charm-barbican/src/actions.yaml
Alex Kavanagh 6d0248e9d9 Add barbican-hsm-plugin interface support
The barbican-hsm-plugin interface provides a mechanism for the Barbican
charm to communicate with an HSM plugin.  The plugin (from the Barbican
perspective) is provided as a PKCS#11 compliant library (.so) and so is
local to the Barbican installation.  Thus, the hsm-plugin charms are
subordinate to the Barbican charm and run on the same unit.

This change also provides two actions (generate-mkek and generate-hmac)
which are 'one-off' operations to initialise the HSM with the global
master keys.

Add a note to the README that the generate-mkek and generate-hmac
actions may only be done once as the HSM may reject overwriting the key.

Add Apache2.0 LICENSE and license headers to files
Removed redundant copyright file

Change the reference for the internal port to 9311 The barbican project
changed the INTERNAL port to the same as the PUBLIC port.

Add in seed_file and seed_length to template. These are needed for a
change in Barbican to support seeding the RNG in the HSM if required.
They are set to /dev/random and 32.

Fetch the barbican sources from a PPA (for bug: 1599550)

Remove the trusty support for Py3 from install hook
2016-07-12 12:35:51 +00:00

9 lines
240 B
YAML

generate-mkek:
description: |
Generate an MKEK in the associated HSM (via the barbican-hsm-plugin
interface).
generate-hmac:
description: |
Generate an HMAC in the associated HSM (via the barbican-hsm-plugin
interface).