thalesgroup.ciphertrust.cckm_az_key module – CCKM module for Azure Keys
Note
This module is part of the thalesgroup.ciphertrust collection (version 1.0.0).
To install it, use: ansible-galaxy collection install thalesgroup.ciphertrust
.
To use it in a playbook, specify: thalesgroup.ciphertrust.cckm_az_key
.
New in thalesgroup.ciphertrust 1.0.0
Synopsis
This is a Thales CipherTrust Manager module for working with the CipherTrust Manager APIs, more specifically with CCKM for Azure Keys API
Parameters
Parameter |
Comments |
---|---|
Key attributes to be updated. |
|
Id of the domain in which dsm key will be created. |
|
Name of the Elliptical curve key. Required only when key_type is EC Choices:
|
|
Whether to enable the newly rotated key. Choices:
|
|
Size of the new rotated key. Required only when key_type is RSA. Choices:
|
|
Source of the key material. Options are native, hsm-luna, dsm and ciphertrust. Choices:
|
|
Algorithm for the key. Choices:
|
|
Id of the partition in which hsm key will be created. |
|
Optional, new key release policy for exportable keys. |
|
Azure key parameters. |
|
Identifier of the dsm key. It is a required parameter if source key tier is dsm. |
|
Allow private key to be exported from Azure. Currently, it is only valid when key source is hsm-luna and vault is a premium vault or a managed-hsm vault. Choices:
|
|
Id of the scheduler job that will perform key rotation. |
|
Synchronization job to be deleted |
|
Identifier of azure key encryption key. |
|
Id of the key to be acted upon |
|
Name for the key on Azure. Key names can only contain alphanumeric characters and dashes. |
|
Operation to be performed on the key Choices:
|
|
Key operations to be updated. Choices:
|
|
Id or name of the key vault where the key will be created on Azure. |
|
Name or ID of key vaults from which Azure keys will be synchronized. synchronize_all and key_vaults are mutually exclusive. Specify either the synchronize_all or key_vaults. |
|
Identifier of the CipherTrust Manager key to upload. Key name or ID can be specified. It is a required parameter if source key tier is local. |
|
this holds the connection parameters required to communicate with an instance of CipherTrust Manager (CM) holds IP/FQDN of the server, username, password, and port |
|
admin password of CM |
|
CM Server IP or FQDN |
|
Port on which CM server is listening Default: |
|
internal or private IP of the CM Server, if different from the server_ip |
|
admin username of CM |
|
if SSL verification is required Choices:
|
|
Identifier of the luna hsm key. It is a required parameter if source key tier is hsm-luna. |
|
Operation to be performed Choices:
|
|
PFX password. Specify only if the PFX certificate is provided. |
|
PFX key. Specify a Base64 encoded key. |
|
Key release policy. Must be set if exportable is true. |
|
Source key tier. Options are local, pfx, dsm, and hsm-luna. Default is local. Choices:
Default: |
|
Set true to synchronize all keys from all vaults. synchronize_all and key_vaults are mutually exclusive. Specify either the synchronize_all or key_vaults. Choices:
|
|
Application specific metadata in the form of key-value pair. |
Examples
- name: "Create Azure Key"
thalesgroup.ciphertrust.cckm_az_key:
localNode:
server_ip: "IP/FQDN of CipherTrust Manager"
server_private_ip: "Private IP in case that is different from above"
server_port: 5432
user: "CipherTrust Manager Username"
password: "CipherTrust Manager Password"
verify: false
op_type: create