[
https://issues.apache.org/jira/browse/AIRFLOW-3383?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16747871#comment-16747871
]
ASF subversion and git services commented on AIRFLOW-3383:
----------------------------------------------------------
Commit bd74ddaf3468c329a431543f60a15425fc11c26c in airflow's branch
refs/heads/master from Joshua Carp
[ https://gitbox.apache.org/repos/asf?p=airflow.git;h=bd74dda ]
[AIRFLOW-3383] Rotate fernet keys. (#4225)
Add the ability to change the encryption key of all encrypted variables and
connections
> Simplify fernet key rotation
> ----------------------------
>
> Key: AIRFLOW-3383
> URL: https://issues.apache.org/jira/browse/AIRFLOW-3383
> Project: Apache Airflow
> Issue Type: Improvement
> Reporter: Josh Carp
> Priority: Minor
>
> As far as I can tell, it's not straightforward to rotate the fernet key for
> encrypted passwords and extras. A user would have to generate a new key,
> restart airflow, and manually re-enter each value to be encrypted via the web
> interface. It should be possible to specify multiple fernet keys at once, and
> to easily re-encrypt values with a new key. The cryptography package provides
> a MultiFernet class with a rotate method that handles this use case, so I
> wrote up a patch that uses MultiFernet to support multiple keys and rotation
> via the command line.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
