HMAC plugin - key rotation & encrypt secret possible out-of-the-box?

Hi to all,

Two questions about HMAC plugin by KONG.

1. How does the HMAC plugin rotate secrets?

In the HMAC rfc2104 document, section 3, there is a sentence about the keys in HMAC:

…periodic key refreshment is a fundamental security practice that helps against potential weaknesses…

https://datatracker.ietf.org/doc/html/rfc2104#section-3

How does the HMAC plugin provided by KONG ensure this?

The implementation of this plugin does not seem to meet this requirement, unless I have a misunderstanding of the descriptions in the documentation.

2. Does the HMAC plugin provide encryption of the secret column in the database?

https://github.com/Kong/kong/blob/master/kong/plugins/hmac-auth/migrations/000_base_hmac_auth.lua

In the table “hmacauth_credentials”, the column “secret” holds the value, using the type “text”. Is there any mechanism to encrypt this field ?

I will be grateful for your help.

Greetings,

Paul