Josh Carp created AIRFLOW-3383: ---------------------------------- Summary: Simplify fernet key rotation Key: AIRFLOW-3383 URL: https://issues.apache.org/jira/browse/AIRFLOW-3383 Project: Apache Airflow Issue Type: Improvement Reporter: Josh Carp
As far as I can tell, it's not straightforward to rotate the fernet key for encrypted passwords and extras. A user would have to generate a new key, restart airflow, and manually re-enter each value to be encrypted via the web interface. It should be possible to specify multiple fernet keys at once, and to easily re-encrypt values with a new key. The cryptography package provides a MultiFernet class with a rotate method that handles this use case, so I wrote up a patch that uses MultiFernet to support multiple keys and rotation via the command line. -- This message was sent by Atlassian JIRA (v7.6.3#76005)