632 lines
27 KiB
Plaintext
632 lines
27 KiB
Plaintext
# Andi Chandler <andi@gowling.com>, 2017. #zanata
|
|
# Andi Chandler <andi@gowling.com>, 2018. #zanata
|
|
# Andi Chandler <andi@gowling.com>, 2019. #zanata
|
|
# Andi Chandler <andi@gowling.com>, 2020. #zanata
|
|
# Andi Chandler <andi@gowling.com>, 2021. #zanata
|
|
msgid ""
|
|
msgstr ""
|
|
"Project-Id-Version: Barbican Release Notes\n"
|
|
"Report-Msgid-Bugs-To: \n"
|
|
"POT-Creation-Date: 2021-04-26 11:38+0000\n"
|
|
"MIME-Version: 1.0\n"
|
|
"Content-Type: text/plain; charset=UTF-8\n"
|
|
"Content-Transfer-Encoding: 8bit\n"
|
|
"PO-Revision-Date: 2021-04-01 09:03+0000\n"
|
|
"Last-Translator: Andi Chandler <andi@gowling.com>\n"
|
|
"Language-Team: English (United Kingdom)\n"
|
|
"Language: en_GB\n"
|
|
"X-Generator: Zanata 4.3.3\n"
|
|
"Plural-Forms: nplurals=2; plural=(n != 1)\n"
|
|
|
|
msgid ""
|
|
"(For deployments overriding default policies) After upgrading, please review "
|
|
"Barbican policy files and ensure that you port any rules tied to `order:put` "
|
|
"are remapped to `orders:put`."
|
|
msgstr ""
|
|
"(For deployments overriding default policies) After upgrading, please review "
|
|
"Barbican policy files and ensure that you port any rules tied to `order:put` "
|
|
"are remapped to `orders:put`."
|
|
|
|
msgid "1.0.0-5"
|
|
msgstr "1.0.0-5"
|
|
|
|
msgid "10.0.0"
|
|
msgstr "10.0.0"
|
|
|
|
msgid "10.0.0-9"
|
|
msgstr "10.0.0-9"
|
|
|
|
msgid "11.0.0"
|
|
msgstr "11.0.0"
|
|
|
|
msgid "11.0.0-8"
|
|
msgstr "11.0.0-8"
|
|
|
|
msgid "2.0.0"
|
|
msgstr "2.0.0"
|
|
|
|
msgid "3.0.0"
|
|
msgstr "3.0.0"
|
|
|
|
msgid "4.0.0"
|
|
msgstr "4.0.0"
|
|
|
|
msgid "5.0.0"
|
|
msgstr "5.0.0"
|
|
|
|
msgid "6.0.0"
|
|
msgstr "6.0.0"
|
|
|
|
msgid "6.0.1-12"
|
|
msgstr "6.0.1-12"
|
|
|
|
msgid "7.0.0"
|
|
msgstr "7.0.0"
|
|
|
|
msgid "7.0.0-17"
|
|
msgstr "7.0.0-17"
|
|
|
|
msgid "8.0.0"
|
|
msgstr "8.0.0"
|
|
|
|
msgid "9.0.1-7"
|
|
msgstr "9.0.1-7"
|
|
|
|
msgid ""
|
|
"A new \"token_labels\" option has been added to the PKCS#11 driver which "
|
|
"supersedes the previous \"token_label\" option. The new option is used to "
|
|
"specify a list of tokens that can be used by Barbican. This is required for "
|
|
"some HSM devices that use separate tokens for load balancing. For most use "
|
|
"cases the new option will just have a single token. The old option is "
|
|
"deprecated, but will still be used if present."
|
|
msgstr ""
|
|
"A new \"token_labels\" option has been added to the PKCS#11 driver which "
|
|
"supersedes the previous \"token_label\" option. The new option is used to "
|
|
"specify a list of tokens that can be used by Barbican. This is required for "
|
|
"some HSM devices that use separate tokens for load balancing. For most use "
|
|
"cases the new option will just have a single token. The old option is "
|
|
"deprecated, but will still be used if present."
