Skip to content

Issuer key auto-update fails to register keys present before startup #3499

Open
Open
Issuer key auto-update fails to register keys present before startup#3499
Assignees
h2zh
Labels
bugSomething isn't workingcacheIssue relating to the cache componentoriginIssue relating to the origin componentsecurity
Milestone
v7.27
@h2zh

Description

@h2zh
h2zh
opened on Jun 3, 2026

The integration team found two gaps in the issuer-key auto-update mechanism that leave the registry's stored JWKS out of sync with the keys an origin actually holds:

  1. Keys present at startup are never advertised. If a second key file already exists in the issuer-keys directory before the Pelican process starts, only the first (active) key gets registered. The second key is never pushed to the registry.
  2. Issuer key auto-update never runs on Caches #3505

Metadata

Metadata

Assignees

Labels

bugSomething isn't workingcacheIssue relating to the cache componentoriginIssue relating to the origin componentsecurity

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions