Is there any way to change the awx_secret_key once deployed??

Cesar_Sanchez2 · September 26, 2017, 5:27pm

Hi again :)…

Another issue…

When trying to update to tip, my setup was totally broken, because I think, I was using the default awx_secret_key, given that it was ignored by the time I built my containers.

Is there any way of having the awx_secret_key updated on a running setup?

I missed the patch that honored the {{ awx_secret_key }} variable and fell back to the default one once deployed, and I’ve already setup some objects.

When I try to re-deploy the containers with the new secret key, it seems to break everything, unless I ditch my databases and I start from scratch.

Is there any way of having the DBs backed up and migrated to my new instance using my new awx_secret_key?

Thanks,

-Cesar

AlanCoding · September 26, 2017, 5:37pm

I think the short answer here is going to be “no”.

You need the secret key in order to decrypt any encrypted DB content. That means that in order to change the key, you’ll need to re-encrypt all that data. To my knowledge, we don’t have any solution currently available for this. If you want to get an idea of what level of effort is involved in re-encryption, you might look at the “_reencrypt.py” file in the migrations folder (this solved a different but similar problem).

Alan

Topic		Replies	Views
New Deployment on Kubernetes (Error regarding secret_key) AWX Project awx , kubernetes	0	0	May 17, 2022
SECRET_KEY Recovery Options AWX Project awx	1	1	June 7, 2023
If the password and SSH key are crypted? AWX Project	4	2	January 27, 2021
Protecting the AWX SECRET_KEY Get Help awx , aap	1	51	August 22, 2024
Migrating and upgrading from AWX 17.1.0 to AWX 19.x with Operator approach AWX Project awx , kubernetes	10	15	August 1, 2023

Is there any way to change the awx_secret_key once deployed??

Related topics