|
|
|
|
msgid ""
|
|
"Added a new boolean option to the PKCS#11 backend: `os_locking_ok`. When "
|
|
"set to True, the flag CKF_OS_LOCKING_OK will be passed to the C_Initialize "
|
|
"function. The new option defaults to False."
|
|
msgstr ""
|
|
"Added a new boolean option to the PKCS#11 backend: `os_locking_ok`. When "
|
|
"set to True, the flag CKF_OS_LOCKING_OK will be passed to the C_Initialize "
|
|
"function. The new option defaults to False."
|
|
|
|
msgid ""
|
|
"Added new options to the PKCS#11 Cryptographic Plugin configuration to "
|
|
"enable the use of different encryption and hmac mechanisms. Added support "
|
|
"for `CKM_AES_CBC` encryption in the PKCS#11 Cryptographic Plugin."
|
|
msgstr ""
|
|
"Added new options to the PKCS#11 Cryptographic Plugin configuration to "
|
|
"enable the use of different encryption and HMAC mechanisms. Added support "
|
|
"for `CKM_AES_CBC` encryption in the PKCS#11 Cryptographic Plugin."
|
|
|
|
msgid "Added new tool ``barbican-status upgrade check``."
|
|
msgstr "Added new tool ``barbican-status upgrade check``."
|
|
|
|
msgid ""
|
|
"Added two new subcommands to `barbican-manage hsm` that can query the HSM to "
|
|
"check if a MKEK or HMAC key with the given label already exists. See "
|
|
"`barbican-manage hsm check_mkek --help` and `barbican-manage hsm check_hmac "
|
|
"--help` for details."
|
|
msgstr ""
|
|
"Added two new subcommands to `barbican-manage hsm` that can query the HSM to "
|
|
"check if a MKEK or HMAC key with the given label already exists. See "
|
|
"`barbican-manage hsm check_mkek --help` and `barbican-manage hsm check_hmac "
|
|
"--help` for details."
|
|
|
|
msgid ""
|
|
"Added two options for the PKCS#11 Crypto Plugin: `[p11_crypto_plugin]/"
|
|
"token_serial_number` and `[p11_crypto_plugin]/token_label`. Both are "
|
|
"optional and can be used instead of `[p11_crypto_plugin]/slot_id` to "
|
|
"identify the Token to be used by the PKCS#11 plugin. When either one of the "
|
|
"new options is defined the plugin will search all slots on the PKCS#11 "
|
|
"device for a token that matches the given value. `token_serial_number` has "
|
|
"the highest precendence and other values will be ignored when this value is "
|
|
"set. If `token_serial_number` is not set, then `token_label` has the next "
|
|
"highest precedence and `slot_id` will be ignored. `slot_id` will be used "
|
|
"when neither one of the new options is set."
|
|
msgstr ""
|
|
"Added two options for the PKCS#11 Crypto Plugin: `[p11_crypto_plugin]/"
|
|
"token_serial_number` and `[p11_crypto_plugin]/token_label`. Both are "
|
|
"optional and can be used instead of `[p11_crypto_plugin]/slot_id` to "
|
|
"identify the Token to be used by the PKCS#11 plugin. When either one of the "
|
|
"new options is defined the plugin will search all slots on the PKCS#11 "
|
|
"device for a token that matches the given value. `token_serial_number` has "
|
|
"the highest precedence and other values will be ignored when this value is "
|
|
"set. If `token_serial_number` is not set, then `token_label` has the next "
|
|
"highest precedence and `slot_id` will be ignored. `slot_id` will be used "
|
|
"when neither one of the new options is set."
|
|
|
|
msgid "Barbican Release Notes"
|
|
msgstr "Barbican Release Notes"
|
|
|
|
msgid "Bug Fixes"
|
|
msgstr "Bug Fixes"
|
|
|
|
msgid ""
|
|
"By default barbican checks only the algorithm and the bit_length when "
|
|
"creating a new secret. The xts-mode cuts the key in half for aes, so for "
|
|
"using aes-256 with xts, you have to use a 512 bit key, but barbican allows "
|
|
"only a maximum of 256 bit. A check for the mode within the "
|
|
"_is_algorithm_supported method of the class SimpleCryptoPlugin was added to "
|
|
"allow 512 bit keys for aes-xts in this plugin."
