Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How does Rotate work in OpenStack Fernet Keys?

2025-01-23 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)05/31 Report--

This article mainly shows you "what is the working principle of Rotate in OpenStack Fernet Keys", the content is easy to understand, clear, hope to help you solve your doubts, the following let the editor lead you to study and learn "what is the working principle of Rotate in OpenStack Fernet Keys"?

1. Introduction

Openstack's Fernet key is generated by the python fernet library (https://cryptography.io/en/latest/fernet/)

From cryptography.fernet import FernetFernet.generate_key ()

Fernet Key is similar to:

RoFd7Kucd2RdzIoMcsc5j3nx7cHR0pWi-XVaiOel978=

two。 Mode of work

The largest key is the current signing key (Primary Key)

A key with a value of 0 is a key that is about to become signing key.

The key of other values is old keys, and they used to be Primary Key. There may be some tokens in the system that are encrypted using these key, depending on the expiration time method you set.

Newly generated key usually has a value of 0.

3. How to make Rotate?

For example, there are three key:0, 1, 2

0 becomes 3 and becomes signing key (primary key)

1 deleted

2 is still 2

Created a new key of 0

The figure is as follows:

An explanation: before key rotate, all token was encrypted with 2. After key rotate, all token are encrypted with 3. When there is a token, keystone decrypts it with 3 and 2 at the same time, and there is always one that can work. At this time, do not rotate again, otherwise 2 will be deleted, there will be a decryption error.

This will require you to have more keys, or set the expiration time a little longer.

For example, key rotate is done once a week, and then the expiration time of token is set to 2 hours.

These are all the contents of the article "how does Rotate work in OpenStack Fernet Keys?" Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 225

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report