The following command is recommended in section "2.4. Providing secure access to the Red Hat OpenStack Services on OpenShift services" of "Deploying Red Hat OpenStack Services on OpenShift" to generate BarbicanSimpleCryptoKEK:

python3 -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode('UTF-8'))"

The output of the command can't be used as is: if it contains dashes ("-") or underscores ("_"), then the following error will be thrown when trying to create a secret:

# oc create -f 4_openstack_secret.yaml
Error from server (BadRequest): error when creating "4_openstack_secret.yaml": Secret in version "v1" cannot be handled as a Secret: illegal base64 data at input byte 9 

It is also possible to reproduce this using simple base64 command:

# python3 -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode('UTF-8'))"
1GCvbOPsykrUPBwm2eO1kXs4xtSrZ5jDCXUkr2_Z1Xc=
# echo "1GCvbOPsykrUPBwm2eO1kXs4xtSrZ5jDCXUkr2_Z1Xc=" | base64 -d
`lJ<&{8g        u$base64: invalid input

Expected behavior
Output can be used as is, or there are recommendations how to convert it properly before it can be used.

Bug impact
Disturbs operators

Known workaround
Repeat command until output doesn't contain dashes or underscores