Note that the following issues will result for updating the SECRET_KEY
Ephemeral tokens generated with the original secret key, say, for password resets or mailing list unsubscribe, will be invalid.
Users will be logged out as their sessions IDs will be invalid
Hashed tracking IDs in logs generated prior to the update will have a different obfuscated session id. This is less important because of item 2.
The obscured ids used in proctoring will also change. This impacts Proctortrack proctored learners directly. After the secrets change, the learner who user the old secret to establish their onboarding profile will fail graded exams because new user_id does not find the right onboarding profile. In MST-637 we changed proctoring to use a different non-rotatable key, and MST-639 covers making this new secret rotatable.
MFEs that don’t properly handle auth endpoints suddenly requiring re-auth will see a spike in JS errors until users have logged back into the LMS.