17 lines
652 B
YAML
17 lines
652 B
YAML
---
|
|
upgrade:
|
|
- |
|
|
The Keystone fernet key rotation scheduling algorithm has been modified to
|
|
avoid issues with over-rotation of keys.
|
|
|
|
The variables ``fernet_token_expiry``,
|
|
``fernet_token_allow_expired_window`` and ``fernet_key_rotation_interval``
|
|
may be set to configure the token expiry and key rotation schedule.
|
|
|
|
By default, ``fernet_token_expiry`` is 86400,
|
|
``fernet_token_allow_expired_window`` is 172800, and
|
|
``fernet_key_rotation_interval`` is the sum of these two variables. This
|
|
allows for the minimum number of active keys - 3.
|
|
|
|
See `bug 1809469 <https://launchpad.net/bugs/1809469>`__ for details.
|