NCM::Component::openstack::key-manager - barbican¶
Types¶
- /software/components/openstack/openstack_barbican_secretstore_plugin
- /software/components/openstack/openstack_barbican_DEFAULTS
- Description: Barbican default section
- /software/components/openstack/openstack_barbican_DEFAULTS/sql_connection
- Description: SQLAlchemy connection string for the reference implementation registry server. Any valid SQLAlchemy connection string is fine. For some weird reason Barbican does not use the [database] section
- Required
- Type: string
- /software/components/openstack/openstack_barbican_DEFAULTS/host_href
- Description: Host name, for use in HATEOAS-style references. Note: Typically this would be the load balanced endpoint that clients would use to communicate back with this service. If a deployment wants to derive host from wsgi request instead then make this blank. Blank is needed to override default config value which is ‘http://localhost:9311’
- Optional
- Type: type_absoluteURI
- Default value: http://localhost:9311
- /software/components/openstack/openstack_barbican_secretstore
- Description: Barbican secretstore section
- /software/components/openstack/openstack_barbican_secretstore/namespace
- Description: Extension namespace to search for plugins
- Required
- Type: string
- Default value: barbican.secretstore.plugin
- /software/components/openstack/openstack_barbican_secretstore/enabled_secretstore_plugins
- Description: List of secret store plugins to load
- Required
- Type: openstack_barbican_secretstore_plugin
- /software/components/openstack/openstack_barbican_crypto
- Description: Barbican crypto section
- /software/components/openstack/openstack_barbican_crypto/enabled_crypto_plugins
- Description: List of crypto plugins to load
- Required
- Type: string
- /software/components/openstack/openstack_barbican_simple_crypto_plugin
- Description: Barbican simple_crypto_plugin section
- /software/components/openstack/openstack_barbican_simple_crypto_plugin/namespace
- Description: Extension namespace to search for plugins
- Required
- Type: string
- Default value: barbican.crypto.plugin
- /software/components/openstack/openstack_barbican_simple_crypto_plugin/kek
- Description: Key encryption key to be used by Simple Crypto Plugin. It should be a 32-byte value which is base64 encoded (openssl rand -base64 32)
- Required
- Type: string
- /software/components/openstack/openstack_barbican_certificate
- Description: Barbican certificate section
- /software/components/openstack/openstack_barbican_certificate/namespace
- Description: Extension namespace to search for plugins
- Required
- Type: string
- Default value: barbican.certificate.plugin
- /software/components/openstack/openstack_barbican_certificate/enabled_certificate_plugins
- Description: List of certificate plugins to load
- Required
- Type: string
- /software/components/openstack/openstack_barbican_dogtag_plugin
- Description: Barbican dogtag_plugin section
- /software/components/openstack/openstack_barbican_dogtag_plugin/pem_path
- Description: Path to PEM file for authentication
- Required
- Type: absolute_file_path
- /software/components/openstack/openstack_barbican_dogtag_plugin/dogtag_host
- Description: Hostname for the Dogtag instance
- Required
- Type: type_hostname
- /software/components/openstack/openstack_barbican_dogtag_plugin/dogtag_port
- Description: Port for the Dogtag instance
- Required
- Type: type_port
- Default value: 8443
- /software/components/openstack/openstack_barbican_dogtag_plugin/nss_db_path
- Description: Path to the NSS certificate database
- Required
- Type: absolute_file_path
- Default value: /etc/barbican/alias
- /software/components/openstack/openstack_barbican_dogtag_plugin/nss_db_path_ca
- Optional
- Type: absolute_file_path
- /software/components/openstack/openstack_barbican_dogtag_plugin/nss_password
- Description: Password for the NSS certificate databases
- Required
- Type: string
- /software/components/openstack/openstack_barbican_dogtag_plugin/simple_cmc_profile
- Description: Profile for simple CMC requests
- Required
- Type: string
- Default value: caOtherCert
- /software/components/openstack/openstack_barbican_dogtag_plugin/ca_expiration_time
- Description: Time in days for CA entries to expire
- Optional
- Type: long
- Range: 1..
- /software/components/openstack/openstack_barbican_dogtag_plugin/plugin_working_dir
- Description: Working directory for Dogtag plugin
- Optional
- Type: absolute_file_path
- /software/components/openstack/openstack_barbican_kmip_plugin
- Description: Barbican kmip_plugin section
- /software/components/openstack/openstack_barbican_kmip_plugin/username
- Description: Username for authenticating with KMIP server
- Required
- Type: string
- Default value: admin
- /software/components/openstack/openstack_barbican_kmip_plugin/password
- Description: Password for authenticating with KMIP server
- Required
- Type: string
- /software/components/openstack/openstack_barbican_kmip_plugin/host
- Description: Address of the KMIP server
- Required
- Type: type_hostname
- /software/components/openstack/openstack_barbican_kmip_plugin/port
- Description: Port for the KMIP server
- Required
- Type: type_port
- Default value: 5696
- /software/components/openstack/openstack_barbican_kmip_plugin/keyfile
- Description: File path to local client certificate keyfile
- Required
- Type: absolute_file_path
- /software/components/openstack/openstack_barbican_kmip_plugin/certfile
- Description: File path to local client certificate
- Required
- Type: absolute_file_path
- /software/components/openstack/openstack_barbican_kmip_plugin/ca_certs
- Description: File path to concatenated “certification authority” certificates
- Required
- Type: absolute_file_path
- /software/components/openstack/openstack_quattor_barbican
- /software/components/openstack/openstack_barbican_config
- Description: list of Barbican configuration sections
- /software/components/openstack/openstack_barbican_config/DEFAULT
- Required
- Type: openstack_barbican_DEFAULTS
- /software/components/openstack/openstack_barbican_config/keystone_authtoken
- Required
- Type: openstack_keystone_authtoken
- /software/components/openstack/openstack_barbican_config/secretstore
- Required
- Type: openstack_barbican_secretstore
- /software/components/openstack/openstack_barbican_config/crypto
- Optional
- Type: openstack_barbican_crypto
- /software/components/openstack/openstack_barbican_config/simple_crypto_plugin
- Optional
- Type: openstack_barbican_simple_crypto_plugin
- /software/components/openstack/openstack_barbican_config/certificate
- Optional
- Type: openstack_barbican_certificate
- /software/components/openstack/openstack_barbican_config/dogtag_plugin
- Optional
- Type: openstack_barbican_dogtag_plugin
- /software/components/openstack/openstack_barbican_config/kmip_plugin
- Optional
- Type: openstack_barbican_kmip_plugin
- /software/components/openstack/openstack_barbican_config/quattor
- Required
- Type: openstack_quattor_barbican