yar
yar copied to clipboard
Password rotation
Support plan
- is this issue currently blocking your project?: no
- is this issue affecting a production system?: no
Context
- node version: v18.2.0
- module version: 11.0.0
- environment (e.g. node, browser, native): node, browser
- used with (e.g. hapi application, another framework, standalone, ...): hapi app
- any other relevant information: no
How can we help?
In the documentation you write: "Consider rotating your cookie session password on a regular basis" but you fail to explain how to do this. Is straightforward if we restart the server every time we want to rotate the session password:
import yar from '@hapi/yar'
const server = new hapi.Server({ port })
const yarPlugin = {
plugin: yar,
options: {
name: 'yarCookie',
cookieOptions: {
password: randomPassword(),
}
}
}
await server.register(yarPlugin)
How can we do this without restarting the server?