Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow pause time after key sources have been updated #10

Open
eversC opened this issue Feb 1, 2019 · 3 comments
Open

Allow pause time after key sources have been updated #10

eversC opened this issue Feb 1, 2019 · 3 comments
Labels
question Further information is requested

Comments

@eversC
Copy link
Collaborator

eversC commented Feb 1, 2019

....in case users want to bail out of the key deletion.
@eversC eversC added the question Further information is requested label Feb 6, 2019
@eversC eversC closed this as completed Oct 15, 2019
@eversC eversC reopened this Apr 2, 2020
@eversC
Copy link
Collaborator Author

eversC commented Apr 2, 2020

Could also help applications that use the key to react to it being changed

@eversC
Copy link
Collaborator Author

eversC commented Apr 3, 2020

This would need to be configurable, on the location level

@kkonstan-ovo
Copy link

A grace period during which both old and new keys are valid would also fix an issue with jobs running on CircleCI during key rotations.

With the current implementation any CircleCI jobs running during a key rotation will end up with invalid keys at some point during their execution as these are injected as environment variables when they're started.

Here's one example where terraform apply failed to upload state to S3 due to this:
https://ovotech.atlassian.net/browse/PSRE-436

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@eversC @kkonstan-ovo