-
Type:
Improvement
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: Trunk
-
Fix Version/s: None
-
Component/s: framework
-
Labels:None
There are several more or less ways to keep a JWT secret key safe. They are documented here
An even not costly and safer way is to use a JWT keyprovider . I think we should consider to do something like in the example demonstrated in this page, and as suggested there:
"with a simple key rotation using JWKS, try the jwks-rsa-java library."