Master secret key to validate JWT Token


To validate the JWT token, jwt plugins decode the token to get the key and then read the secret key mapped to it from cache/database.

We have a use case where one consumer have 52 million credentials(52 million records in the jwt_secrets table against one consumer) and this still growing.

For this size of large-scale, having the different secret per key would be ineffective for JWT validation.

Is there any way like having a single master secret key to validate all the jwt tokens or at least tokens issued for one consumer. Is this practical?