Description of problem: Currently horizon SECRET_KEY is 10 characters long: """ https://github.com/openstack/tripleo-heat-templates/blob/master/overcloud.j2.yaml#L320 HorizonSecret: type: OS::TripleO::RandomString properties: length: 10 """ but upstream documentation says that it should be 64: https://docs.openstack.org/security-guide/dashboard/secret-key.html """ The dashboard depends on a shared SECRET_KEY setting for some security functions. The secret key should be a randomly generated string at least 64 characters long, which must be shared across all active dashboard instances. Compromise of this key may allow a remote attacker to execute arbitrary code. Rotating this key invalidates existing user sessions and caching. Do not commit this key to public repositories. """ Expected results: Additional info:
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0446