|
|
msgstr ""
|
|
"By default Barbican checks only the algorithm and the bit_length when "
|
|
"creating a new secret. The xts-mode cuts the key in half for AES, so for "
|
|
"using AES-256 with xts, you have to use a 512 bit key, but barbican allows "
|
|
"only a maximum of 256 bit. A check for the mode within the "
|
|
"_is_algorithm_supported method of the class SimpleCryptoPlugin was added to "
|
|
"allow 512 bit keys for AES-XTS in this plugin."
|
|
|
|
msgid "CAs"
|
|
msgstr "CAs"
|
|
|
|
msgid "Certificate Orders"
|
|
msgstr "Certificate Orders"
|
|
|
|
msgid "Contents:"
|
|
msgstr "Contents:"
|
|
|
|
msgid "Critical Issues"
|
|
msgstr "Critical Issues"
|
|
|
|
msgid "Current Series Release Notes"
|
|
msgstr "Current Series Release Notes"
|
|
|
|
msgid ""
|
|
"Default for auto_db_create has been changed to False (was True). This is a "
|
|
"change compared to the previous behavior, but required to protect production "
|
|
"deployments from performing upgrades without control. If you wish to keep "
|
|
"the auto db creation/upgrade behavior, change this to True in your "
|
|
"configuration."
|
|
msgstr ""
|
|
"Default for auto_db_create has been changed to False (was True). This is a "
|
|
"change compared to the previous behaviour, but required to protect "
|
|
"production deployments from performing upgrades without control. If you wish "
|
|
"to keep the auto db creation/upgrade behaviour, change this to True in your "
|
|
"configuration."
|
|
|
|
msgid ""
|
|
"Deprecated the `generate_iv` option name. It has been renamed to "
|
|
"`aes_gcm_generate_iv` to reflect the fact that it only applies to the "
|
|
"CKM_AES_GCM mechanism."
|
|
msgstr ""
|
|
"Deprecated the `generate_iv` option name. It has been renamed to "
|
|
"`aes_gcm_generate_iv` to reflect the fact that it only applies to the "
|
|
"CKM_AES_GCM mechanism."
|
|
|
|
msgid ""
|
|
"Deprecated the `p11_crypto_plugin:algoritm` option. Users should update "
|
|
"their configuration to use `p11_crypto_plugin:encryption_mechanism` instead."
|
|
msgstr ""
|
|
"Deprecated the `p11_crypto_plugin:algoritm` option. Users should update "
|
|
"their configuration to use `p11_crypto_plugin:encryption_mechanism` instead."
|
|
|
|
msgid "Deprecation Notes"
|
|
msgstr "Deprecation Notes"
|
|
|
|
msgid "Fixed Story # 2007732: Migrations broken on MySQL 8.x."
|
|
msgstr "Fixed Story # 2007732: Migrations broken on MySQL 8.x."
|
|
|
|
msgid ""
|
|
"Fixed Story #2004734: Added a new option `always_set_cka_sensitive` to fix "
|
|
"a regression that affected Safenet HSMs. The option defaults to `True` as "
|
|
"required by Safenet HSMs. Other HSMs may require it be set to `False`."
|
|
msgstr ""
|
|
"Fixed Story #2004734: Added a new option `always_set_cka_sensitive` to fix "
|
|
"a regression that affected Safenet HSMs. The option defaults to `True` as "
|
|
"required by Safenet HSMs. Other HSMs may require it be set to `False`."
|
|
|
|
msgid ""
|
|
"Fixed Story #2004734: Added a new option 'hmac_keywrap_mechanism' to make "
|
|
"the mechanism used to calculate a HMAC from an wrapped PKEK configurable. "
|
|
"This was introduced because of an problem with Utimaco HSMs which throw an "
|
|
"'CKR_MECHANISM_INVALID' error, e.g. when a new PKEK is generated. For "
|
|
"Utimaco HSMs, 'hmac_keywrap_mechanism' should be set to 'CKM_AES_MAC' in "
|
|
"barbican.conf."
