Rotation Keystone Fernet Keys from the Overcloud

Like most passwords in your overcloud deployment, keystone fernet keys are also stored as part of the deployment plan in mistral. The overcloud deplotment’s fernet keys can be rotated with the following command:

openstack workflow execution create \
    tripleo.fernet_keys.v1.rotate_fernet_keys \
    '{"container": "overcloud"}'

Where the value for “container” is the name of the plan (which defaults to “overcloud”).

After waiting some time you can verify the output by taking the execution ID from that was the output of the previous command, and issuing the following command:

openstack workflow execution output show EXECUTION_UUID

Please note that there must be an overcloud deployment ready and accessible in order to execute this action.