NAME

    Mojolicious::Plugin::AutoSecrets - Automatic, Rotating Mojolicious
    Secrets

SYNOPSIS

      # Mojolicious
      $self->plugin('AutoSecrets');
    
      $self->plugin('AutoSecrets' => {path => '/my/favorite/hiding/spot'});
    
      # Mojolicious::Lite
      plugin 'AutoSecrets';

DESCRIPTION

    Mojolicious::Plugin::AutoSecrets is a Mojolicious plugin that takes
    care of generating, storing, and rotating your "secrets" in
    Mojolicious.

 WARNING

    Secrets are used to ensure integrity and trust Mojolicious default
    session cookies. Letting code manage them means that code becomes part
    of your security. Read this documentation and review this code!

    Take it from me, never trust a programmer.

OVERVIEW

    Mojolicious::Plugin::AutoSecrets requires no configuration, but does
    support a few options:

 path

    Default: .mojo-secrets in "home" in Mojolicious

    Accepts any file path for storing secrets and checking age. It will be
    created if it doesn't exist.

 mode

    Default: 0600

    The file mode set when creating "path".

 expire_days

    Default: 60

    After "expire_days" days, generate a new secret and add it to the front
    of the list.

 prune

    Default: 3

    The secrets list will be pruned to this size as it is rotated.

 generator

    Default: Mojolicious::Plugin::AutoSecrets::generator

    Allows specifying a code ref that will be invoked with no arguments to
    generate a new secret when necessary.

INHERITANCE

    Mojolicious::Plugin::AutoSecrets inherits all methods and attributes
    from Mojolicious::Plugin and implements the following.

METHODS

 register

      $plugin->register(Mojolicious->new);

    Register plugin in Mojolicious application. Upon registration, this
    plugin will generate, and store and rotate if necessary, secrets for
    the application. An optional config hashref may tweak behavior, see
    "OVERVIEW".

    If there are secrets already set at the time register executes, those
    secrets will not be stored as managed secrets in "path", and managed
    secrets will be placed before existing secrets. This should make it
    easy to move to or from AutoSecrets.

FUNCTIONS

 generator

    The default secret generator, using Session::Token

SEE ALSO

      * Mojolicious

      * Mojolicious::Sessions

      * "signed_cookie" in Mojolicious::Controller

AUTHOR

    Meredith Howard <mhoward@cpan.org>

COPYRIGHT AND LICENSE

    This software is copyright (c) 2018 by Meredith Howard.

    This is free software; you can redistribute it and/or modify it under
    the same terms as the Perl 5 programming language system itself.