[openstack-dev] [keystone] [tripleo] [deployment] Keystone Fernet keys rotations spec

Emilien Macchi emilien at redhat.com
Tue Mar 14 17:27:36 UTC 2017


I found useful to share a spec that I started to write this morning:

The goal is to do Keystone Fernet keys rotations in a way that scales
and is secure, by using the standard tools and not re-inventing the
In other words: if you're working on Keystone or TripleO or any other
deployment tool: please read the spec and give any feedback.

We would like to find a solution that would work for all OpenStack
deployment tools (Kolla, OSA, Fuel, TripleO, Helm, etc) but I sent the
specs to tripleo project
to get some feedback.

If you already has THE solution that you think is the best one, then
we would be very happy to learn from it in a comment directly in the

Thanks for your time,
Emilien Macchi

More information about the OpenStack-dev mailing list