Feature Request/Suggestion:
⚔️Security
Feature RequestSuggestion:
Having Multiple Versions/Vars which are assignable within a Secret (Cloudflare Secrets Store)
Scenario:
Assume there is a Secret that is used to encrypt some fields in the D1 Db
now, the secret got leaked somehow, so the developer wants to rotate (encrypt new requests with new secret, meanwhile - use the old secret for already encrypted data)
Feature:
1. Before Leaking
Secret Name : DB_SECRET
variable 1 : DB_SECRET.CURRENT - abc123
2. Rotating Secret
( DB_SECRET.PREVIOUS = DB_SECRET.CURRENT ;
DB_SECRET.CURRENT = def456)
variable 1 : DB_SECRET.CURRENT - def456
variable 2 : DB_SECRET.PREVIOUS - abc123
3. After handling all the old encrypted data
variable 1 : DB_SECRET.CURRENT - def456
variable 2 : removed
This way we can store the secrets just in the SecretsStore
nowhere else is required (less chance of leaking)
Having Multiple Versions/Vars which are assignable within a Secret (Cloudflare Secrets Store)
Scenario:
Assume there is a Secret that is used to encrypt some fields in the D1 Db
now, the secret got leaked somehow, so the developer wants to rotate (encrypt new requests with new secret, meanwhile - use the old secret for already encrypted data)
Feature:
1. Before Leaking
Secret Name : DB_SECRET
variable 1 : DB_SECRET.CURRENT - abc123
2. Rotating Secret
( DB_SECRET.PREVIOUS = DB_SECRET.CURRENT ;
DB_SECRET.CURRENT = def456)
variable 1 : DB_SECRET.CURRENT - def456
variable 2 : DB_SECRET.PREVIOUS - abc123
3. After handling all the old encrypted data
variable 1 : DB_SECRET.CURRENT - def456
variable 2 : removed
This way we can store the secrets just in the SecretsStore
nowhere else is required (less chance of leaking)
Welcome to the official Cloudflare Developers server. Here you can ask for help and stay updated with the latest news
87,353Members
Resources
Similar Threads
Was this page helpful?
