0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-16 20:26:19 -05:00
logto/.changeset/unlucky-lizards-agree.md

24 lines
944 B
Markdown
Raw Normal View History

---
"@logto/cli": minor
---
**CLI**
**Rotate your private or secret key**
2022-11-07 06:26:56 -05:00
We add a new command `db config rotate <key>` to support key rotation via CLI.
2022-11-07 06:26:56 -05:00
When rotating, the CLI will generate a new key and prepend to the corresponding key array. Thus the old key is still valid and the service will use the new key for signing.
Run `logto db config rotate help` for detailed usage.
2022-11-07 06:26:56 -05:00
**Trim the private or secret key you don't need**
2022-11-07 06:26:56 -05:00
If you want to trim one or more out-dated private or secret key(s) from the config, use the command `db config trim <key>`. It will remove the last item (private or secret key) in the array.
You may remove the old key after a certain period (such as half a year) to allow most of your users have time to touch the new key.
If you want to remove multiple keys at once, just append a number to the command. E.g. `logto db config trim oidc.cookieKeys 3`.
Run `logto db config trim help` for detailed usage.