Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #3337 from jtschladen/encryption_keys-doc 

Add more wording around LEMUR_ENCRYPTION_KEYS in docs
This commit is contained in:
Hossein Shafagh 2021-01-04 19:51:49 -08:00 committed by GitHub
parent 1aa0e3dad6 843249a84e
commit 97ce836df9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/administration.rst
View File

@ -151,6 +151,15 @@ Specifying the `SQLALCHEMY_MAX_OVERFLOW` to 0 will enforce limit to not create c
to start. Multiple keys can be provided to facilitate key rotation. The first key in the list is used for to start. Multiple keys can be provided to facilitate key rotation. The first key in the list is used for
encryption and all keys are tried for decryption until one works. Each key must be 32 URL safe base-64 encoded bytes. encryption and all keys are tried for decryption until one works. Each key must be 32 URL safe base-64 encoded bytes.
Only fields of type ``Vault`` will be encrypted. At present, only the following fields are encrypted:
* ``certificates.private_key``
* ``pending_certificates.private_key``
* ``dns_providers.credentials``
* ``roles.password``
For implementation details, see ``Vault`` in ``utils.py``.
Running lemur create_config will securely generate a key for your configuration file. Running lemur create_config will securely generate a key for your configuration file.
If you would like to generate your own, we recommend the following method: If you would like to generate your own, we recommend the following method: