There should be a way to rotate fernet keys
Bug #1651394 reported by
Boris Bobrov
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
fuel-ccp |
Fix Committed
|
High
|
Dmitry Klenov |
Bug Description
Today a single Fernet key is generated for a deployment. Since the encrypted information is publicly accessible, the keys need to be rotated once in a while. Containers are considered immutable and we cannot rotate the keys the way we would do it in a usual unix environment. Some other way to rotate the keys needs to be implemented.
For example, kubernetes secrets are intended to hold sensitive information and could be used for that.
Changed in fuel-ccp: | |
status: | New → Triaged |
importance: | Undecided → High |
assignee: | nobody → Fuel CCP Bug Team (fuel-ccp-bugs) |
Changed in fuel-ccp: | |
assignee: | Fuel CCP Bug Team (fuel-ccp-bugs) → Dmitry Klenov (dklenov) |
Changed in fuel-ccp: | |
status: | In Progress → Fix Committed |
To post a comment you must log in.
For a secure Fernet key rotation consider using HashiCorp Vault. /www.hashicorp. com/blog/ using-hashicorp -vault- with-chef. html
Use cases for configuration management tools are described here:
https:/