You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by "Ash Berlin-Taylor (JIRA)" <ji...@apache.org> on 2019/01/21 11:13:00 UTC

[jira] [Resolved] (AIRFLOW-3383) Simplify fernet key rotation

     [ https://issues.apache.org/jira/browse/AIRFLOW-3383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ash Berlin-Taylor resolved AIRFLOW-3383.
----------------------------------------
       Resolution: Fixed
    Fix Version/s: 2.0.0

> Simplify fernet key rotation
> ----------------------------
>
>                 Key: AIRFLOW-3383
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-3383
>             Project: Apache Airflow
>          Issue Type: Improvement
>            Reporter: Josh Carp
>            Priority: Minor
>             Fix For: 2.0.0
>
>
> As far as I can tell, it's not straightforward to rotate the fernet key for encrypted passwords and extras. A user would have to generate a new key, restart airflow, and manually re-enter each value to be encrypted via the web interface. It should be possible to specify multiple fernet keys at once, and to easily re-encrypt values with a new key. The cryptography package provides a MultiFernet class with a rotate method that handles this use case, so I wrote up a patch that uses MultiFernet to support multiple keys and rotation via the command line.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)