You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2019/01/21 11:13:00 UTC

[jira] [Commented] (AIRFLOW-3383) Simplify fernet key rotation

    [ https://issues.apache.org/jira/browse/AIRFLOW-3383?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16747871#comment-16747871 ] 

ASF subversion and git services commented on AIRFLOW-3383:
----------------------------------------------------------

Commit bd74ddaf3468c329a431543f60a15425fc11c26c in airflow's branch refs/heads/master from Joshua Carp
[ https://gitbox.apache.org/repos/asf?p=airflow.git;h=bd74dda ]

[AIRFLOW-3383] Rotate fernet keys. (#4225)

Add the ability to change the encryption key of all encrypted variables and
connections

> Simplify fernet key rotation
> ----------------------------
>
>                 Key: AIRFLOW-3383
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-3383
>             Project: Apache Airflow
>          Issue Type: Improvement
>            Reporter: Josh Carp
>            Priority: Minor
>
> As far as I can tell, it's not straightforward to rotate the fernet key for encrypted passwords and extras. A user would have to generate a new key, restart airflow, and manually re-enter each value to be encrypted via the web interface. It should be possible to specify multiple fernet keys at once, and to easily re-encrypt values with a new key. The cryptography package provides a MultiFernet class with a rotate method that handles this use case, so I wrote up a patch that uses MultiFernet to support multiple keys and rotation via the command line.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)