@ -27,6 +27,11 @@
# (optional) Label to identify PKCS#11 token
# Defaults to $::os_service_default
#
# [*p11_crypto_plugin_token_labels*]
# (optional) List of comma-separated labels to identify
# PKCS#11 tokens to be used.
# Defaults to $::os_service_default
#
# [*p11_crypto_plugin_slot_id*]
# (optional) HSM Slot id
# Defaults to $::os_service_default
@ -51,6 +56,11 @@
# which is not standard but is required for some HSMs.
# Defaults to $::os_service_default
#
# [*p11_crypto_plugin_os_locking_ok*]
# (optional) Enable CKF_OS_LOCKING_OK flag when initializing
# the PKCS#11 client library.
# Defaults to $::os_service_default
#
# [*global_default*]
# (optional) set plugin as global default
# Defaults to false
@ -63,11 +73,13 @@ class barbican::plugins::p11_crypto (
$p11_crypto_plugin_hmac_label,
$p11_crypto_plugin_token_serial_number = $::os_service_default,
$p11_crypto_plugin_token_label = $::os_service_default,
$p11_crypto_plugin_token_labels = $::os_service_default,
$p11_crypto_plugin_slot_id = $::os_service_default,
$p11_crypto_plugin_encryption_mechanism = $::os_service_default,
$p11_crypto_plugin_hmac_key_type = $::os_service_default,
$p11_crypto_plugin_hmac_keygen_mechanism = $::os_service_default,
$p11_crypto_plugin_aes_gcm_generate_iv = $::os_service_default,
$p11_crypto_plugin_os_locking_ok = $::os_service_default,
$global_default = false ,
) {
@ -81,11 +93,13 @@ class barbican::plugins::p11_crypto (
'p11_crypto_plugin/hmac_label' : value => $p11_crypto_plugin_hmac_label;
'p11_crypto_plugin/token_serial_number' : value => $p11_crypto_plugin_token_serial_number;
'p11_crypto_plugin/token_label' : value => $p11_crypto_plugin_token_label;
'p11_crypto_plugin/token_labels' : value => $p11_crypto_plugin_token_labels;
'p11_crypto_plugin/slot_id' : value => $p11_crypto_plugin_slot_id;
'p11_crypto_plugin/encryption_mechanism' : value => $p11_crypto_plugin_encryption_mechanism;
'p11_crypto_plugin/hmac_key_type' : value => $p11_crypto_plugin_hmac_key_type;
'p11_crypto_plugin/hmac_keygen_mechanism' : value => $p11_crypto_plugin_hmac_keygen_mechanism;
'p11_crypto_plugin/aes_gcm_generate_iv' : value => $p11_crypto_plugin_aes_gcm_generate_iv;
'p11_crypto_plugin/os_locking_ok' : value => $p11_crypto_plugin_os_locking_ok;
}
barbican_config {