|
|
msgstr ""
|
|
"Fixed Story #2004734: Added a new option 'hmac_keywrap_mechanism' to make "
|
|
"the mechanism used to calculate a HMAC from an wrapped PKEK configurable. "
|
|
"This was introduced because of an problem with Utimaco HSMs which throw an "
|
|
"'CKR_MECHANISM_INVALID' error, e.g. when a new PKEK is generated. For "
|
|
"Utimaco HSMs, 'hmac_keywrap_mechanism' should be set to 'CKM_AES_MAC' in "
|
|
"barbican.conf."
|
|
|
|
msgid ""
|
|
"Fixed Story #2006978: An admin user now can delete other users secrets by "
|
|
"adjust the policy file."
|
|
msgstr ""
|
|
"Fixed Story #2006978: An admin user now can delete other users secrets by "
|
|
"adjust the policy file."
|
|
|
|
msgid ""
|
|
"Fixed Story #2008649: Correctly reinitialize PKCS11 object after secondary "
|
|
"failures."
|
|
msgstr ""
|
|
"Fixed Story #2008649: Correctly reinitialise PKCS11 object after secondary "
|
|
"failures."
|
|
|
|
msgid ""
|
|
"Fixed the response code for invalid subroutes for individual secrets. The "
|
|
"API was previously responding with the incorrect code \"406 - Method not "
|
|
"allowed\", but now responds correctly with \"404 - Not Found\"."
|
|
msgstr ""
|
|
"Fixed the response code for invalid subroutes for individual secrets. The "
|
|
"API was previously responding with the incorrect code \"406 - Method not "
|
|
"allowed\", but now responds correctly with \"404 - Not Found\"."
|
|
|
|
msgid ""
|
|
"If you are upgrading from previous version of barbican that uses the PKCS#11 "
|
|
"Cryptographic Plugin driver, you will need to run the migration script"
|
|
msgstr ""
|
|
"If you are upgrading from previous version of barbican that uses the PKCS#11 "
|
|
"Cryptographic Plugin driver, you will need to run the migration script"
|
|
|
|
msgid ""
|
|
"It is now possible for barbican-keystone-listener to listen on the same "
|
|
"standard notification topic without interfering with other services by using "
|
|
"the notification listener pools feature of oslo.messaging. To use it, set "
|
|
"the new ``[keystone_notifications]pool_name`` option to some unique value "
|
|
"(but the same for all instances of barbican-keystone-listener service). This "
|
|
"feature is available only for those messaging transports of oslo.messaging "
|
|
"that support it. At the moment those are rabbitmq and kafka. For more "
|
|
"details see `oslo.messagind docs <https://docs.openstack.org/oslo.messaging/"
|
|
"latest/reference/notification_listener.html>`_"
|
|
msgstr ""
|
|
"It is now possible for barbican-keystone-listener to listen on the same "
|
|
"standard notification topic without interfering with other services by using "
|
|
"the notification listener pools feature of oslo.messaging. To use it, set "
|
|
"the new ``[keystone_notifications]pool_name`` option to some unique value "
|
|
"(but the same for all instances of barbican-keystone-listener service). This "
|
|
"feature is available only for those messaging transports of oslo.messaging "
|
|
"that support it. At the moment those are RabbitMQ and Kafka. For more "
|
|
"details see `oslo.messagind docs <https://docs.openstack.org/oslo.messaging/"
|
|
"latest/reference/notification_listener.html>`_"
|
|
|
|
msgid "Known Issues"
|
|
msgstr "Known Issues"
|
|
|
|
msgid "Liberty Series Release Notes"
|
|
msgstr "Liberty Series Release Notes"
|
|
|
|
msgid ""
|
|
"Maintain the policy rules in code and add an oslo.policy CLI script in tox "
|
|
"to generate policy sample file. The script can be called like \"oslopolicy-"
|
|
"sample-generator --config-file=etc/oslo-config-generator/policy.conf\" and "
|
|
"will generate a policy.yaml.sample file with the effective policy."
|
|
msgstr ""
|
|
"Maintain the policy rules in code and add an oslo.policy CLI script in tox "
|
|
"to generate policy sample file. The script can be called like \"oslopolicy-"
|
|
"sample-generator --config-file=etc/oslo-config-generator/policy.conf\" and "
|
|
"will generate a policy.yaml.sample file with the effective policy."
