You should remove old data( project kek) in table kek_data(barbican), and your project kek will issued with your new master kek.

Ammad Syed <syedammad83@gmail.com> 于2021年10月29日周五 下午4:04写道:
Hi,

I have installed barbican and using it with openstack magnum. When I am using the default kek describe in document below, works fine and magnum cluster creation goes successful. 

https://docs.openstack.org/barbican/latest/install/barbican-backend.html

But when I generate a new kek with below command.

python3 -c "from cryptography.fernet import Fernet ; key = Fernet.generate_key(); print(key)"

and put it in barbican.conf, the magnum cluster failed to create and I see below logs in barbican.

2021-10-29 12:53:28.932 568554 INFO barbican.plugin.crypto.simple_crypto [req-aaac01e9-82af-421b-b85a-ff998d904972 ad702ac807f44c73a32a9b7a795b693c d782069f335041138f0cb141fde9933f - default default] Software Only Crypto initialized
2021-10-29 12:53:28.932 568554 DEBUG barbican.model.repositories [req-aaac01e9-82af-421b-b85a-ff998d904972 ad702ac807f44c73a32a9b7a795b693c d782069f335041138f0cb141fde9933f - default default] Getting session... get_session /usr/lib/python3/dist-packages/barbican/model/repositories.py:364
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers [req-aaac01e9-82af-421b-b85a-ff998d904972 ad702ac807f44c73a32a9b7a795b693c d782069f335041138f0cb141fde9933f - default default] Secret creation failure seen - please contact site administrator.: cryptography.fernet.InvalidToken
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers Traceback (most recent call last):
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers   File "/usr/lib/python3/dist-packages/cryptography/fernet.py", line 113, in _verify_signature
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers     h.verify(data[-32:])
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers   File "/usr/lib/python3/dist-packages/cryptography/hazmat/primitives/hmac.py", line 70, in verify
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers     ctx.verify(signature)
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers   File "/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/hmac.py", line 76, in verify
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers     raise InvalidSignature("Signature did not match digest.")
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers cryptography.exceptions.InvalidSignature: Signature did not match digest.
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers During handling of the above exception, another exception occurred:
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers Traceback (most recent call last):
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers   File "/usr/lib/python3/dist-packages/barbican/api/controllers/__init__.py", line 102, in handler
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers     return fn(inst, *args, **kwargs)
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers   File "/usr/lib/python3/dist-packages/barbican/api/controllers/__init__.py", line 88, in enforcer
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers     return fn(inst, *args, **kwargs)
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers   File "/usr/lib/python3/dist-packages/barbican/api/controllers/__init__.py", line 150, in content_types_enforcer
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers     return fn(inst, *args, **kwargs)
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers   File "/usr/lib/python3/dist-packages/barbican/api/controllers/secrets.py", line 456, in on_post
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers     new_secret, transport_key_model = plugin.store_secret(
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers   File "/usr/lib/python3/dist-packages/barbican/plugin/resources.py", line 108, in store_secret
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers     secret_metadata = _store_secret_using_plugin(store_plugin, secret_dto,
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers   File "/usr/lib/python3/dist-packages/barbican/plugin/resources.py", line 279, in _store_secret_using_plugin
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers     secret_metadata = store_plugin.store_secret(secret_dto, context)
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers   File "/usr/lib/python3/dist-packages/barbican/plugin/store_crypto.py", line 96, in store_secret
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers     response_dto = encrypting_plugin.encrypt(
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers   File "/usr/lib/python3/dist-packages/barbican/plugin/crypto/simple_crypto.py", line 76, in encrypt
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers     kek = self._get_kek(kek_meta_dto)
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers   File "/usr/lib/python3/dist-packages/barbican/plugin/crypto/simple_crypto.py", line 73, in _get_kek
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers     return encryptor.decrypt(kek_meta_dto.plugin_meta)
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers   File "/usr/lib/python3/dist-packages/cryptography/fernet.py", line 76, in decrypt
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers     return self._decrypt_data(data, timestamp, ttl, int(time.time()))
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers   File "/usr/lib/python3/dist-packages/cryptography/fernet.py", line 125, in _decrypt_data
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers     self._verify_signature(data)
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers   File "/usr/lib/python3/dist-packages/cryptography/fernet.py", line 115, in _verify_signature
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers     raise InvalidToken
2021-10-29 12:53:28.991 568554 ERROR barbican.api.controllers cryptography.fernet.InvalidToken

Any advise how to fix it ? 

- Ammad