Giters

google / exposure-notifications-verification-server

Verification component for COVID-19 Exposure Notifications.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Proposal: automatically rotate verification token keys

mikehelmick opened this issue · comments

commented

TL;DR

Currently, specific token signing key versions are managed through terraform.
While the ENV VAR accepts a list, allowing for human scale rotation, it would be better to automate this.

Design

Proposal

Change TokenSigningConfig to accept a key and not a key version. For backwards compatibility, accepting a key version and normalizing it back to the key would be good.

Introduce DB table to track token signing key rotation.

Periodically rotate the signing key.

  1. Introduce and start using key version n+1
  2. Wait > 24 hours (how long verification tokens are valid for)
  3. Destroy key version n

Alternatives considered

Manual rotation via manual version creation and terraform config update.

The downside being this is a human process and prone to forget-fullness and errors.