Is there any way to change the awx_secret_key once deployed??

Hi again :)…

Another issue…

When trying to update to tip, my setup was totally broken, because I think, I was using the default awx_secret_key, given that it was ignored by the time I built my containers.

Is there any way of having the awx_secret_key updated on a running setup?

I missed the patch that honored the {{ awx_secret_key }} variable and fell back to the default one once deployed, and I’ve already setup some objects.

When I try to re-deploy the containers with the new secret key, it seems to break everything, unless I ditch my databases and I start from scratch.

Is there any way of having the DBs backed up and migrated to my new instance using my new awx_secret_key?

Thanks,

-Cesar

I think the short answer here is going to be “no”.

You need the secret key in order to decrypt any encrypted DB content. That means that in order to change the key, you’ll need to re-encrypt all that data. To my knowledge, we don’t have any solution currently available for this. If you want to get an idea of what level of effort is involved in re-encryption, you might look at the “_reencrypt.py” file in the migrations folder (this solved a different but similar problem).

Alan