Description
The current tests verify encryption and decryption using a single static NEXTAUTH_SECRET, but do not validate behavior when secrets change.
Problem
Applications may rotate encryption keys during deployments.
Existing encrypted data may become unreadable.
Failure behavior is not documented or tested.
Proposed Solution
Add tests that encrypt with one secret and attempt decryption with another.
Verify proper error handling and failure messages.
Document expected behavior for secret rotation scenarios.
Expected Outcome
Better understanding of key rotation impacts and safer deployment practices.
Description
The current tests verify encryption and decryption using a single static NEXTAUTH_SECRET, but do not validate behavior when secrets change.
Problem
Applications may rotate encryption keys during deployments.
Existing encrypted data may become unreadable.
Failure behavior is not documented or tested.
Proposed Solution
Add tests that encrypt with one secret and attempt decryption with another.
Verify proper error handling and failure messages.
Document expected behavior for secret rotation scenarios.
Expected Outcome
Better understanding of key rotation impacts and safer deployment practices.