charm-barbican/src/config.yaml
tpsilva 97fa818412 Add use-public-endpoint config option
Currently, this charm sets the host_href config option with the
admin endpoint. This patch adds a config option to allow it to be
configured to use the public endpoint, so that the secrets could
be accessible through this endpoint.

Closes-bug: #1642769
Change-Id: Ice7131459753f15e1184c687a24301689df338e2
(cherry picked from commit c3bb1bb650)
2022-07-01 19:40:12 +00:00

49 lines
1.5 KiB
YAML

options:
require-hsm-plugin:
default: False
type: boolean
description: |
If True (the default) then the barbcian-worker process won't be fully
functional until an HSM is associated with the charm. The charm will
remain in the blocked state until an HSM is available.
label-mkek:
default: primarymkek
type: string
description: |
This is the label for the primary MKEK (Master Key Encryption Key) stored
in the HSM that is used by Barbican to wrap other encryption keys that
are provided to projects.
Note the assocated action 'generate-mkek' is used to create an MKEK when
initialising a system.
mkek-key-length:
default: 32
type: int
description: The length for generating an MKEK
label-hmac:
default: primaryhmac
type: string
description: |
This is the label for the primary HMAC (keyed-hash message authentication
code) stored in the HSM that is used by Barbican to wrap other HMACs that
are provided to projects.
Note the assocated action 'generate-hmac' is used to create an HMAC when
initialising a system.
hmac-key-length:
default: 32
type: int
description: The length for generating an HMAC
max-allowed-secret-size:
default: 20000
type: int
description: |
Maximum allowed secret size in bytes.
max-allowed-request-size:
default: 25000
type: int
description: |
Maximum allowed http request size against the barbican-api.
use-internal-endpoints:
default: True