API Key Rotation Without Downtime
Dual-key validation window, gradual client migration, and the revocation list we keep in Redis.
Rotating a compromised key used to mean a maintenance window. Now it is a documented playbook.
Flow
- Issue new key
K2whileK1remains valid (both invalid_keysset) - Notify integrators with 14-day migration deadline
- Metrics on
K1usage — alert if traffic remains after deadline - Revoke
K1: move torevoked_keyswith TTL = max JWT/session overlap - Gateway checks revoked set first (O(1) Redis lookup)
if (await _redis.SetContainsAsync("revoked_keys", keyHash))
return Results.Unauthorized();
if (!await _redis.SetContainsAsync("valid_keys", keyHash))
return Results.Unauthorized();
Audit
Every rotation logged with actor, reason, and affected client IDs. Required for SOC2 evidence.
security , api-keys , rotation · Redis , .NET