Awx: Change secret_key and re-encrypt credentials
ISSUE TYPE
- Feature Idea
SUMMARY
Currently it seems not possible to change the awx secret_key (from installer/inventory) to be able to change the credential encryption key - or is it possible?
Will this be supported in the future?
LucaBernstein
All 4 comments
Hey @LucaBernstein,
It's possible to _change_ the key, but AWX doesn't currently have any tooling to decrypt and re-encrypt your secrets for you. It's possible we might add functionality to support something like this in the future.
ryanpetrello
on 23 Oct 2019
Hey @LucaBernstein I've opened a PR to add a new command for generating a new SECRET_KEY (if you're interested in trying it out):
https://github.com/ansible/awx/pull/5493
The intended usage here is to:
- Stop all running services.
- _Run_ the new command
awx-manage regenerate_secret_keyfrom one database-connected node. The new key is printed, and can be replaced in your inventory. - Start all services again.
ryanpetrello
on 12 Dec 2019
@elyezer is out on PTO for a while, but 90% sure this is ready to close
kdelee
on 2 Jan 2020
Going to close as I reviewed his work and indeed while we can do some more work on running his automation on a regular basis and reporting it somewhere, we can test on demand and its working.
kdelee
on 3 Jan 2020
Related issues
mwiora
路
3Comments
darkaxl
路
3Comments
shortsteps
路
3Comments
beenje
路
3Comments
grahamn-gr
路
3Comments
Most helpful comment
Hey @LucaBernstein,
It's possible to _change_ the key, but AWX doesn't currently have any tooling to decrypt and re-encrypt your secrets for you. It's possible we might add functionality to support something like this in the future.