Description
Is there an existing issue for this?
- I have searched the existing issues
Is your feature request related to a problem? Please describe the problem.
Same as #52915. We want to separate keyring reads from keyring writes to avoid races when there are multiple consumers. If we make consumers read-only, we need a dedicated writer to ensure there's an active key in a newly-created keyring and an unexpired key in an existing one.
Describe the solution you'd like
We could make a simple command-line executable that can be run either periodically or on a dynamic schedule. It needs only basic data protection functionality:
- Read the existing keyring, if any
- Generate a new key if there isn't one or if the active one is near/past expiration
- Revoke all keys (we probably don't want to deal with the complexity of specifying particular keys to revoke)
- Delete long-unused keys to avoid unbounded keyring growth
- Output the next time it should be run (if it's not going to happen on a fixed cadence)
Additional context
For compatibility, this component basically has to consume the existing Data Protection APIs. That effectively locks us to C#, but our Data Protection usage should be simple enough to allow AOT for consumers that don't have a CLR available.
We probably don't want to expose an API for all the possible storage locations of the keyring, so it will probably just be a path.
It's not yet clear whether this will be a reusable component or merely a sample/template that can be customized per-application.