Search

Chapter 13. Key Manager (barabican) Parameters

download PDF
ParameterDescription

ATOSVars

Hash of atos-hsm role variables used to install ATOS client software.

BarbicanDogtagStoreGlobalDefault

Whether this plugin is the global default plugin. The default value is False.

BarbicanDogtagStoreHost

Hostname of the Dogtag server.

BarbicanDogtagStoreNSSPassword

Password for the NSS DB.

BarbicanDogtagStorePEMPath

Path for the PEM file used to authenticate requests. The default value is /etc/barbican/kra_admin_cert.pem.

BarbicanDogtagStorePort

Port for the Dogtag server. The default value is 8443.

BarbicanKmipStoreGlobalDefault

Whether this plugin is the global default plugin. The default value is False.

BarbicanKmipStoreHost

Host for KMIP device.

BarbicanKmipStorePassword

Password to connect to KMIP device.

BarbicanKmipStorePort

Port for KMIP device.

BarbicanKmipStoreUsername

Username to connect to KMIP device.

BarbicanPassword

The password for the OpenStack Key Manager (barbican) service account.

BarbicanPkcs11AlwaysSetCkaSensitive

Always set CKA_SENSITIVE=CK_TRUE. The default value is True.

BarbicanPkcs11CryptoAESGCMGenerateIV

Generate IVs for CKM_AES_GCM encryption mechanism. The default value is True.

BarbicanPkcs11CryptoATOSEnabled

Enable ATOS for PKCS11. The default value is False.

BarbicanPkcs11CryptoEnabled

Enable PKCS11. The default value is False.

BarbicanPkcs11CryptoEncryptionMechanism

Cryptoki Mechanism used for encryption. The default value is CKM_AES_CBC.

BarbicanPkcs11CryptoGlobalDefault

Whether this plugin is the global default plugin. The default value is False.

BarbicanPkcs11CryptoHMACKeyType

Cryptoki Key Type for Master HMAC key. The default value is CKK_AES.

BarbicanPkcs11CryptoHMACKeygenMechanism

Cryptoki Mechanism used to generate Master HMAC Key. The default value is CKM_AES_KEY_GEN.

BarbicanPkcs11CryptoHMACLabel

Label for the HMAC key.

BarbicanPkcs11CryptoLibraryPath

Path to vendor PKCS11 library.

BarbicanPkcs11CryptoLogin

Password to login to PKCS11 session.

BarbicanPkcs11CryptoMKEKLabel

Label for Master KEK.

BarbicanPkcs11CryptoMKEKLength

Length of Master KEK in bytes. The default value is 256.

BarbicanPkcs11CryptoRewrapKeys

Cryptoki Mechanism used to generate Master HMAC Key. The default value is False.

BarbicanPkcs11CryptoSlotId

Slot Id for the HSM. The default value is 0.

BarbicanPkcs11CryptoThalesEnabled

Enable Thales for PKCS11. The default value is False.

BarbicanSimpleCryptoGlobalDefault

Whether this plugin is the global default plugin. The default value is False.

BarbicanSimpleCryptoKek

KEK used to encrypt secrets.

BarbicanWorkers

Set the number of workers for barbican::wsgi::apache. The default value is %{::processorcount}.

DeployIdentifier

Setting this to a unique value will re-run any deployment tasks which perform configuration on a OpenStack Orchestration (heat) stack-update.

NotificationDriver

Driver or drivers to handle sending notifications. The default value is messagingv2.

ThalesHSMNetworkName

The network that the HSM is listening on. The default value is internal_api.

ThalesVars

Hash of thales-hsm role variables used to install Thales client software.

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.