51 lines
1.5 KiB
YAML
51 lines
1.5 KiB
YAML
options:
|
|
require-hsm-plugin:
|
|
default: False
|
|
type: boolean
|
|
description: |
|
|
If True then the barbcian-worker process won't be fully
|
|
functional until an HSM is associated with the charm. The charm will
|
|
remain in the blocked state until an HSM is available.
|
|
label-mkek:
|
|
default: primarymkek
|
|
type: string
|
|
description: |
|
|
This is the label for the primary MKEK (Master Key Encryption Key) stored
|
|
in the HSM that is used by Barbican to wrap other encryption keys that
|
|
are provided to projects.
|
|
|
|
Note the assocated action 'generate-mkek' is used to create an MKEK when
|
|
initialising a system.
|
|
mkek-key-length:
|
|
default: 32
|
|
type: int
|
|
description: The length for generating an MKEK
|
|
label-hmac:
|
|
default: primaryhmac
|
|
type: string
|
|
description: |
|
|
This is the label for the primary HMAC (keyed-hash message authentication
|
|
code) stored in the HSM that is used by Barbican to wrap other HMACs that
|
|
are provided to projects.
|
|
|
|
Note the assocated action 'generate-hmac' is used to create an HMAC when
|
|
initialising a system.
|
|
hmac-key-length:
|
|
default: 32
|
|
type: int
|
|
description: The length for generating an HMAC
|
|
max-allowed-secret-size:
|
|
default: 20000
|
|
type: int
|
|
description: |
|
|
Maximum allowed secret size in bytes.
|
|
max-allowed-request-size:
|
|
default: 25000
|
|
type: int
|
|
description: |
|
|
Maximum allowed http request size against the barbican-api.
|
|
openstack-origin:
|
|
default: zed
|
|
use-internal-endpoints:
|
|
default: True
|