You dont usually want keys at all. At least in the sense of copy this key from system A and paste it...

dnnddidiej • yesterday at 11:30 PM • 1 reply • view on HN

You dont usually want keys at all. At least in the sense of copy this key from system A and paste it in this other place system B. Usually CI. You want some continual method of authentication and authorization.

Replies

serious_angel • yesterday at 11:34 PM

Some magnificent systems have APP_KEY/APP_SECRET that is also used for cookie and database encryption. A frequent rotation of this is... inadequate... in systems with high traffic, to say the least, and hence I am sorry, but I do not believe it's the "usual" desire. As always, it depends on the context and transaction scope.

  Related:
  - 1. https://symfony.com/doc/current/reference/configuration/framework.html#configuration-framework-secret
  - 2. https://laravel.com/docs/13.x/encryption#gracefully-rotating-encryption-keys

alt Hacker News

Replies