OWASP-Application-Gateway

Appearance

Automatic Key Rotation

If you need more advanced key rotation, you can implement this by providing your own component. Implement the KeyRotation interface, give your component a unique name and configure it in the KeyManagement section of the settings. Note that depending on your implementation you might also have to provide different implementations for JWTSigner, KeyGenerator, JwkStore. Yet if you follow the guidance found in DefaultKeyRotation that should not be required.

Java
@Component
public class MyKeyRotation implements KeyRotation {
// ...
}

Configuration:

yaml
KeyManagementProfile:
  keyRotationProfile:
    type: myKeyRotation
    useSigningKeyRotation: true
    signingKeyRotationSeconds: 28800
    cleanupFrequencySeconds: 10000

See also:
JWT Signer (add custom new signature type to JWT)
Key management and JWT signer

Open-source Apache 2 Licensed | Powered by a lot of love ❤️ (and code)

Copyright © OAG Contributors