这个问题仍然悬而未决,有一个元问题链接到有关该主题的其他悬而未决的问题。
https://github.com/dotnet/aspnetcore/issues/36157 https://github.com/dotnet/aspnetcore/issues/36157
我遇到了同样的问题,但我没有使用 Pod,而是使用 AWS Lambda 函数。
我通过禁用自动密钥生成解决了该问题:
services.AddDataProtection()
.DisableAutomaticKeyGeneration()
并亲自管理钥匙。我至少有两把钥匙:
- 默认键。激活后 190 天到期。它是 180 天内的默认密钥。
- 下一个关键。它会在当前密钥到期前 10 天激活。激活后 190 天到期。它将成为 180 天内的默认密钥。
这是我在部署 lambda 函数之前执行的代码,然后每月执行一次:
public class KeyringUpdater
{
private readonly ILogger<KeyringUpdater> logger;
private readonly IKeyManager keyManager;
public KeyringUpdater(IKeyManager keyManager, ILogger<KeyringUpdater> logger)
{
this.logger = logger;
this.keyManager = keyManager;
}
private IKey? GetDefaultKey(IReadOnlyCollection<IKey> keys)
{
var now = DateTimeOffset.UtcNow;
return keys.FirstOrDefault(x => x.ActivationDate <= now && x.ExpirationDate > now && x.IsRevoked == false);
}
private IKey? GetNextKey(IReadOnlyCollection<IKey> keys, IKey key)
{
return keys.FirstOrDefault(x => x.ActivationDate > key.ActivationDate && x.ActivationDate < key.ExpirationDate && x.ExpirationDate > key.ExpirationDate && x.IsRevoked == false);
}
public void Update()
{
var keys = this.keyManager.GetAllKeys();
logger.LogInformation("Found {Count} keys", keys.Count);
var defaultKey = GetDefaultKey(keys);
if (defaultKey == null)
{
logger.LogInformation("No default key found");
var now = DateTimeOffset.UtcNow;
defaultKey = this.keyManager.CreateNewKey(now, now.AddDays(190));
logger.LogInformation("Default key created. ActivationDate: {ActivationDate}, ExpirationDate: {ExpirationDate}", defaultKey.ActivationDate, defaultKey.ExpirationDate);
keys = this.keyManager.GetAllKeys();
}
else
{
logger.LogInformation("Found default key. ActivationDate: {ActivationDate}, ExpirationDate: {ExpirationDate}", defaultKey.ActivationDate, defaultKey.ExpirationDate);
}
var nextKey = GetNextKey(keys, defaultKey);
if (nextKey == null)
{
logger.LogInformation("No next key found");
nextKey = this.keyManager.CreateNewKey(defaultKey.ExpirationDate.AddDays(-10), defaultKey.ExpirationDate.AddDays(180));
logger.LogInformation("Next key created. ActivationDate: {ActivationDate}, ExpirationDate: {ExpirationDate}", nextKey.ActivationDate, nextKey.ExpirationDate);
}
else
{
logger.LogInformation("Found next key. ActivationDate: {ActivationDate}, ExpirationDate: {ExpirationDate}", nextKey.ActivationDate, nextKey.ExpirationDate);
}
}
}