options: require-hsm-plugin: default: False type: boolean description: | If True (the default) then the barbcian-worker process won't be fully functional until an HSM is associated with the charm. The charm will remain in the blocked state until an HSM is available. label-mkek: default: primarymkek type: string description: | This is the label for the primary MKEK (Master Key Encryption Key) stored in the HSM that is used by Barbican to wrap other encryption keys that are provided to projects. Note the assocated action 'generate-mkek' is used to create an MKEK when initialising a system. mkek-key-length: default: 32 type: int description: The length for generating an MKEK label-hmac: default: primaryhmac type: string description: | This is the label for the primary HMAC (keyed-hash message authentication code) stored in the HSM that is used by Barbican to wrap other HMACs that are provided to projects. Note the assocated action 'generate-hmac' is used to create an HMAC when initialising a system. hmac-key-length: default: 32 type: int description: The length for generating an HMAC max-allowed-secret-size: default: 20000 type: int description: | Maximum allowed secret size in bytes. max-allowed-request-size: default: 25000 type: int description: | Maximum allowed http request size against the barbican-api. use-internal-endpoints: default: True