Comment by serious_angel

16 hours ago

Some magnificent systems have APP_KEY/APP_SECRET that is also used for cookie and database encryption. A frequent rotation of this is... inadequate... in systems with high traffic, to say the least, and hence I am sorry, but I do not believe it's the "usual" desire. As always, it depends on the context and transaction scope.

  Related:
  - 1. https://symfony.com/doc/current/reference/configuration/framework.html#configuration-framework-secret
  - 2. https://laravel.com/docs/13.x/encryption#gracefully-rotating-encryption-keys

0 comments

serious_angel

No comments yet

Contribute on Hacker News ↗