Hello
I use docker-compose to set up my Pulp server. There is SECRET_KEY in images/compose/assets/settings.py and images/compose/assets/certs/database_fields.symmetric.key.
I am wondering, what is the consequence if I change the two value?
Thanks in advance
You can check the docs on DB_ENCRYPTION_KEY . There are steps there for safely rotating the key, using pulpcore-manage rotate-db-key.
If you just blindly change the values on a running system, then anything encrypted with the old key will be unrecoverable - things like passwords and certificates in Remotes, for example - and you’ll have to update all affected fields by hand.
Let me just add a link to the same docs in our emerging docs environment:
https://staging-docs.pulpproject.org/pulpcore/docs/admin/learn/settings/#db_encryption_key
Hello @ggainey, thanks for pointing the doc 
The zero downtime DB key rotation works well, I just did it.
For the SECRET_KEY of Django , it seems depended on how the application uses it. So for pulp, what could be the effects if I change it?
I don’t think there are any. AFAIK csrf and session tokens are backed by them. Both are not needed in api-oparation using basic auth (Or Cert, External, …). So the effect would at least only be temporal.
I tested the change of DJANGO SECRET_KEY: docker compose down, change its value in settings/py, then docker composer up, didn’t see any problem.
As you said, no impact.