OWASP-Application-Gateway

# Automatic Key Rotation

If you need more advanced key rotation, you can implement this by providing your own component. Implement the KeyRotation interface, give your component a unique name and configure it in the KeyManagement section of the settings. Note that depending on your implementation you might also have to provide different implementations for JWTSigner, KeyGenerator, JwkStore. Yet if you follow the guidance found in DefaultKeyRotation that should not be required.

@Component
public class MyKeyRotation implements KeyRotation {
// ...
}

Configuration:

KeyManagementProfile:
  keyRotationProfile:
    type: myKeyRotation
    useSigningKeyRotation: true
    signingKeyRotationSeconds: 28800
    cleanupFrequencySeconds: 10000

See also:
JWT Signer (add custom new signature type to JWT) (opens new window)
Key management and JWT signer (opens new window)

Overview