|
|
|
|
msgid "Mitaka Series Release Notes"
|
|
msgstr "Mitaka Series Release Notes"
|
|
|
|
msgid "New Features"
|
|
msgstr "New Features"
|
|
|
|
msgid ""
|
|
"New feature to support multiple secret store plugin backends. This feature "
|
|
"is not enabled by default. To use this feature, the relevant feature flag "
|
|
"needs to be enabled and supporting configuration needs to be added in the "
|
|
"service configuration. Once enabled, a project adminstrator will be able to "
|
|
"specify one of the available secret store backends as a preferred secret "
|
|
"store for their project secrets. This secret store preference applies only "
|
|
"to new secrets (key material) created or stored within that project. "
|
|
"Existing secrets are not impacted. See http://docs.openstack.org/developer/"
|
|
"barbican/setup/plugin_backends.html for instructions on how to setup "
|
|
"Barbican multiple backends, and the API documentation for further details."
|
|
msgstr ""
|
|
"New feature to support multiple secret store plugin backends. This feature "
|
|
"is not enabled by default. To use this feature, the relevant feature flag "
|
|
"needs to be enabled and supporting configuration needs to be added in the "
|
|
"service configuration. Once enabled, a project administrator will be able to "
|
|
"specify one of the available secret store backends as a preferred secret "
|
|
"store for their project secrets. This secret store preference applies only "
|
|
"to new secrets (key material) created or stored within that project. "
|
|
"Existing secrets are not impacted. See http://docs.openstack.org/developer/"
|
|
"barbican/setup/plugin_backends.html for instructions on how to setup "
|
|
"Barbican multiple backends, and the API documentation for further details."
|
|
|
|
msgid ""
|
|
"New framework for ``barbican-status upgrade check`` command is added. This "
|
|
"framework allows adding various checks which can be run before a Barbican "
|
|
"upgrade to ensure if the upgrade can be performed safely."
|
|
msgstr ""
|
|
"New framework for ``barbican-status upgrade check`` command is added. This "
|
|
"framework allows adding various checks which can be run before a Barbican "
|
|
"upgrade to ensure if the upgrade can be performed safely."
|
|
|
|
msgid "Newton Series Release Notes"
|
|
msgstr "Newton Series Release Notes"
|
|
|
|
msgid ""
|
|
"Now within a single deployment, multiple secret store plugin backends can be "
|
|
"configured and used. With this change, a project adminstrator can pre-define "
|
|
"a preferred plugin backend for storing their secrets. New APIs are added to "
|
|
"manage this project level secret store preference."
|
|
msgstr ""
|
|
"Now within a single deployment, multiple secret store plugin backends can be "
|
|
"configured and used. With this change, a project administrator can pre-"
|
|
"define a preferred plugin backend for storing their secrets. New APIs are "
|
|
"added to manage this project level secret store preference."
|
|
|
|
msgid "Ocata Series Release Notes"
|
|
msgstr "Ocata Series Release Notes"
|
|
|
|
msgid ""
|
|
"Operator can now use new CLI tool ``barbican-status upgrade check`` to check "
|
|
"if Barbican deployment can be safely upgraded from N-1 to N release."
|
|
msgstr ""
|
|
"Operator can now use new CLI tool ``barbican-status upgrade check`` to check "
|
|
"if Barbican deployment can be safely upgraded from N-1 to N release."
|
|
|
|
msgid "Other Notes"
|
|
msgstr "Other Notes"
|
|
|
|
msgid "Pike Series Release Notes"
|
|
msgstr "Pike Series Release Notes"
|
|
|
|
msgid ""
|
|
"Port existing policy RuleDefault objects to the newer, more verbose "
|
|
"DocumentedRuleDefaults."
|
|
msgstr ""
|
|
"Port existing policy RuleDefault objects to the newer, more verbose "
|
|
"DocumentedRuleDefaults."
|
|
|
|
msgid "Prelude"
|
|
msgstr "Prelude"
|
|
|
|
msgid ""
|
|
"Python 2.7 support has been dropped. Last release of Barbican to support "
|
|
"python 2.7 is OpenStack Train. The minimum version of Python now supported "
|
|
"by Barbican is Python 3.6."
