Josh Carp created AIRFLOW-3383:
----------------------------------
Summary: Simplify fernet key rotation
Key: AIRFLOW-3383
URL: https://issues.apache.org/jira/browse/AIRFLOW-3383
Project: Apache Airflow
Issue Type: Improvement
Reporter: Josh Carp
As far as I can tell, it's not straightforward to rotate the fernet key for
encrypted passwords and extras. A user would have to generate a new key,
restart airflow, and manually re-enter each value to be encrypted via the web
interface. It should be possible to specify multiple fernet keys at once, and
to easily re-encrypt values with a new key. The cryptography package provides a
MultiFernet class with a rotate method that handles this use case, so I wrote
up a patch that uses MultiFernet to support multiple keys and rotation via the
command line.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
