thalesgroup.ciphertrust.dpg_protection_policy_save module – Manage DPG protection policies governing crypto operations
Note
This module is part of the thalesgroup.ciphertrust collection (version 1.0.2).
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install thalesgroup.ciphertrust.
To use it in a playbook, specify: thalesgroup.ciphertrust.dpg_protection_policy_save.
New in thalesgroup.ciphertrust 1.0.0
Synopsis
This is a Thales CipherTrust Manager module for working with the CipherTrust Manager APIs, more specifically with domains management API
Refer https://thalesdocs.com/ctp/con/dpg/latest/admin/index.html for API documentation
Parameters
Parameter |
Comments |
|---|---|
Name of access policy to be associated with the protection policy. |
|
Algorithm to be used during crypto operations |
|
If true, null or single-character inputs are passed untransformed. If false, row transformation fails Obsolete post CM v2.12 Choices:
|
|
ID of the Character Set |
|
If set to true, versioning is not maintained for the protection policies. The default value is false. Added in CM v2.12 Choices:
|
|
IV to be used during crypto operations |
|
Name of the key |
|
this holds the connection parameters required to communicate with an instance of CipherTrust Manager (CM) holds IP/FQDN of the server, username, password, and port |
|
user’s domain path |
|
admin password of CM |
|
CM Server IP or FQDN |
|
Port on which CM server is listening |
|
internal or private IP of the CM Server, if different from the server_ip |
|
admin username of CM |
|
if SSL verification is required Choices:
|
|
ID of the Static Masking Format |
|
Unique name for the protection policy |
|
Operation to be performed Choices:
|
|
Identifier of the protection policy to be patched |
|
Tweak data to be used during crypto operations |
|
Tweak algorithm to be used during crypto operations Choices:
|
|
If set to true, external versioning is enabled for the protection policy The version details are stored in a separate external parameter The default value is false Added in CM v2.12 Choices:
|
Examples
- name: "Create Protection Policy"
thalesgroup.ciphertrust.dpg_protection_policy_save:
localNode:
server_ip: "IP/FQDN of CipherTrust Manager"
server_private_ip: "Private IP in case that is different from above"
server_port: 5432
user: "CipherTrust Manager Username"
password: "CipherTrust Manager Password"
verify: false
auth_domain_path:
op_type: create
algorithm: "AES/CBC/PKCS5Padding"
key: <CM_KEY_ID>
name: DemoProtectionPolicy
character_set_id: <CHAR_SET_ID>
iv: 16
tweak: 1628462495815733
tweak_algorithm: SHA1
- name: "Patch Protection Policy"
thalesgroup.ciphertrust.dpg_protection_policy_save:
localNode:
server_ip: "IP/FQDN of CipherTrust Manager"
server_private_ip: "Private IP in case that is different from above"
server_port: 5432
user: "CipherTrust Manager Username"
password: "CipherTrust Manager Password"
verify: false
auth_domain_path:
op_type: patch
policy_name: DemoProtectionPolicy
tweak: 1628462495815733
tweak_algorithm: SHA256
- name: "Delete Protection Policy by name"
thalesgroup.ciphertrust.cm_resource_delete:
key: DemoProtectionPolicy
resource_type: "protection-policies"
localNode:
server_ip: "IP/FQDN of CipherTrust Manager"
server_private_ip: "Private IP in case that is different from above"
server_port: 5432
user: "CipherTrust Manager Username"
password: "CipherTrust Manager Password"
verify: false
auth_domain_path: