Graphorin API reference v0.1.0
Graphorin API reference / @graphorin/security / / rotatePepper
Function: rotatePepper()
ts
function rotatePepper(options): Promise<{
skipped: number;
updated: number;
}>;Defined in: packages/security/src/auth/crud.ts:194
Re-HMAC every token row with a new pepper. The previous pepper is required to derive the per-row plaintext via re-hashing — the function therefore only supports the rolling-deployment use case where the framework still holds the old pepper at the time of rotation.
The store update is per-row; the caller is responsible for running the helper inside an outer transaction when atomicity matters.
Returns the number of rows the helper would update; when dryRun: true the store is not touched.
Parameters
| Parameter | Type |
|---|---|
options | { dryRun?: boolean; newPepper: SecretValue; oldHashLookup: (id) => Promise<string | null>; recomputeHash: (id, oldHashHex) => Promise<string | null>; tokenStore: AuthTokenStore; } |
options.dryRun? | boolean |
options.newPepper | SecretValue |
options.oldHashLookup | (id) => Promise<string | null> |
options.recomputeHash | (id, oldHashHex) => Promise<string | null> |
options.tokenStore | AuthTokenStore |
Returns
Promise<{ skipped: number; updated: number; }>