97fa818412
Currently, this charm sets the host_href config option with the
admin endpoint. This patch adds a config option to allow it to be
configured to use the public endpoint, so that the secrets could
be accessible through this endpoint.
Closes-bug: #1642769
Change-Id: Ice7131459753f15e1184c687a24301689df338e2
(cherry picked from commit c3bb1bb650
)
49 lines
1.5 KiB
YAML
49 lines
1.5 KiB
YAML
options:
|
|
require-hsm-plugin:
|
|
default: False
|
|
type: boolean
|
|
description: |
|
|
If True (the default) then the barbcian-worker process won't be fully
|
|
functional until an HSM is associated with the charm. The charm will
|
|
remain in the blocked state until an HSM is available.
|
|
label-mkek:
|
|
default: primarymkek
|
|
type: string
|
|
description: |
|
|
This is the label for the primary MKEK (Master Key Encryption Key) stored
|
|
in the HSM that is used by Barbican to wrap other encryption keys that
|
|
are provided to projects.
|
|
|
|
Note the assocated action 'generate-mkek' is used to create an MKEK when
|
|
initialising a system.
|
|
mkek-key-length:
|
|
default: 32
|
|
type: int
|
|
description: The length for generating an MKEK
|
|
label-hmac:
|
|
default: primaryhmac
|
|
type: string
|
|
description: |
|
|
This is the label for the primary HMAC (keyed-hash message authentication
|
|
code) stored in the HSM that is used by Barbican to wrap other HMACs that
|
|
are provided to projects.
|
|
|
|
Note the assocated action 'generate-hmac' is used to create an HMAC when
|
|
initialising a system.
|
|
hmac-key-length:
|
|
default: 32
|
|
type: int
|
|
description: The length for generating an HMAC
|
|
max-allowed-secret-size:
|
|
default: 20000
|
|
type: int
|
|
description: |
|
|
Maximum allowed secret size in bytes.
|
|
max-allowed-request-size:
|
|
default: 25000
|
|
type: int
|
|
description: |
|
|
Maximum allowed http request size against the barbican-api.
|
|
use-internal-endpoints:
|
|
default: True
|