/** * The keys required to sign and encrypt the JWT in their raw form for storage in a secure secrets * database (such as AWS Secrets Manager) for later parsing by {@link parseJwtKeys}. * * These keys should be kept secret and never shared with any frontend, client, etc. * * @category Internal */ export type RawJwtKeys = Readonly<{ encryptionKey: string; signingKey: string; }>; /** * The keys required to sign and encrypt the JWT. * * These keys should be kept secret and never shared with any frontend, client, etc. * * @category Internal */ export type JwtKeys = Readonly<{ /** * Encryption key for JWTs. This is a Uint8Array because `EncryptJWT.encrypt` does not support * `CryptoKey` for our chosen encryption algorithm. */ encryptionKey: Readonly; /** Signing key for JWTs. */ signingKey: Readonly; }>; /** * Generate fresh and serialized JWT signing and encryption keys. These should be stored in a secure * secrets database (such as AWS Secrets Manager) for later parsing by {@link parseJwtKeys}. * * These keys should be kept secret and never shared with any frontend, client, etc. * * @category Keys */ export declare function generateNewJwtKeys(): Promise; /** * Parses an instance of {@link RawJwtKeys} and produces the final {@link JwtKeys} object required by * all authentication functionality. * * @category Keys */ export declare function parseJwtKeys(rawKeys: Readonly): Promise>;