← Back to context

Comment by dnnddidiej

14 hours ago

You dont usually want keys at all. At least in the sense of copy this key from system A and paste it in this other place system B. Usually CI. You want some continual method of authentication and authorization.

1 comment

dnnddidiej

Reply
serious_angel  14 hours ago

Some magnificent systems have APP_KEY/APP_SECRET that is also used for cookie and database encryption. A frequent rotation of this is... inadequate... in systems with high traffic, to say the least, and hence I am sorry, but I do not believe it's the "usual" desire. As always, it depends on the context and transaction scope.

  Related:
  - 1. https://symfony.com/doc/current/reference/configuration/framework.html#configuration-framework-secret
  - 2. https://laravel.com/docs/13.x/encryption#gracefully-rotating-encryption-keys