Create Crypto Kek for Barbican

Solution Unverified - Updated -

Issue

For Barbican deployment with SimpleCrypto plugin, it need a Kek (key encryption key). This kek is supposed at fernet format. If the format is not correct, those error message are coming :

openstack secret store --name monsecret --payload ĺudmila
5xx Server error: Internal Server Error: Secret creation failure seen - please contact site administrator.
Internal Server Error: Secret creation failure seen - please contact site administrator.

In /var/log/containers/barbican/main.log we have :

ERROR barbican.api.controllers ValueError: Fernet key must be 32 url-safe base64-encoded bytes.

Environment

Red Hat OpenStack 16.1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content