This repository was archived by the owner on Dec 13, 2023. It is now read-only.
File tree Expand file tree Collapse file tree 1 file changed +9
-4
lines changed Expand file tree Collapse file tree 1 file changed +9
-4
lines changed Original file line number Diff line number Diff line change @@ -116,9 +116,14 @@ servers) and directly store them in your secret management tool.
116116
117117## Rotating encryption keys
118118
119- It is possible to rotate the user supplied encryption key by sending a POST
119+ <!-- TODO: What are we talking about here? Encryption at rest or transport encryption? -->
120+
121+ It is possible to rotate the user supplied encryption key(s) by sending a POST
120122request to the ` /_admin/server/jwt ` endpoint. The file supplied via
121- ` --rocksdb.encryption-keyfile ` will be reloaded and the internal encryption
122- key will be re-encrypted with the new user key.
123+ ` --server.jwt-secret-keyfile ` or the secrets in the folder supplied via
124+ ` --server.jwt-secret-folder ` will be reloaded and the internal encryption
125+ key(s) will be re-encrypted with the new user key(s).
123126
124- Also see [ Hot-Reload of JWT Secrets] ( http/general.html#hot-reload-of-jwt-secrets ) .
127+ Also see:
128+ - [ Hot-Reload of JWT Secrets] ( http/general.html#hot-reload-of-jwt-secrets ) .
129+ - [ Trigger a reload of the TLS data] ( http/administration-and-monitoring.html#trigger-a-reload-of-the-tls-data-and-return-a-summary ) .
You can’t perform that action at this time.
0 commit comments