See [https://groups.google.com/forum/#!msg/django-developers/jg-
eu3HtLHI/V_rbzYKfAQAJ the discussion in django-developers] for a longer
explanation and discussion.
--
Ticket URL: <https://code.djangoproject.com/ticket/30360>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Comment (by Andreas Pelme):
I have started working on this and will work on it during the Djangocon
2019 sprints tomorrow.
--
Ticket URL: <https://code.djangoproject.com/ticket/30360#comment:1>
* needs_better_patch: 0 => 1
* has_patch: 0 => 1
* needs_tests: 0 => 1
* needs_docs: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/30360#comment:2>
Old description:
> Having the possibility to use the secret key from other sources than
> settings and being able to verify signatures with old secret keys would
> improve security in a number of ways.
>
> See [https://groups.google.com/forum/#!msg/django-developers/jg-
> eu3HtLHI/V_rbzYKfAQAJ the discussion in django-developers] for a longer
> explanation and discussion.
New description:
Having the possibility to rotate the secret key would be nice.
See [https://groups.google.com/forum/#!msg/django-developers/jg-
eu3HtLHI/V_rbzYKfAQAJ the discussion in django-developers] for a longer
explanation and discussion.
--
--
Ticket URL: <https://code.djangoproject.com/ticket/30360#comment:3>
* type: Uncategorized => New feature
* version: 2.2 => master
* stage: Unreviewed => Accepted
Comment:
[https://github.com/django/django/pull/11198 PR]
--
Ticket URL: <https://code.djangoproject.com/ticket/30360#comment:4>
* cc: Ryan Hiebert (added)
--
Ticket URL: <https://code.djangoproject.com/ticket/30360#comment:5>
* needs_better_patch: 1 => 0
* needs_tests: 1 => 0
* needs_docs: 1 => 0
--
Ticket URL: <https://code.djangoproject.com/ticket/30360#comment:6>
* owner: Andreas Pelme => tim-schilling
Comment:
[https://github.com/django/django/pull/15198 New PR] adding
`SECRET_KEY_FALLBACKS` based on discussion/reviews of previous approaches.
--
Ticket URL: <https://code.djangoproject.com/ticket/30360#comment:7>
* needs_better_patch: 0 => 1
* needs_tests: 0 => 1
* needs_docs: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/30360#comment:8>
* needs_better_patch: 1 => 0
* needs_tests: 1 => 0
--
Ticket URL: <https://code.djangoproject.com/ticket/30360#comment:9>
* needs_docs: 1 => 0
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/30360#comment:10>
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"0dcd549bbe36c060f536ec270d34d9e7d4b8e6c7" 0dcd549b]:
{{{
#!CommitTicketReference repository=""
revision="0dcd549bbe36c060f536ec270d34d9e7d4b8e6c7"
Fixed #30360 -- Added support for secret key rotation.
Thanks Florian Apolloner for the implementation idea.
Co-authored-by: Andreas Pelme <and...@pelme.se>
Co-authored-by: Carlton Gibson <carlton...@noumenal.es>
Co-authored-by: Vuyisile Ndlovu <terra...@gmail.com>
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/30360#comment:11>