Chapter 13. Key Manager (barbican) Parameters
| Parameter | Description |
|---|---|
|
| Override the private key size used when creating the certificate for this service. |
|
| Hash of atos-hsm role variables used to install ATOS client software. |
|
|
Whether this plugin is the global default plugin. The default value is |
|
| Hostname of the Dogtag server. |
|
| Password for the NSS DB. |
|
|
Path for the PEM file used to authenticate requests. The default value is |
|
|
Port for the Dogtag server. The default value is |
|
|
Whether this plugin is the global default plugin. The default value is |
|
| Host for KMIP device. |
|
| Password to connect to KMIP device. |
|
| Port for KMIP device. |
|
| Username to connect to KMIP device. |
|
| The password for the OpenStack Key Manager (barbican) service account. |
|
|
Always set CKA_SENSITIVE=CK_TRUE. The default value is |
|
|
Generate IVs for CKM_AES_GCM encryption mechanism. The default value is |
|
|
Enable ATOS for PKCS11. The default value is |
|
|
Enable PKCS11. The default value is |
|
|
Cryptoki Mechanism used for encryption. The default value is |
|
|
Whether this plugin is the global default plugin. The default value is |
|
|
Cryptoki Mechanism used to generate Master HMAC Key. The default value is |
|
|
Cryptoki Key Type for Master HMAC key. The default value is |
|
| Label for the HMAC key. |
|
| Path to vendor PKCS11 library. |
|
| Password (PIN) to login to PKCS#11 session. |
|
|
Enable Luna SA HSM for PKCS11. The default value is |
|
| Label for Master KEK. |
|
|
Length of Master KEK in bytes. The default value is |
|
|
Set CKF_OS_LOCKING_OK flag when initializing the client library. The default value is |
|
|
Cryptoki Mechanism used to generate Master HMAC Key. The default value is |
|
|
Slot Id for the PKCS#11 token to be used. The default value is |
|
|
Enable Thales for PKCS11. The default value is |
|
| (DEPRECATED) Use BarbicanPkcs11CryptoTokenLabels instead. |
|
| List of comma separated labels for the tokens to be used. This is typically a single label, but some devices may require more than one label for Load Balancing and High Availability configurations. |
|
| Serial number for PKCS#11 token to be used. |
|
|
Whether this plugin is the global default plugin. The default value is |
|
| KEK used to encrypt secrets. |
|
|
Set the number of workers for barbican::wsgi::apache. The default value is |
|
|
Specifies the private key size used when creating the certificate. The default value is |
|
| (Optional) When set OpenStack Key Manager (barbican) nodes will be registered with the HSMs using the IP from this network instead of the FQDN. |
|
| Hash of lunasa-hsm role variables used to install Lunasa client software. |
|
|
Use the advanced (eventlet safe) memcached client pool. The default value is |
|
|
Driver or drivers to handle sending notifications. The default value is |
|
|
The network that the HSM is listening on. The default value is |
|
| Hash of thales-hsm role variables used to install Thales client software. |
