Rails `signed_id` changes even though the signed_key_base does not

Yesterday we upgraded our EC2 servers to a new custom Ubuntu AMI. They are now running ruby 3.1.2 (up from 3.1.1) and connecting to a RDS Postgres 14.2 database (up from 13.2). We remained on the same Rails version (we follow main, currently on ref 55cee0).

A couple of hours later, we noticed that every link we had sent on emails and sms messages that included a model’s signed_id were broken. ActionText, which internally relies on MessageVerifier was also broken.

Checking one of the affected models, we noticed that the signed_id had changed. Same happened with ActionText global_signed_id. We double checked our credentials, and there were no changes in the secret key base.

I’ve read through the signing code, but I’m not familiar with security code, so I don’t know how what might have caused the change.

TL:DR: Is there a change on server software, gem version, ruby version, or anything else that can cause signed_id to change when the signed_key_base did not?