Details
-
Improvement
-
Status: Open
-
Trivial
-
Resolution: Unresolved
-
2.1.0, 2.0.0
Description
postinstall for traffic_ops has default number of secrets to keep as 10.
really no need to keep more than 2, and default should be only 1. The list is so if you create a new secret, any outstanding authentication cookies don't immediately get invalidated. So, the process should be to create a new secret, wait until max expiration has passed (during which any new cookies are created using the new secret), then remove the old secret.
Old secrets should not be kept any longer than that....