NHacker Next
  • new
  • past
  • show
  • ask
  • show
  • jobs
  • submit
Lazy JWT Key Rotation in .NET: Redis-Powered JWKS That Just Works (aaronpina.com)
4 points by aaronpina 1 days ago | 2 comments
time4tea 7 minutes ago [-]
The key material is in redis? Seems odd. Should be in fips 140 hsm? Else key can be stolen easy.

Maybe missed something.

a_random_name 2 minutes ago [-]
(glanced at it so I could be wrong) They're talking about a public key that can be used to validate the JWT's authenticity. AFAIK there is no need to keep these secret, and it's not possible to (without breaking public key crypto) forge them so it should be safe to store them wherever.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact
Rendered at 17:16:04 GMT+0000 (Coordinated Universal Time) with Vercel.