|
|
msgstr ""
|
|
"Python 2.7 support has been dropped. Last release of Barbican to support "
|
|
"python 2.7 is OpenStack Train. The minimum version of Python now supported "
|
|
"by Barbican is Python 3.6."
|
|
|
|
msgid "Queens Series Release Notes"
|
|
msgstr "Queens Series Release Notes"
|
|
|
|
msgid ""
|
|
"Remap the `order:put` to `orders:put` to align with language in the orders "
|
|
"controller."
|
|
msgstr ""
|
|
"Remap the `order:put` to `orders:put` to align with language in the orders "
|
|
"controller."
|
|
|
|
msgid ""
|
|
"Removed application/pkix media type because Barbican will not be using media "
|
|
"types for format conversion."
|
|
msgstr ""
|
|
"Removed application/pkix media type because Barbican will not be using media "
|
|
"types for format conversion."
|
|
|
|
msgid "Rocky Series Release Notes"
|
|
msgstr "Rocky Series Release Notes"
|
|
|
|
msgid "Start using reno to manage release notes."
|
|
msgstr "Start using reno to manage release notes."
|
|
|
|
msgid "Stein Series Release Notes"
|
|
msgstr "Stein Series Release Notes"
|
|
|
|
msgid ""
|
|
"The \"token_label\" option in the PKCS#11 driver is deprecated. Th new "
|
|
"\"token_labels\" option should be used instead. If present, \"token_label\" "
|
|
"will still be used by appending it to \"token_labels\"."
|
|
msgstr ""
|
|
"The \"token_label\" option in the PKCS#11 driver is deprecated. Th new "
|
|
"\"token_labels\" option should be used instead. If present, \"token_label\" "
|
|
"will still be used by appending it to \"token_labels\"."
|
|
|
|
msgid ""
|
|
"The 'barbican-db-manage' script is deprecated. Use the new 'barbican-"
|
|
"manage' utility instead."
|
|
msgstr ""
|
|
"The 'barbican-db-manage' script is deprecated. Use the new 'barbican-"
|
|
"manage' utility instead."
|
|
|
|
msgid ""
|
|
"The 'barbican-manage' tool can be used to manage database schema changes as "
|
|
"well as provision and rotate keys in the HSM backend."
|
|
msgstr ""
|
|
"The 'barbican-manage' tool can be used to manage database schema changes as "
|
|
"well as provision and rotate keys in the HSM backend."
|
|
|
|
msgid ""
|
|
"The 'http_proxy_to_wsgi' middleware can be used to help barbican respond "
|
|
"with the correct URL refs when it's put behind a TLS proxy (such as "
|
|
"HAProxy). This middleware is disabled by default, but can be enabled via a "
|
|
"configuration option in the oslo_middleware group."
|
|
msgstr ""
|
|
"The 'http_proxy_to_wsgi' middleware can be used to help Barbican respond "
|
|
"with the correct URL refs when it's put behind a TLS proxy (such as "
|
|
"HAProxy). This middleware is disabled by default, but can be enabled via a "
|
|
"configuration option in the oslo_middleware group."
|
|
|
|
msgid ""
|
|
"The 'pkcs11-kek-rewrap' script is deprecated. Use the new 'barbican-manage' "
|
|
"utility instead."
|
|
msgstr ""
|
|
"The 'pkcs11-kek-rewrap' script is deprecated. Use the new 'barbican-manage' "
|
|
"utility instead."
|
|
|
|
msgid ""
|
|
"The 'pkcs11-key-generation' script is deprecated. Use the new 'barbican-"
|
|
"manage' utility instead."
|
|
msgstr ""
|
|
"The 'pkcs11-key-generation' script is deprecated. Use the new 'barbican-"
|
|
"manage' utility instead."
|
|
|
|
msgid ""
|
|
"The Metadata API requires an update to the Database Schema. Existing "
|
|
"deployments that are being upgraded to Mitaka should use the 'barbican-"
|
|
"manage' utility to update the schema."
|
|
msgstr ""
|
|
"The Metadata API requires an update to the Database Schema. Existing "
|
|
"deployments that are being upgraded to Mitaka should use the 'barbican-"
|
|
"manage' utility to update the schema."
