37 lines
1.2 KiB
YAML
37 lines
1.2 KiB
YAML
options:
|
|
require-hsm-plugin:
|
|
default: False
|
|
type: boolean
|
|
description: |
|
|
If True (the default) then the barbcian-worker process won't be fully
|
|
functional until an HSM is associated with the charm. The charm will
|
|
remain in the blocked state until an HSM is available.
|
|
label-mkek:
|
|
default: primarymkek
|
|
type: string
|
|
description: |
|
|
This is the label for the primary MKEK (Master Key Encryption Key) stored
|
|
in the HSM that is used by Barbican to wrap other encryption keys that
|
|
are provided to projects.
|
|
|
|
Note the assocated action 'generate-mkek' is used to create an MKEK when
|
|
initialising a system.
|
|
mkek-key-length:
|
|
default: 32
|
|
type: int
|
|
description: The length for generating an MKEK
|
|
label-hmac:
|
|
default: primaryhmac
|
|
type: string
|
|
description: |
|
|
This is the label for the primary HMAC (keyed-hash message authentication
|
|
code) stored in the HSM that is used by Barbican to wrap other HMACs that
|
|
are provided to projects.
|
|
|
|
Note the assocated action 'generate-hmac' is used to create an HMAC when
|
|
initialising a system.
|
|
hmac-key-length:
|
|
default: 32
|
|
type: int
|
|
description: The length for generating an HMAC
|