I wanted to utilize Koa's secure so that generated cookies were only sent over HTTPS, but the readme was somewhat unclear whether this was supported.

It looks like all options given in the module's configuration are passed to Koa's ctx.cookies.set method, so setting this flag is already possible, but it would be helpful to add secure to the CONFIG example given in the readme.

Thanks!

Yes, this would have been very useful for me too.