Fernet tokens require symmetric encryption keys which can be established using <code>keystone-manage fernet_setup</code> and periodically rotated using <code>keystone-manage fernet_rotate</code>. These keys must be shared by all Keystone nodes in a multi-node (or multi-region) deployment, such that tokens generated by one node can be immediately validated against another.
Fernet tokens需要symmetric encryption keys,这些keys可以使用keystone-manage fernet_setup建立, 并且使用keystone-manage fernet_rotate周期性地轮换。
keystone-manage fernet_setup
keystone-manage fernet_rotate