key-rotation branch November 16, 2024 05:39
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 28, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Development

Successfully merging this pull request may close these issues.

Add support for secret_key rotation
2 participants