Add ability to migrate from one secret key to another

Question

Add ability to migrate from one secret key to another

ansal-exp opened this issue 5 years ago · 6 comments

I have tried to update the secret key. But no luck as the library returns error.

Error: Could not decrypt state. Please verify that you are using the correct secret key

Do anyone has any idea about implementing or updating the secret key used for the decryption. It's ok if have to throw old saved state.

Answer 1 · 2019-09-13T10:23:44.000Z

You would have to have to keep the previous key to decrypt it initially then encrypt it with the new key. Not sure how you'd implement that but it's essentially like trying to log in an account with a different password to the one that's stored.

Answer 2 · 2019-09-13T10:40:29.000Z

I have implemented the same in a fork. yeah, I don't feel great about it. But we need to change the password. It would be helpful if we can add it on the home page as a warning.

Answer 3 · 2019-09-13T13:17:28.000Z

@ansal-exp This sounds like a good idea. It would probably be possible to support something like an oldSecretKey option that would handle the conversion from an old secret key to a new one.

Answer 4 · 2020-07-17T09:55:01.000Z

same issue

Answer 5 · 2020-10-17T19:06:42.000Z

Thinking about this a bit more, I think that migrating from one secret key to another might be something that has to take place in user land. At the very least, I think it needs to exist at a scope higher than a single transform.

The reason being that the encrypt transform has no idea about the current state of the store (Is it encrypted? Is it encrypted with a different key?).

Answer 6 · 2023-03-25T14:29:47.000Z

Closing this issue since I don't plan to look into this.

Seems like something that needs to happen in the consuming application.