Newer
Older
---
upgrade:
- |
Fixes an issue with the barbican service when using the ``simple_crypto``
plugin whereby an invalid value is generated and used as the plugin's
encryption key.
The encryption key is configured via the ``[simple_crypto_plugin]: kek``
configuration option in ``barbican.conf``. This option was previously
configured using the kolla-ansible variable ``barbican_crypto_password``,
but is now configured using ``barbican_crypto_key`` which uses the correct
format.
Operators that have set ``barbican_crypto_password`` to a valid value
to work around this issue should ensure that ``barbican_crypto_key``
is configured in ``passwords.yml`` with the same value that was used for
``barbican_crypto_password``. This will ensure that existing barbican
secrets can be decrypted.
The variable ``barbican_crypto_password`` may safely be removed from
``passwords.yml``.