keystone/releasenotes/notes/support_encrypted_credentia...

15 lines
662 B
YAML

---
upgrade:
- Keystone now supports encrypted credentials at rest.
In order to upgrade successfully to Newton, deployers
must encrypt all credentials currently stored before
contracting the database. Deployers must run
`keystone-manage credential_setup` in order to use the
credential API within Newton, or finish the upgrade
from Mitaka to Newton. This will result in a service
outage for the credential API where credentials will
be read-only for the duration of the upgrade process.
Once the database is contracted credentials will be
writeable again. Database contraction phases only
apply to rolling upgrades.