Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow for easy key-rotation #37

Open
elgreg opened this issue Mar 28, 2024 · 0 comments · May be fixed by #38
Open

Allow for easy key-rotation #37

elgreg opened this issue Mar 28, 2024 · 0 comments · May be fixed by #38

Comments

@elgreg
Copy link

elgreg commented Mar 28, 2024

The current implementation of the key strategy for passport makes it hard to rotate the CLAY_ACCESS_TOKEN. For a start, could the key.js strategy fallback to also check a previous token (we'd have to define that all the way through). e.g.

diff --git a/strategies/key.js b/strategies/key.js
index d6b0d23..a74636a 100644
--- a/strategies/key.js
+++ b/strategies/key.js
@@ -10,7 +10,8 @@ const passport = require('passport'),
  * @param {function} done
  */
 function apiCallback(apikey, done) {
-  if (apikey === process.env.CLAY_ACCESS_KEY) {
+  if (apikey === process.env.CLAY_ACCESS_KEY || 
+      apikey === process.env.PREVIOUS_CLAY_ACCESS_KEY) {
     // If we're using an API Key then we're assuming the user is
     // has admin privileges by defining the auth level in the next line
     done(null, { provider: 'apikey', auth: 'admin' });

elgreg added a commit to slategroup/amphora-auth that referenced this issue May 31, 2024
Fixes clay#37

This will allow us to have servers using both the old and new access
keys as we are rotating keys.
elgreg added a commit to slategroup/amphora-auth that referenced this issue May 31, 2024
Fixes clay#37

This will allow us to have servers using both the old and new access
keys as we are rotating keys.
@elgreg elgreg linked a pull request May 31, 2024 that will close this issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant