Stein Series Release Notes


Bug Fixes

  • Add a new parameter, verify_ssl_path, that can be used to configure the path to CA certs when verifying requests to Barbican.


Bug Fixes

  • Fixed VaultKeyManager.create_key() to consider the length param as bits instead of bytes for the key length. This was causing a discrepancy between keys generated by the HashiCorp Vault backend and the OpenStack Barbican backend. Considering km as an instance of a key manager, the following code km.create_key(ctx, “AES”, 256) was generating a 256 bit AES key when Barbican is configured as the backend, but generating a 2048 bit AES key when Vault was configured as the backend.


New Features

  • Added configuration option to the Vault key manager to allow the KV store mountpoint in Vault to be specified; the existing default of ‘secret’ is maintained.