releasenotes/notes/fix-vault-create-key-b4340a3067cbd93c.yaml - python-castellan (bfae17a)

Tree @bfae17a (Download .tar.gz)

..
add-vault-provider-29a4c19fe67ab51f.yaml
deprecate-auth-endpoint-b91a3e67b5c7263f.yaml
fix-vault-create-key-b4340a3067cbd93c.yaml
support-legacy-fixed-key-id-9fa897b547111610.yaml
vault-approle-support-5ea04daea07a152f.yaml
vault-kv-mountpoint-919eb547764a0c74.yaml

fix-vault-create-key-b4340a3067cbd93c.yaml @bfae17a — raw · history · blame

---
fixes:
  - |
    Fixed VaultKeyManager.create_key() to consider the `length` param as bits
    instead of bytes for the key length. This was causing a discrepancy between
    keys generated by the HashiCorp Vault backend and the OpenStack Barbican
    backend. Considering `km` as an instance of a key manager, the following
    code `km.create_key(ctx, "AES", 256)` was generating a 256 bit AES key when
    Barbican is configured as the backend, but generating a 2048 bit AES key
    when Vault was configured as the backend.