Description
Is there an existing issue for this?
- I have searched the existing issues
Is your feature request related to a problem? Please describe the problem.
When multiple app instances consume the same keyring, they all try to rotate it, leading to races. We should have a mode where they only read the keyring and some other component updates it uncontestedly.
Describe the solution you'd like
It would be nice if this could be configured on the app author's behalf, the way single-instance data protection is now (i.e. the default configuration if you enable anti-forgery, auth tokens, etc). One easy way to accomplish that would be to make it settable via IConfiguration, so that an orchestrator could simply set an environment variable when launching the process/container.
The complexity of exposing all of data protection via IConfiguration is probably not justified (yet). Instead, I think we want two things:
- A configuration setting that gives a path to a read-only keyring
- The ability to specify in code that keyring access should be read-only
Additional context
This basically amounts to disabling automatic key-generation. As a nicety, we could also stub out write access to the keyring to make it log/throw if it happens.