yes, the only case it could work with unnecessary complexity is where you use a remote signer, each client maintains state locally, and you remove a client in this case you can also do the following which is easier: rotate the secret used for encryption