heat_template_version: rocky description: > Barbican API PKCS#11 crypto backend configured with Puppet parameters: # Required default parameters ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json DefaultPasswords: default: {} type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json BarbicanPkcs11CryptoLibraryPath: description: Path to vendor PKCS11 library type: string BarbicanPkcs11CryptoLogin: description: Password to login to PKCS11 session type: string hidden: true BarbicanPkcs11CryptoMKEKLabel: description: Label for Master KEK type: string BarbicanPkcs11CryptoMKEKLength: description: Length of Master KEK in bytes type: number BarbicanPkcs11CryptoHMACLabel: description: Label for the HMAC key type: string BarbicanPkcs11CryptoSlotId: description: Slot Id for the HSM type: number BarbicanPkcs11CryptoGlobalDefault: description: Whether this plugin is the global default plugin type: boolean default: false outputs: role_data: description: Role data for the Barbican PKCS#11 backend. value: service_name: barbican_backend_pkcs11_crypto config_settings: barbican::plugins::p11_crypto::p11_crypto_plugin_library_path {get_param: BarbicanPkcs11CryptoLibraryPath} barbican::plugins::p11_crypto::p11_crypto_plugin_login {get_param: BarbicanPkcs11CryptoLogin} barbican::plugins::p11_crypto::p11_crypto_plugin_mkek_label: {get_param: BarbicanPkcs11CryptoMKEKLabel} barbican::plugins::p11_crypto::p11_crypto_plugin_mkek_length: {get_param: BarbicanPkcs11CryptoMKEKLength} barbican::plugins::p11_crypto::p11_crypto_plugin_hmac_label: {get_param: BarbicanPkcs11CryptoHMACLabel} barbican::plugins::p11_crypto::p11_crypto_plugin_slot_id: {get_param: BarbicanPkcs11CryptoSlotId} barbican::plugins::p11_crypto::global_default: {get_param: BarbicanPkcs11CryptoGlobalDefault}