mirror of
https://github.com/elastic/elasticsearch.git
synced 2025-04-24 23:27:25 -04:00
19e3036458
This commit adds support to reload the JWT shared secret. Notably this commit also includes support for a rotatable secret which includes support for a configurable grace period where the elder value (after rotation) is still accessible. This allows a time bound leniency where both values are valid at the same time to help mitigate tightly coupled systems rotations. The rotatable secret currently only supports checking if it is set or it matches an external secret. However, future updates will accept a function that can be be used as input to a 3rd party system that can try the current secret but automatically fall back to the prior secret if that fails during the grace period. The implementation of rotatable secret uses a StampedLock with optimistic reads to help ensure minimal performance impact for the reading and expiry of the secret. |
||
|---|---|---|
| .. | ||
| images | ||
| audit-settings.asciidoc | ||
| ccr-settings.asciidoc | ||
| common-defs.asciidoc | ||
| data-stream-lifecycle-settings.asciidoc | ||
| health-diagnostic-settings.asciidoc | ||
| ilm-settings.asciidoc | ||
| license-settings.asciidoc | ||
| ml-settings.asciidoc | ||
| monitoring-settings.asciidoc | ||
| notification-settings.asciidoc | ||
| security-hash-settings.asciidoc | ||
| security-settings.asciidoc | ||
| snapshot-settings.asciidoc | ||
| ssl-settings.asciidoc | ||
| transform-settings.asciidoc | ||