Mojolicious::Plugin::AutoSecrets - Automatic, Rotating Mojolicious Secrets
# Mojolicious $self->plugin('AutoSecrets'); $self->plugin('AutoSecrets' => {path => '/my/favorite/hiding/spot'}); # Mojolicious::Lite plugin 'AutoSecrets';
Mojolicious::Plugin::AutoSecrets is a Mojolicious plugin that takes care of generating, storing, and rotating your "secrets" in Mojolicious.
Secrets are used to ensure integrity and trust Mojolicious default session cookies. Letting code manage them means that code becomes part of your security. Read this documentation and review this code!
Take it from me, never trust a programmer.
Mojolicious::Plugin::AutoSecrets requires no configuration, but does support a few options:
Default: .mojo-secrets in "home" in Mojolicious
.mojo-secrets
Accepts any file path for storing secrets and checking age. It will be created if it doesn't exist.
Default: 0600
0600
The file mode set when creating "path".
Default: 60
60
After "expire_days" days, generate a new secret and add it to the front of the list.
Default: 3
3
The secrets list will be pruned to this size as it is rotated.
Default: Mojolicious::Plugin::AutoSecrets::generator
Mojolicious::Plugin::AutoSecrets::generator
Allows specifying a code ref that will be invoked with no arguments to generate a new secret when necessary.
Mojolicious::Plugin::AutoSecrets inherits all methods and attributes from Mojolicious::Plugin and implements the following.
$plugin->register(Mojolicious->new);
Register plugin in Mojolicious application. Upon registration, this plugin will generate, and store and rotate if necessary, secrets for the application. An optional config hashref may tweak behavior, see "OVERVIEW".
If there are secrets already set at the time register executes, those secrets will not be stored as managed secrets in "path", and managed secrets will be placed before existing secrets. This should make it easy to move to or from AutoSecrets.
The default secret generator, using Session::Token
Mojolicious
Mojolicious::Sessions
"signed_cookie" in Mojolicious::Controller
Meredith Howard <mhoward@cpan.org>
This software is copyright (c) 2019 by Meredith Howard.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.
To install Mojolicious::Plugin::AutoSecrets, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Mojolicious::Plugin::AutoSecrets
CPAN shell
perl -MCPAN -e shell install Mojolicious::Plugin::AutoSecrets
For more information on module installation, please visit the detailed CPAN module installation guide.