Ability to rotate gossip encryption key

[petemounce]

In 0.4.1 I can supply an encryption key - that's great. However, in the event of a breach (and actually, on a regular schedule), I want to be able to rotate my key in a way that doesn't necessarily hose my consul deployment if it goes wrong or doesn't propagate, or whatever.

I could probably do this now by something like

consul exec <every node> <touch config file with key in it to supply new key>
consul exec <every node> consul reload

but this strikes me as ... pretty risky. It seems to me that if something fails, then I'll be left with nodes that I'll have to manually touch to fix up.

I'd like to avoid the possibility of manual work, since if it arises, I won't be able to use consul exec to do it, it'll be node by node.

[wuub]

#336 :) wait for 0.5

[ryanuber]

@petemounce this is already in master! 0.5rc1 was just tagged yesterday and includes this feature. Thanks!

[petemounce]

Brilliant :-)

Sent from my phone. Please excuse typos and brevity, but never text speak.
On 23 Jan 2015 17:52, "Ryan Uber" [email protected] wrote:

@petemounce https://github.com/petemounce this is already in master!
0.5rc1 was just tagged yesterday and includes this feature. Thanks!

—
Reply to this email directly or view it on GitHub
#630 (comment).