Fengtian Xu
Reputation: 1
A signed GCS URL got 'SignatureDoesNotMatch'. the URL signed by a service with workload identity
In a workload identity enabled GKE cluster, a service signed a GCS file but got: 'SignatureDoesNotMatch' after about 10 days.
Does the system-managed private key rotation cause it?
What should I do to resolve it?
Upvotes: 0
Views: 63
Answers (1)
Leo
Reputation: 961
You could review your expiration days assigned at your URL, in the following example is set to 3 days (days signurl -d 3d) also if you are using the flag -u in your command to generate the URL you could try to remove it as a workaround
Upvotes: 0
Related Questions
- GCloud SignatureDoesNotMatch
- Why does GCS url signing requires Service Account Token Creator?
- Downloading files with a manually generated signed url errors with "SignatureDoesNotMatch"
- "The caller does not have permission" when signing GCP storage file URL from AWS lambda
- Error with signed writable URL: The request signature we calculated does not match the signature you provided
- Invalid value for field 'resource.sslCertificates[1]': ''. The URL is malformed
- GCS Generate_Signed_Url expires upon loading
- C# + Google Storage signed URL: The request signature we calculated does not match the signature you provided
- SignatureDoesNotMatch Ruby on Rails Google Storage Signed URL
- Signature does not match using Signed Url with GCS