|
|
|
|
msgid ""
|
|
"The Mitaka release includes a new API to add arbitrary user-defined metadata "
|
|
"to Secrets."
|
|
msgstr ""
|
|
"The Mitaka release includes a new API to add arbitrary user-defined metadata "
|
|
"to Secrets."
|
|
|
|
msgid ""
|
|
"The barbican-api-paste.ini configuration file for the paste pipeline was "
|
|
"updated to add the http_proxy_to_wsgi middleware."
|
|
msgstr ""
|
|
"The barbican-api-paste.ini configuration file for the paste pipeline was "
|
|
"updated to add the http_proxy_to_wsgi middleware."
|
|
|
|
msgid ""
|
|
"The hsm subcommand for the barbican-manage command line tool no longer "
|
|
"requires any parameters at run time. If any value used by the PKCS#11 value "
|
|
"is needed it will be taken from /etc/barbican/barbican.conf. You may "
|
|
"continue to specify any values on the command line, and those will take "
|
|
"precedence over the values specified in barbican.conf, so any existing "
|
|
"scripts that use barbican-manage should continue to work as expected."
|
|
msgstr ""
|
|
"The hsm subcommand for the barbican-manage command line tool no longer "
|
|
"requires any parameters at run time. If any value used by the PKCS#11 value "
|
|
"is needed it will be taken from /etc/barbican/barbican.conf. You may "
|
|
"continue to specify any values on the command line, and those will take "
|
|
"precedence over the values specified in barbican.conf, so any existing "
|
|
"scripts that use barbican-manage should continue to work as expected."
|
|
|
|
msgid ""
|
|
"The service will encounter errors if you attempt to run this new release "
|
|
"using data stored by a previous version of the PKCS#11 Cryptographic Plugin "
|
|
"that has not yet been migrated for this release. The logged errors will "
|
|
"look like"
|
|
msgstr ""
|
|
"The service will encounter errors if you attempt to run this new release "
|
|
"using data stored by a previous version of the PKCS#11 Cryptographic Plugin "
|
|
"that has not yet been migrated for this release. The logged errors will "
|
|
"look like"
|
|
|
|
msgid "This release adds http_proxy_to_wsgi middleware to the pipeline."
|
|
msgstr "This release adds http_proxy_to_wsgi middleware to the pipeline."
|
|
|
|
msgid ""
|
|
"This release includes a new command line utility 'barbican-manage' that "
|
|
"consolidates and supersedes the separate HSM and database management scripts."
|
|
msgstr ""
|
|
"This release includes a new command line utility 'barbican-manage' that "
|
|
"consolidates and supersedes the separate HSM and database management scripts."
|
|
|
|
msgid ""
|
|
"This release includes significant improvements to the performance of the "
|
|
"PKCS#11 Cryptographic Plugin driver. These changes will require a data "
|
|
"migration of any existing data stored by previous versions of the PKCS#11 "
|
|
"backend."
|
|
msgstr ""
|
|
"This release includes significant improvements to the performance of the "
|
|
"PKCS#11 Cryptographic Plugin driver. These changes will require a data "
|
|
"migration of any existing data stored by previous versions of the PKCS#11 "
|
|
"backend."
|
|
|
|
msgid ""
|
|
"This release notify that we will remove Certificate Orders and CAs from API."
|
|
msgstr ""
|
|
"This release notify that we will remove Certificate Orders and CAs from the "
|
|
"API."
