Secure Link Md5 with Primary and Secondary Secret

Francis Daly francis at
Tue Jun 12 17:22:26 UTC 2018

On Tue, Jun 12, 2018 at 08:09:18AM -0400, anish10dec wrote:

Hi there,

> There is requirement for token authentication using two secret key i.e
> primary and secondary secret for location block.

If this is the same scenario as in,275668 and in,278063 then I'm pretty sure that the
answer is the same as those times.

> If token with first secret gives 405, then to generate the token with second
> secret to allow the request.

There is a suggested untested config in an earlier response. Does it
work for you?

> This is required for changing the Secret Key in production on server so that
> partial user will be allowed with old secret and some with new secret for
> meanwhile till secret is updated on all servers and client.

If the client knows it, it's not a secret.

Francis Daly        francis at

More information about the nginx mailing list