Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(core): Add support for secret key rotation #1039

Merged
merged 4 commits into from
Nov 16, 2024
Merged

feat(core): Add support for secret key rotation #1039

merged 4 commits into from
Nov 16, 2024

Conversation

jamesejr
Copy link
Contributor

This PR adds support for secret key rotation and fixes #1038

@jwag956
Copy link
Collaborator

jwag956 commented Nov 15, 2024

This iooks great - thanks! The test failures are due to latest Flask 3.1 which I am looking into in the next few days.

@codecov Codecov
Copy link

codecov bot commented Nov 15, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.36%. Comparing base (7f3977d) to head (6a971a6).
Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1039   +/-   ##
=======================================
  Coverage   98.36%   98.36%           
=======================================
  Files          37       37           
  Lines        4762     4764    +2     
=======================================
+ Hits         4684     4686    +2     
  Misses         78       78

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

jwag956
jwag956 requested changes Nov 15, 2024
View reviewed changes
Copy link
Collaborator

@jwag956 jwag956 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks

docs/configuration.rst Outdated
.. py:data:: SECRET_KEY_FALLBACKS

This is a list of old secret keys that can still be used to unsign tokens
that were created with previous secret keys.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you add the same wording as above - that is is a Flask (>=3.1) configuration used by Flask-Security. I would also remove the 'default' since we don't control that - users should look at the Flask documentation.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated! Let me know what you think. Happy to change it again if you prefer something different. Thanks for the quick review!

@jwag956 jwag956 merged commit 17ff0eb into pallets-eco:main Nov 16, 2024
17 checks passed
@jamesejr jamesejr deleted the secret-key-rotation branch November 16, 2024 05:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jwag956 jwag956 jwag956 approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add support for secret_key rotation
2 participants
@jamesejr @jwag956