When using ActiveSupport::MessageVerifier#rotate it’s not possible to know if a rotated key still in use.
As an example, if we need to change a key because it was leaked, we need to know when we can remove the leaked one completely.
I have 3 different suggestions for that:
change the method
MessageVerifier#verifyto return an object to encapsulate the value and the key (truncated) that was used. The downside of this approach is to break compatibility with the current version
almost the same as 1) but using an extra option in the method
verifyto enable this behaviour
ActiveSupport::Notificationsto report that
With this information (which key was used), it would be possible to create a counter metric to measure that.