Master secret key to validate JWT Token


#1

To validate the JWT token, jwt plugins decode the token to get the key and then read the secret key mapped to it from cache/database.

We have a use case where one consumer have 52 million credentials(52 million records in the jwt_secrets table against one consumer) and this still growing.

For this size of large-scale, having the different secret per key would be ineffective for JWT validation.

Is there any way like having a single master secret key to validate all the jwt tokens or at least tokens issued for one consumer. Is this practical?