Problem when rotating the fernet keys

[yerrysherry]

$ airflow version
1.10.10

Database:
CentOS Linux release 7.6.1810 (Core),

Webserver - scheduler:
lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.2 LTS
Release: 18.04
Codename: bionic

Problem: Can not access connection after doing a: airflow rotate_fernet_key

1. Create a new connection in the web interface
   Conn id: my_connection
   Conn Type: HTTP
   Password: my_connection

2. Check the database level

[local] postgres@airflow# select * from connection where conn_id='my_connection';
-[ RECORD 1 ]------+-----------------------------------------------------------------------------------------------------
id | 39
conn_id | my_connection
conn_type | http
host | (null)
schema | (null)
login | (null)
password | gAAAAABex9MvQLybzQxgGFmkzbiuLamA5Hy8lsVM3oB-MtHBHct-rkDrOkHNpOXfz53AdyiQnfLDTMDvS_e8_jebnd60kw3aNA==
port | (null)
extra |
is_encrypted | t
is_extra_encrypted | f

3. Rotate the fernet key. I did NOT change the airflow.cfg file!!!
   $ airflow rotate_fernet_key
   $ (no outpit)

4. Check the database level. The encrypted password is changed.

[local] postgres@airflow# select * from connection where conn_id='my_connection';
-[ RECORD 1 ]------+-----------------------------------------------------------------------------------------------------
id | 39
conn_id | my_connection
conn_type | http
host | (null)
schema | (null)
login | (null)
password | gAAAAABex9MvT44QG8BleLaqz8J60QSmP7n_VxHwTeqdewLC5ptPqabf0c5NpJ-G2zDusgOKY4Ahgun3LcXN4L5hIN3ocNf9YA==
port | (null)
extra |
is_encrypted | t
is_extra_encrypted | f

5. check the connection in the web interface.
   No problem. I can check and edit connections

6. Create a new Fernet key and change the airflow.cfg file

$ python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
DWL8rqNtdosZa78qFWImXZC4ac8FhfvdkGEebHd-LMc=

fernet_key = DWL8rqNtdosZa78qFWImXZC4ac8FhfvdkGEebHd-LMc=,doZ11rM4IyvbQTegQa4jHWuUWkCgCb9zYsPWzL2QLO0=

7. Rotate the fernet key.
   airflow@airflow-pr-1:/airflow$ airflow rotate_fernet_key
   airflow@airflow-pr-1:/airflow$ (no output)

8. When you check now in the web browser. Every entry who was encrypted gets an
   Ooops page

The only thing, I can do is restoring the database

Regards,
Gerrit

[boring-cyborg]

Thanks for opening your first issue here! Be sure to follow the issue template!

[eladkal]

is the issue still happens on Airflow 2?

[github-actions]

This issue has been automatically marked as stale because it has been open for 30 days with no response from the author. It will be closed in next 7 days if no further activity occurs from the issue author.

[github-actions]

This issue has been closed because it has not received response from the issue author.