8513563c39
When setting up fernet keys, the file resource will replace the contents of the keys (if they exist already) by default. This is not necessarily what all deployments want, since some might do the key-rotation out of band. So this makes the replacing of these keys configurable, so it won't affect already existing deployments if the keys were already set, rotation happened at some point and one runs puppet again. Change-Id: I8a56d1154dae1c7c53e3b9a997505156859b2826
7 lines
311 B
YAML
7 lines
311 B
YAML
---
|
|
features:
|
|
- The parameter 'fernet_replace_keys' was added; this tells the manifest to
|
|
not replace the fernet keys if they have been added already. This is useful
|
|
in cases where rotation happens outside of puppet, and running puppet again
|
|
would replace the keys and result in an invalid setup.
|