openstack-manuals/doc/config-reference/source/tables/keystone-fernet_tokens.rst

Description of Fernet tokens configuration options

Configuration option = Default value	Description
[fernet_tokens]
key_repository = /etc/keystone/fernet-keys/	(String) Directory containing Fernet token keys.
max_active_keys = 3	(Integer) This controls how many keys are held in rotation by keystone-manage fernet_rotate before they are discarded. The default value of 3 means that keystone will maintain one staged key, one primary key, and one secondary key. Increasing this value means that additional secondary keys will be kept in the rotation.