Rotating the JSON web token (JWT) secret

Home

Rotating the JSON web token (JWT) secret

The API tokens and the login tokens in Unravel are JSON web tokens (JWT). The JWT secret, which is used to sign the JWT token should be periodically rotated to increase security. You can set the rotation of JWT secret to prevent the violation of the JWT secret.

To rotate the JWT secret, do the following:

Stop Unravel.

<Unravel installation directory>/unravel/manager stop

Run the following command:
```
<Unravel installation directory>/unravel/manager support reset-jwt-key
```
Note
The existing API and login tokens get automatically invalidated after you execute this command.

Apply the changes.

<Unravel installation directory>/unravel/manager config apply

Start Unravel.

<Unravel installation directory>/unravel/manager start

Tip

Unravel recommends rotating the JWT secret every six months.

In this section:

Would you like to provide feedback? Just click here to suggest edits.

Home

Rotating the JSON web token (JWT) secret

Note

Tip

Search results