The Google Cloud signed URL documentation says:
"Anyone who knows the URL can access the resource until the expiration time for the URL is reached or the key used to sign the URL is rotated." How can I tell which key was used to sign a URL, and when it will be rotated? If I am using a service account to create the signed URL, is the service account’s key the key used to sign the URL?
Also, if I create a signed URL for file A, and then several minutes later create a second signed URL for file A, are both signed URLs valid? Or does the first signed URL become invalidated after the second is created?
>Solution :
How can I tell which key was used to sign a URL, and when it will be
rotated?
The identity used to sign the URL is included in the Signed URL parameter key X-Goog-Credential.
If I am using a service account to create the signed URL, is the
service account’s key the key used to sign the URL?
Yes, the service account’s RSA private key is used.
Also, if I create a signed URL for file A, and then several minutes
later create a second signed URL for file A, are both signed URLs
valid? Or does the first signed URL become invalidated after the
second is created?
Both Signed URLs are valid. Creating a new Signed URL does not invalidate a previous one.