0e7ab57241
Add documentation on how credential encryption work and a release note. bp credential-encryption Change-Id: Ib06c86a17e585f43bfa8aedf3d5e89d3163cc9da
15 lines
662 B
YAML
15 lines
662 B
YAML
---
|
|
upgrade:
|
|
- Keystone now supports encrypted credentials at rest.
|
|
In order to upgrade successfully to Newton, deployers
|
|
must encrypt all credentials currently stored before
|
|
contracting the database. Deployers must run
|
|
`keystone-manage credential_setup` in order to use the
|
|
credential API within Newton, or finish the upgrade
|
|
from Mitaka to Newton. This will result in a service
|
|
outage for the credential API where credentials will
|
|
be read-only for the duration of the upgrade process.
|
|
Once the database is contracted credentials will be
|
|
writeable again. Database contraction phases only
|
|
apply to rolling upgrades.
|