73 lines
2.1 KiB
Plaintext
73 lines
2.1 KiB
Plaintext
[DEFAULT]
|
|
debug = {{ options.debug }}
|
|
bind_host = {{ options.service_listen_info.barbican_worker.ip }}
|
|
bind_port = {{ options.service_listen_info.barbican_worker.port }}
|
|
host_href = {{ options.external_endpoints.barbican_worker.url }}
|
|
|
|
{% include "parts/section-transport-url" %}
|
|
|
|
{% include "parts/database" %}
|
|
|
|
{% include "parts/section-keystone-authtoken" %}
|
|
|
|
{% include "parts/section-oslo-messaging-rabbit" %}
|
|
|
|
{% include "parts/section-oslo-middleware" %}
|
|
|
|
[secretstore]
|
|
namespace = barbican.secretstore.plugin
|
|
{% if secrets and secrets.plugins_string -%}
|
|
enabled_secretstore_plugins = {{ secrets.plugins_string }}
|
|
{% else %}
|
|
enabled_secretstore_plugins = store_crypto
|
|
{%- endif %}
|
|
|
|
{% if secrets -%}
|
|
{% for plugin in secrets.plugins -%}
|
|
[{{ plugin.name }}_plugin]
|
|
{% for key, value in plugin.data.items() -%}
|
|
{{ key }} = {{ value }}
|
|
{% endfor %}
|
|
{% endfor %}
|
|
{%- endif %}
|
|
|
|
[crypto]
|
|
namespace = barbican.crypto.plugin
|
|
{% if hsm -%}
|
|
enabled_crypto_plugins = p11_crypto
|
|
{% else -%}
|
|
enabled_crypto_plugins = simple_crypto
|
|
{%- endif %}
|
|
|
|
[simple_crypto_plugin]
|
|
# the kek should be a 32-byte value which is base64 encoded
|
|
kek = 'YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY='
|
|
|
|
{% if hsm -%}
|
|
[p11_crypto_plugin]
|
|
# Path to vendor PKCS11 library
|
|
library_path = '{{ hsm.library_path }}'
|
|
# Password to login to PKCS11 session
|
|
login = '{{ hsm.login }}'
|
|
# Label to identify master KEK in the HSM (must not be the same as HMAC label)
|
|
mkek_label = '{{ options.label_mkek }}'
|
|
# Length in bytes of master KEK
|
|
mkek_length = {{ options.mkek_key_length }}
|
|
# Label to identify HMAC key in the HSM (must not be the same as MKEK label)
|
|
hmac_label = '{{ options.label_hmac }}'
|
|
# HSM Slot id (Should correspond to a configured PKCS11 slot). Default: 1
|
|
slot_id = {{ hsm.slot_id }}
|
|
# Enable Read/Write session with the HSM?
|
|
# rw_session = True
|
|
# Length of Project KEKs to create
|
|
# pkek_length = 32
|
|
# How long to cache unwrapped Project KEKs
|
|
# pkek_cache_ttl = 900
|
|
# Max number of items in pkek cache
|
|
# pkek_cache_limit = 100
|
|
# Seedfile to generate random data from.
|
|
seed_file = '/dev/urandom'
|
|
# Seed length to read the random data for seeding the RNG
|
|
seed_length = 32
|
|
{%- endif %}
|