1599194 – Need to change parameter SECRET_KEY from 21 to 64 characters

Bug 1599194 - Need to change parameter SECRET_KEY from 21 to 64 characters

Summary: Need to change parameter SECRET_KEY from 21 to 64 characters

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-tripleo-heat-templates
Sub Component:
Version:	8.0 (Liberty)
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	low
Target Milestone:	beta
Target Release:	14.0 (Rocky)
Assignee:	Emilien Macchi
QA Contact:	Udi Kalifon
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-07-09 07:38 UTC by Eduard Barrera
Modified:	2019-01-11 11:50 UTC (History)
CC List:	7 users (show)
Fixed In Version:	openstack-tripleo-heat-templates-9.0.1-0.20181013060872.el7ost
Doc Type:	Enhancement
Doc Text:	Feature: The length of the automatically generated SECRET_KEY has been increased to 64 characters. Reason: Recommendation at https://docs.openstack.org/security-guide/dashboard/secret-key.html Result: Change of SECRET_KEY will invalidate all active user sessions.
Clone Of:
Environment:
Last Closed:	2019-01-11 11:50:23 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
OpenStack gerrit	581274	0	None	None	None	2018-07-10 11:18:52 UTC
Red Hat Product Errata	RHEA-2019:0045	0	None	None	None	2019-01-11 11:50:37 UTC

Description Eduard Barrera 2018-07-09 07:38:17 UTC

Description of problem:

for audit compliance it is needed to change the SECRET_KEY parameter on /etc/openstack-dashboard/local_settings from 21 to 64 characters.


Version-Release number of selected component (if applicable):
OSP 8

AFAIK secret must be changed /usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py

It also required to know the implication and the impact this changes may have on a production system.

Comment 1 Radomir Dopieralski 2018-07-09 08:56:28 UTC

/etc/openstack-dashboard/local_settings and /usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py are the same file (one is a symlink to the other).

Change of SECRET_KEY will invalidate all active user sessions and will require the users to re-login into Horizon.

Is there anything else you need?

Comment 2 Radomir Dopieralski 2018-07-09 14:53:44 UTC

The SECRET_KEY setting can be overridden in Director as the HorizonSecret parameter.

Comment 7 Udi Kalifon 2018-11-19 08:16:39 UTC

Verified in: openstack-tripleo-heat-templates-9.0.1-0.20181013060879.el7ost.noarch

Comment 9 errata-xmlrpc 2019-01-11 11:50:23 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2019:0045

Note You need to log in before you can comment on or make changes to this bug.