Custom::RotatingSecret to generate primary/secondary secrets
Closed this issue · 1 comments
ragogitpub commented
Hello
We are using this resource a lot.
What we wanted to do was to have primary and secondary secrets.
Encrypting code would always encrypt from primary secret, while decrypting code would first try primary and if it fails then secondary.
At a set interval then, we would
- move primary secret to secondary
- generate a new primary and store it in primary secret
This would allow us to have a rotating secret.
Would it be possible to enhance this to support something like Custom::RotatingSecret with (a) cron expression (b) primary ssm (c) secondary ssm ?
Thank you
mvanholsteijn commented
I totally missed this! Sorry. Why not use a secrets manager secret instead? It has all the mechanics of you need.