22 lines
939 B
YAML
22 lines
939 B
YAML
---
|
|
upgrade:
|
|
- |
|
|
Fixes an issue with the barbican service when using the ``simple_crypto``
|
|
plugin whereby an invalid value is generated and used as the plugin's
|
|
encryption key.
|
|
|
|
The encryption key is configured via the ``[simple_crypto_plugin]: kek``
|
|
configuration option in ``barbican.conf``. This option was previously
|
|
configured using the kolla-ansible variable ``barbican_crypto_password``,
|
|
but is now configured using ``barbican_crypto_key`` which uses the correct
|
|
format.
|
|
|
|
Operators that have set ``barbican_crypto_password`` to a valid value
|
|
to work around this issue should ensure that ``barbican_crypto_key``
|
|
is configured in ``passwords.yml`` with the same value that was used for
|
|
``barbican_crypto_password``. This will ensure that existing barbican
|
|
secrets can be decrypted.
|
|
|
|
The variable ``barbican_crypto_password`` may safely be removed from
|
|
``passwords.yml``.
|