350e1a81dd
With the addition of the KeystoneFernetKeys parameter, it's now possible to do fernet key rotations using mistral, by modifying the KeystoneFernetKeys variable in mistral; subsequently a rotation could happen when doing a stack update. So this re-enables the managing of the key files by puppet. However, this is left configurable, as folks might want to manage those files out-of-band. bp keystone-fernet-rotation Change-Id: Ic82fb8b8a76481a6e588047acf33a036cf444d7d
7 lines
256 B
YAML
7 lines
256 B
YAML
---
|
|
features:
|
|
- This introduces the ManageKeystoneFernetKeys parameter, which tells
|
|
heat/puppet if it should replace the existing fernet keys on a stack
|
|
deployment or not. This is useful if the deployer wants to do key rotations
|
|
out of band.
|