Overview
jwt-keys.pem is committed to the repo (even if only as a sample). Production deployments should use a secret manager, not file-system keys, and should support key rotation without downtime.
Specifications
Tasks:
- Load JWT keys from JWT_PRIVATE_KEY / JWT_PUBLIC_KEY env vars
- Support multiple public keys during rotation period
- Document rotation procedure in docs/\n
Impacted Files:
- BackEnd/src/modules/auth/strategies/jwt.strategy.ts
n- BackEnd/.env.examplen
Acceptance Criteria:
- Application reads keys from env vars, not PEM files
- Old tokens remain valid during rotation window
Overview
jwt-keys.pem is committed to the repo (even if only as a sample). Production deployments should use a secret manager, not file-system keys, and should support key rotation without downtime.
Specifications
Tasks:
Impacted Files:
n- BackEnd/.env.examplenAcceptance Criteria: