keystone/releasenotes/notes/bug-1728907-bab6769ab46bd8a...

11 lines
509 B
YAML

---
fixes:
- |
[`bug 1728907 <https://bugs.launchpad.net/keystone/+bug/1728907>`_]
In some rare cases, an empty key file can get created within the fernet
key repository. When keystone tries to load the keys from disk, it will
fail with an invalid fernet key ValueError. Keystone now handles empty
key files when loading and rotating keys. If an empty file exists, it
will be ignored when loaded, reported as a warning in the log, and
overwritten with a valid key upon rotation.