You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
With this change, Signer and Serializer can accept a list of secret keys. For instance,
In 2019/09, we are using a as the secret key
In 2019/10, we are going to use b as the secret key
For 2019/09, we will use Serializer(['a']), and later in 10, we will use Serializer(['a', 'b']). Now the old dumped values can still be loaded, because a is in secret keys. But it will dump new value with secret key b in 2019/10.
Later, we can remove a from the secret keys, since it is not used anymore. Maybe in 2019/11.
I'll write some documentation and push it before merging. The most important part seems to be documenting that the secret_key list is in order of oldest to newest key. This makes sense (use .append to add a new key), but my first instinct was that the first item was the first key.
I think you removed secret_key= so it wasn't implied to be a named parameter? After thinking about it, I think it should remain secret_key, as the common use case is probably to use one key rather than rotation. Internally the name secret_keys is fine, and I'll ad a secret_key property as ThiefMaster mentioned.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
None yet
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This change is designed for pallets/flask#1574
With this change,
SignerandSerializercan accept a list of secret keys. For instance,aas the secret keybas the secret keyFor 2019/09, we will use
Serializer(['a']), and later in 10, we will useSerializer(['a', 'b']). Now the old dumped values can still be loaded, becauseais in secret keys. But it will dump new value with secret keybin 2019/10.Later, we can remove
afrom the secret keys, since it is not used anymore. Maybe in 2019/11.