fuel-ccp-keystone

History

Dmitry Klenov f6a75158c2 Fernet keys rotation action Mechanism to rotate fernet keys is added. CCP operator can use one of two ways to rotate keys: 1. Manual rotation. Pre-generate keys manually and distribute them to keystone pod(s). To do it, operator needs to put generated keys to the ccp config file in the following format: configs: keystone: fernet_keys: "0": <key-0> "2": <key-2> "3": <key-3> Then, execute custom action 'fernet-rotate'. The keys will be placed to the k8s secret. 2. Automatic rotation. Do not put keys to config, just execute 'fernet-rotate'. Keys will be automatically rotated and put to proper secret. Partial-Bug: #1651392 Partial-Bug: #1651394 Change-Id: I577b3f36a12d14b4b5d546d9633d4629eb5d8a37	2017-02-10 13:10:46 +00:00
..
keystone	Fernet keys rotation action	2017-02-10 13:10:46 +00:00

Dmitry Klenov f6a75158c2 Fernet keys rotation action

Mechanism to rotate fernet keys is added. CCP operator can use one
of two ways to rotate keys:

1. Manual rotation.
Pre-generate keys manually and distribute them to keystone pod(s).
To do it, operator needs to put generated keys to the ccp config file
in the following format:

configs:
    keystone:
        fernet_keys:
            "0": <key-0>
            "2": <key-2>
            "3": <key-3>

Then, execute custom action 'fernet-rotate'. The keys will be placed
to the k8s secret.

2. Automatic rotation.
Do not put keys to config, just execute 'fernet-rotate'. Keys will be
automatically rotated and put to proper secret.

Partial-Bug: #1651392
Partial-Bug: #1651394
Change-Id: I577b3f36a12d14b4b5d546d9633d4629eb5d8a37

2017-02-10 13:10:46 +00:00

keystone

Fernet keys rotation action

2017-02-10 13:10:46 +00:00