The docs on SECRET_KEY and SECRET_KEY_FALLBACKS seem to indicate that the way to do rotate this key is to generate a new one, and add the old one to SECRET_KEY_FALLBACKS for some period of time. This feels problematic to me in a distributed environment where the server has many instances running - I wanted to clarify if my thinking is correct.
If I generate a new SECRET_KEY & roll it out incrementally - a few instances of my service at a time - sessions which use that new SECRET_KEY - the login happened on a newer instances - will fail if subsequent requests to attempt to be handled on the older instances.
It feels to me like the process needs to be
- Generate the new key
- Add the new key as a FALLBACK and roll out to all instances
- Move the new key to SECRET_KEY and the old key to FALLBACK.
- Roll that out incrementally
- Delete the FALLBACK
Posting mostly to see if my understanding is correct.