support for rotating secret keys?

[coreybrett]

Is there any support for rotating secret keys in Flask?

I would like to use http://securekey.heroku.com/ as a source.

[ThiefMaster]

You don't want to rotate your secret key unless you are ok with invalidating all sessions (or any other itsdangerous-like signatures based on it) whenever you rotate it.

So this would require some changes to Flask and possibly itsdangerous (to support multiple secret keys)...

[coreybrett]

I think the idea with http://securekey.heroku.com/ is that when the keys
are rotated, the old key sticks around and is available until the next
rotation.

On Mon, Sep 28, 2015 at 11:39 AM, Adrian notifications@github.com wrote:

You don't want to rotate your secret key unless you are ok with
invalidating all sessions (or any other itsdangerous-like signatures based
on it) whenever you rotate it.

—
Reply to this email directly or view it on GitHub
#1574 (comment).

[davidism]

I don't see how this could be worked into Flask. The entire ecosystem assumes the secret key is a single value. Flask only uses the secret key for the session cookie, so an extension could easily provide a different interface for choosing the old secret key if necessary to update the signature. The problem would be getting every other third-party thing that grabs the secret key to allow for it returning more than one value.

There's also no way to choose one key at the start of the request. Even if we can determine that the session was signed with a given key, we can't know that a token wasn't generated with a different one somewhere else, so the system would always have to read the available keys and try each one and know how to update.

I can't justify the added complexity over making sure your single secret key is sufficiently long and random and not disclosing it. If you need this, it's something you'll need to implement locally.

[joshma]

Overall, secret key rotation is an industry standard, and I think it's something that is difficult to do without native Flask support. In my opinion, assuming a single key will never be disclosed can be a bad assumption to make - securekey.heroku.com is an example of this being important, and many APIs (e.g. Stripe) will allow you to rotate keys as well.

I think the assumption with key rotation is that the old key is only kept around for a given period of time, and after that period it is acceptable to reject tokens generated with the old one. As far as only session encryption goes, it seems like it'd be pretty simple (in concept at least) to identify which key was used by including a fingerprint, erroring if that key is not available, and otherwise happily using that key to attempt to decrypt/verify. When rotating, the server can respond with a session signed by the new key, and the client will have transparently been switched over. The only issue here is with clients who don't connect after the rotation period is over - this is generally outside the expiration window for sessions anyways, or is at least acceptable in the scenario where a key needs to be updated.

I'm only familiar with Flask as an end user, so there's likely pieces of the ecosystem that I'm very unfamiliar with, but my guess is that it's OK for those usages to break on older versions of the key.

@davidism would love to hear your thoughts on this!

[joshma]

Sorry, I misspoke - I guess it's possible to implement an independent session library that supports key rotation, but it'd feel like re-inventing most of the wheel, and when it comes to security it seems better for it to receive first-class support. Maybe that's just contrary to the Flask way though.