stfinney
commented
7 years ago How are we imagining this working? Keywhiz server has to track when each client last updated each secret? Or the client keeps that info and each secret it requests a sync for it sends the time it last updated, and then keywhiz checks that against update times for each? Could also use content hashes, I suppose. Then you don't have to worry about clock errors.
mcpherrinm
Secret syncing in Keysync should track the status of secrets in more detail and avoid re-fetching secrets which have not changed since the last sync.