I guys,
I have to create/update a lot of amp-page for different domains. So I'd like to know if I can use the same RSA-Key for all my domains or if I need to create one for each domain.
thx.
I guys,
I have to create/update a lot of amp-page for different domains. So I'd like to know if I can use the same RSA-Key for all my domains or if I need to create one for each domain.
thx.
Copyright © 2021 Jogjafile Inc.
It is possible to re-use the RSA keys across domains. As long as the private key used to sign the request matches the key published at
.well-known/amphtml/apikey.pub
, the request will work.The keypairs can be replaced in the future. After generating a new one, replace the public key at
.well-known/amphtml/apikey.pub
and sign requests with the new private key.As a matter of best practice, it may be worth considering using different keys. Consider if the set of people who have access to the private key is the same for all domains. Also that, when using the same key, if one is compromised, it will give access to all domains.