Merge "Added Barbican option BarbicanPkcs11AlwaysSetCkaSensitive"
This commit is contained in:
commit
733a7f4ee9
docker/services
environments
puppet/services
releasenotes/notes
@ -95,6 +95,10 @@ parameters:
|
|||||||
description: Cryptoki Mechanism used to generate Master HMAC Key
|
description: Cryptoki Mechanism used to generate Master HMAC Key
|
||||||
type: string
|
type: string
|
||||||
default: 'CKM_AES_KEY_GEN'
|
default: 'CKM_AES_KEY_GEN'
|
||||||
|
BarbicanPkcs11AlwaysSetCkaSensitive:
|
||||||
|
description: Always set CKA_SENSITIVE=CK_TRUE
|
||||||
|
type: boolean
|
||||||
|
default: true
|
||||||
ThalesHSMNetworkName:
|
ThalesHSMNetworkName:
|
||||||
description: The network that the HSM is listening on.
|
description: The network that the HSM is listening on.
|
||||||
type: string
|
type: string
|
||||||
|
@ -17,6 +17,7 @@ parameter_defaults:
|
|||||||
BarbicanPkcs11CryptoHMACLabel: 'barbican_hmac_0'
|
BarbicanPkcs11CryptoHMACLabel: 'barbican_hmac_0'
|
||||||
BarbicanPkcs11CryptoATOSEnabled: true
|
BarbicanPkcs11CryptoATOSEnabled: true
|
||||||
BarbicanPkcs11CryptoEnabled: true
|
BarbicanPkcs11CryptoEnabled: true
|
||||||
|
BarbicanPkcs11AlwaysSetCkaSensitive: false
|
||||||
ATOSVars:
|
ATOSVars:
|
||||||
atos_client_working_dir: /tmp/atos_client_install
|
atos_client_working_dir: /tmp/atos_client_install
|
||||||
# atos_client_iso_location:
|
# atos_client_iso_location:
|
||||||
|
@ -18,6 +18,7 @@ parameter_defaults:
|
|||||||
BarbicanPkcs11CryptoHMACLabel: 'barbican_hmac_0'
|
BarbicanPkcs11CryptoHMACLabel: 'barbican_hmac_0'
|
||||||
BarbicanPkcs11CryptoThalesEnabled: true
|
BarbicanPkcs11CryptoThalesEnabled: true
|
||||||
BarbicanPkcs11CryptoEnabled: true
|
BarbicanPkcs11CryptoEnabled: true
|
||||||
|
BarbicanPkcs11AlwaysSetCkaSensitive: false
|
||||||
ThalesVars:
|
ThalesVars:
|
||||||
thales_client_working_dir: /tmp/thales_client_install
|
thales_client_working_dir: /tmp/thales_client_install
|
||||||
# thales_client_tarball_location: URI where the CipherTools tarball can be downloaded.
|
# thales_client_tarball_location: URI where the CipherTools tarball can be downloaded.
|
||||||
|
@ -12,6 +12,7 @@ parameter_defaults:
|
|||||||
# BarbicanPkcs11CryptoSlotId: Slot Id for the HSM
|
# BarbicanPkcs11CryptoSlotId: Slot Id for the HSM
|
||||||
# BarbicanPkcs11CryptoGlobalDefault: Whether this plugin is the global default plugin
|
# BarbicanPkcs11CryptoGlobalDefault: Whether this plugin is the global default plugin
|
||||||
BarbicanPkcs11CryptoEnabled: true
|
BarbicanPkcs11CryptoEnabled: true
|
||||||
|
BarbicanPkcs11AlwaysSetCkaSensitive: true
|
||||||
|
|
||||||
resource_registry:
|
resource_registry:
|
||||||
OS::TripleO::Services::BarbicanBackendPkcs11Crypto: ../puppet/services/barbican-backend-pkcs11-crypto.yaml
|
OS::TripleO::Services::BarbicanBackendPkcs11Crypto: ../puppet/services/barbican-backend-pkcs11-crypto.yaml
|
||||||
|
@ -72,6 +72,10 @@ parameters:
|
|||||||
description: Generate IVs for CKM_AES_GCM encryption mechanism
|
description: Generate IVs for CKM_AES_GCM encryption mechanism
|
||||||
type: boolean
|
type: boolean
|
||||||
default: true
|
default: true
|
||||||
|
BarbicanPkcs11AlwaysSetCkaSensitive:
|
||||||
|
description: Always set CKA_SENSITIVE=CK_TRUE
|
||||||
|
type: boolean
|
||||||
|
default: true
|
||||||
BarbicanPkcs11CryptoGlobalDefault:
|
BarbicanPkcs11CryptoGlobalDefault:
|
||||||
description: Whether this plugin is the global default plugin
|
description: Whether this plugin is the global default plugin
|
||||||
type: boolean
|
type: boolean
|
||||||
@ -93,4 +97,5 @@ outputs:
|
|||||||
barbican::plugins::p11_crypto::p11_crypto_plugin_hmac_key_type: {get_param: BarbicanPkcs11CryptoHMACKeyType}
|
barbican::plugins::p11_crypto::p11_crypto_plugin_hmac_key_type: {get_param: BarbicanPkcs11CryptoHMACKeyType}
|
||||||
barbican::plugins::p11_crypto::p11_crypto_plugin_hmac_keygen_mechanism: {get_param: BarbicanPkcs11CryptoHMACKeygenMechanism}
|
barbican::plugins::p11_crypto::p11_crypto_plugin_hmac_keygen_mechanism: {get_param: BarbicanPkcs11CryptoHMACKeygenMechanism}
|
||||||
barbican::plugins::p11_crypto::p11_crypto_plugin_aes_gcm_generate_iv: {get_param: BarbicanPkcs11CryptoAESGCMGenerateIV}
|
barbican::plugins::p11_crypto::p11_crypto_plugin_aes_gcm_generate_iv: {get_param: BarbicanPkcs11CryptoAESGCMGenerateIV}
|
||||||
|
barbican::plugins::p11_crypto::p11_crypto_plugin_always_set_cka_sensitive: {get_param: BarbicanPkcs11AlwaysSetCkaSensitive}
|
||||||
barbican::plugins::p11_crypto::global_default: {get_param: BarbicanPkcs11CryptoGlobalDefault}
|
barbican::plugins::p11_crypto::global_default: {get_param: BarbicanPkcs11CryptoGlobalDefault}
|
||||||
|
5
releasenotes/notes/added-new-barbican-option-always-set-cka-sensitive-7a9dc31290899cac.yaml
Normal file
5
releasenotes/notes/added-new-barbican-option-always-set-cka-sensitive-7a9dc31290899cac.yaml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Added a new Barbican option `BarbicanPkcs11AlwaysSetCkaSensitive`. The
|
||||||
|
default value is `true`.
|
Loading…
x
Reference in New Issue
Block a user