|
|
|
|
msgid "Train Series Release Notes"
|
|
msgstr "Train Series Release Notes"
|
|
|
|
msgid "Upgrade Notes"
|
|
msgstr "Upgrade Notes"
|
|
|
|
msgid "Ussuri Series Release Notes"
|
|
msgstr "Ussuri Series Release Notes"
|
|
|
|
msgid "Victoria Series Release Notes"
|
|
msgstr "Victoria Series Release Notes"
|
|
|
|
msgid ""
|
|
"Why are we deprecating Certificate Issuance? There are a few reasons that "
|
|
"were considered for this decision. First, there does not seem to be a lot "
|
|
"of interest in the community to fully develop the Certificate Authority "
|
|
"integration with Barbican. We have a few outstanding blueprints that are "
|
|
"needed to make Certificate Issuance fully functional, but so far no one has "
|
|
"committed to getting the work done. Additionally, we've had very little buy-"
|
|
"in from public Certificate Authorities. Both Symantec and Digicert were "
|
|
"interested in integration in the past, but that interest didn't materialize "
|
|
"into robust CA plugins like we hoped it would. Secondly, there have been new "
|
|
"developments in the space of Certificate Authorities since we started "
|
|
"Barbican. The most significant of these was the launch of the Let's Encrypt "
|
|
"public CA along with the definition of the ACME protocol for certificate "
|
|
"issuance. We believe that future certificate authority services would do "
|
|
"good to implement the ACME standard, which is quite different than the API "
|
|
"the Barbican team had developed. Lastly, deprecating Certificate Issuance "
|
|
"within Barbican will simplify both the architecture and deployment of "
|
|
"Barbican. This will allow us to focus on the features that Barbican does "
|
|
"well -- the secure storage of secret material."
|
|
msgstr ""
|
|
"Why are we deprecating Certificate Issuance? There are a few reasons that "
|
|
"were considered for this decision. First, there does not seem to be a lot "
|
|
"of interest in the community to fully develop the Certificate Authority "
|
|
"integration with Barbican. We have a few outstanding blueprints that are "
|
|
"needed to make Certificate Issuance fully functional, but so far no one has "
|
|
"committed to getting the work done. Additionally, we've had very little buy-"
|
|
"in from public Certificate Authorities. Both Symantec and Digicert were "
|
|
"interested in integration in the past, but that interest didn't materialise "
|
|
"into robust CA plugins like we hoped it would. Secondly, there have been new "
|
|
"developments in the space of Certificate Authorities since we started "
|
|
"Barbican. The most significant of these was the launch of the Let's Encrypt "
|
|
"public CA along with the definition of the ACME protocol for certificate "
|
|
"issuance. We believe that future certificate authority services would do "
|
|
"good to implement the ACME standard, which is quite different than the API "
|
|
"the Barbican team had developed. Lastly, deprecating Certificate Issuance "
|
|
"within Barbican will simplify both the architecture and deployment of "
|
|
"Barbican. This will allow us to focus on the features that Barbican does "
|
|
"well -- the secure storage of secret material."
|
|
|
|
msgid ""
|
|
"Will Barbican still be able to store Certificates? Yes, absolutely! The "
|
|
"only thing we're deprecating is the plugin interface that talks to "
|
|
"Certificate Authorities and associated APIs. While you will not be able to "
|
|
"use Barbican to issue a new certificate, you will always be able to securely "
|
|
"store any certificates in Barbican, including those issued by public CAs or "
|
|
"internal CAs."
|
|
msgstr ""
|
|
"Will Barbican still be able to store Certificates? Yes, absolutely! The "
|
|
"only thing we're deprecating is the plugin interface that talks to "
|
|
"Certificate Authorities and associated APIs. While you will not be able to "
|
|
"use Barbican to issue a new certificate, you will always be able to securely "
|
|
"store any certificates in Barbican, including those issued by public CAs or "
|
|
"internal CAs."
|
|
|
|
msgid ""
|
|
"``'P11CryptoPluginException: HSM returned response code: 0xc0L "
|
|
"CKR_SIGNATURE_INVALID'``"
|
|
msgstr ""
|
|
"``'P11CryptoPluginException: HSM returned response code: 0xc0L "
|
|
"CKR_SIGNATURE_INVALID'``"
|
|
|
|
msgid "``python barbican/cmd/pkcs11_migrate_kek_signatures.py``"
|
|
msgstr "``python barbican/cmd/pkcs11_migrate_kek_signatures.py``"
|
|
|
|
msgid ""
|
|
"default value of 'control_exchange' in 'barbican.conf' has been changed to "
|
|
"'keystone'."
|
|
msgstr ""
|
|
"default value of 'control_exchange' in 'barbican.conf' has been changed to "
|
|
"'keystone'."
|
|
|
|
msgid ""
|
|
"oslo-config-generator is now used to generate a barbican.conf.sample file"
|
|
msgstr ""
|
|
"oslo-config-generator is now used to generate a barbican.conf.sample file"
|