Skip to content

Add API Key Rotation Support for JWT RS256 Keys #1704

Description

@RUKAYAT-CODER

Overview

jwt-keys.pem is committed to the repo (even if only as a sample). Production deployments should use a secret manager, not file-system keys, and should support key rotation without downtime.

Specifications

Tasks:

  • Load JWT keys from JWT_PRIVATE_KEY / JWT_PUBLIC_KEY env vars
  • Support multiple public keys during rotation period
  • Document rotation procedure in docs/\n

Impacted Files:

  • BackEnd/src/modules/auth/strategies/jwt.strategy.tsn- BackEnd/.env.examplen

Acceptance Criteria:

  • Application reads keys from env vars, not PEM files
  • Old tokens remain valid during rotation window

Metadata

Metadata

Assignees

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions