yar icon indicating copy to clipboard operation
yar copied to clipboard

Published 20 hours ago verified publisher icon hapijs

Password rotation

Open simoncarbajal opened this issue 1 year ago • 0 comments

Support plan

  • is this issue currently blocking your project?: no
  • is this issue affecting a production system?: no

Context

  • node version: v18.2.0
  • module version: 11.0.0
  • environment (e.g. node, browser, native): node, browser
  • used with (e.g. hapi application, another framework, standalone, ...): hapi app
  • any other relevant information: no

How can we help?

In the documentation you write: "Consider rotating your cookie session password on a regular basis" but you fail to explain how to do this. Is straightforward if we restart the server every time we want to rotate the session password:

import yar from '@hapi/yar'
const server = new hapi.Server({ port })
const yarPlugin = {
    plugin: yar,
    options: {
      name: 'yarCookie',
      cookieOptions: {
        password: randomPassword(),
      }
    }
  }
await server.register(yarPlugin)

How can we do this without restarting the server?

simoncarbajal avatar Aug 31 '22 18:08 simoncarbajal