[
https://issues.apache.org/jira/browse/AIRFLOW-3383?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16747870#comment-16747870
]
ASF GitHub Bot commented on AIRFLOW-3383:
-----------------------------------------
ashb commented on pull request #4225: [AIRFLOW-3383] Rotate fernet keys.
URL: https://github.com/apache/airflow/pull/4225
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> Simplify fernet key rotation
> ----------------------------
>
> Key: AIRFLOW-3383
> URL: https://issues.apache.org/jira/browse/AIRFLOW-3383
> Project: Apache Airflow
> Issue Type: Improvement
> Reporter: Josh Carp
> Priority: Minor
>
> As far as I can tell, it's not straightforward to rotate the fernet key for
> encrypted passwords and extras. A user would have to generate a new key,
> restart airflow, and manually re-enter each value to be encrypted via the web
> interface. It should be possible to specify multiple fernet keys at once, and
> to easily re-encrypt values with a new key. The cryptography package provides
> a MultiFernet class with a rotate method that handles this use case, so I
> wrote up a patch that uses MultiFernet to support multiple keys and rotation
> via the command line.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
