HMAC plugin - key rotation & encrypt secret possible out-of-the-box?

Hi to all,

Two questions about HMAC plugin by KONG.

1. How does the HMAC plugin rotate secrets?

In the HMAC rfc2104 document, section 3, there is a sentence about the keys in HMAC:

…periodic key refreshment is a fundamental security practice that helps against potential weaknesses…

How does the HMAC plugin provided by KONG ensure this?

The implementation of this plugin does not seem to meet this requirement, unless I have a misunderstanding of the descriptions in the documentation.

2. Does the HMAC plugin provide encryption of the secret column in the database?

In the table “hmacauth_credentials”, the column “secret” holds the value, using the type “text”. Is there any mechanism to encrypt this field ?

I will be grateful for your help.