Hacker News new | past | comments | ask | show | jobs | submit login

Neat idea.

I’m afraid you won’t be able to ever rotate that key, would you? Since it’s result is externally used as an identifier, you would have to rotate the external identifiers, too.




Assuming you have a table where the identifiers are stored you'd have the internal one (UUIDv7) and the encrypted version from it (external id).

You could rotate encryption keys whenever you want for new external id calculation, so that older external ids won't change (as they are external, they need to stay immutable).


If you're storing the identifiers then you don't need encryption, you just generate a UUIDv4 and use that as the external identifier. And then we're back at where the blog post started.


I think you could but it would further complicate the id scheme (would need some sort of a version mask to facilitate a rotation window).


What is the use case for rotating uuids? Aren’t they immutable?


i think they meant rotating the encryption key not the internal uuids




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: