thalesgroup.ciphertrust.cckm_aws_custom_keystore module – CCKM module for AWS Custom Key Store
Note
This module is part of the thalesgroup.ciphertrust collection (version 1.0.0).
To install it, use: ansible-galaxy collection install thalesgroup.ciphertrust
.
To use it in a playbook, specify: thalesgroup.ciphertrust.cckm_aws_custom_keystore
.
New in thalesgroup.ciphertrust 1.0.0
Synopsis
This is a Thales CipherTrust Manager module for working with the CipherTrust Manager APIs, more specifically with CCKM for AWS Custom Key Store
Parameters
Parameter |
Comments |
---|---|
Parameters related to AWS interaction with a custom key store |
|
AWS Custom Key Store ID |
|
AWS Custom Key Store Key ID |
|
AWS key parameters. |
|
Operation that can be performed on a Custom Key Store Choices:
|
|
Mouse over a property in the schema to view its details. Choices:
|
|
AWS accounts that can use this key. External accounts are mutually exclusive to policy and policy template. If no policy parameters are specified, the default policy is used. |
|
HYOK Key ID |
|
Operation that can be performed on an HYOK Key Choices:
|
|
Synchronization Job ID |
|
IAM users who can administer this key using the KMS API. Key admins are mutually exclusive to policy and policy template. If no policy parameters are specified, the default policy is used. |
|
IAM roles that can administer this key using the KMS API. Key admins are mutually exclusive to policy and policy template. If no policy parameters are specified, the default policy is used. |
|
The password of the kmsuser crypto user (CU) account configured in the specified CloudHSM cluster. This parameter does not change the password in CloudHSM cluster. User needs to configure the credentials on CloudHSM cluster separately. Required field for custom key store of type AWS_CLOUDHSM. Omit for External Key Stores. |
|
IAM users who can use the KMS key in cryptographic operations. Key users are mutually exclusive to policy and policy template. If no policy parameters are specified, the default policy is used. |
|
IAM roles that can use the KMS key in cryptographic operations. Key users are mutually exclusive to policy and policy template. If no policy parameters are specified, the default policy is used. |
|
Name or ID of the AWS Account container in which to create the key store. |
|
Name or ID of KMS resource from which the AWS custom key stores will be synchronized. synchronize_all and kms, regions are mutually exclusive. Specify either synchronize_all or kms and regions. |
|
Indicates whether the custom key store is linked with AWS. Applicable to a custom key store of type EXTERNAL_KEY_STORE. Default value is false. When false, creating a custom key store in the CCKM does not trigger the AWS KMS to create a new key store. Also, the new custom key store will not synchronize with any key stores within the AWS KMS until the new key store is linked. Choices:
|
|
Parameters for a custom key store that is locally hosted |
|
this holds the connection parameters required to communicate with an instance of CipherTrust Manager (CM) holds IP/FQDN of the server, username, password, and port |
|
admin password of CM |
|
CM Server IP or FQDN |
|
Port on which CM server is listening Default: |
|
internal or private IP of the CM Server, if different from the server_ip |
|
admin username of CM |
|
if SSL verification is required Choices:
|
|
Unique name for the custom key store |
|
Operation to be performed Choices:
|
|
ID of the policy template to apply. Policy template is mutually exclusive to all other policy parameters. If no policy parameters are specified, the default policy is used. |
|
Name of the available AWS regions |
|
Regions from which the AWS custom key stores will be synchronized. If not specified, custom key stores from all regions are synchronized. synchronize_all and kms, regions are mutually exclusive. Specify either synchronize_all or kms and regions. |
|
The unique id of the source key (Luna HSM key) for the first version of the virtual key. |
|
Set true to synchronize all custom key stores from all kms and regions. synchronize_all and kms, regions are mutually exclusive. Specify either synchronize_all or kms and regions. Choices:
|
|
Virtual Key ID |
Examples
- name: "Create AWS CKS"
thalesgroup.ciphertrust.cckm_aws_custom_keystore:
localNode:
server_ip: "IP/FQDN of CipherTrust Manager"
server_private_ip: "Private IP in case that is different from above"
server_port: 5432
user: "CipherTrust Manager Username"
password: "CipherTrust Manager Password"
verify: false
op_type: create