thalesgroup.ciphertrust.cckm_gcp_ekm module – CCKM module for Google Cloud Platform EKM
Note
This module is part of the thalesgroup.ciphertrust collection (version 1.0.0).
To install it, use: ansible-galaxy collection install thalesgroup.ciphertrust
.
To use it in a playbook, specify: thalesgroup.ciphertrust.cckm_gcp_ekm
.
New in thalesgroup.ciphertrust 1.0.0
Synopsis
This is a Thales CipherTrust Manager module for working with the CipherTrust Manager APIs, more specifically with CCKM for GCP EKM
Parameters
Parameter |
Comments |
---|---|
EKM Key Algorithm. Default is AES256 Choices:
|
|
Is a confidential VM (and valid attestation) required for decryption. Default is false. Applicable for UDE Endpoint only. Choices:
|
|
Is a confidential VM (and valid attestation) required for encryption. Default is false. Applicable for UDE Endpoint only. Choices:
|
|
ID of GCP EKM to be acted upon |
|
Operation to be performed on GCP EKM Choices:
|
|
EKM Endpoint type. Default is ekm Choices:
|
|
ID of existing key to use (if applicable for migration from another CM deployment). If not supplied, a new key will be created |
|
EKM Key type. Default is symmetric Choices:
|
|
Base url hostname for KeyURI |
|
this holds the connection parameters required to communicate with an instance of CipherTrust Manager (CM) holds IP/FQDN of the server, username, password, and port |
|
admin password of CM |
|
CM Server IP or FQDN |
|
Port on which CM server is listening Default: |
|
internal or private IP of the CM Server, if different from the server_ip |
|
admin username of CM |
|
if SSL verification is required Choices:
|
|
Additional information associated with this Endpoint |
|
Unique name for Endpoint |
|
Operation to be performed Choices:
|
|
EKM Policy attributes |
|
Flag to denote if the sent policy is in raw format. Default is false. EKM Policy in basic format is required if raw_policy_enabled is false. Choices:
|
Examples
- name: "Create GCP EKM"
thalesgroup.ciphertrust.cckm_gcp_ekm:
localNode:
server_ip: "IP/FQDN of CipherTrust Manager"
server_private_ip: "Private IP in case that is different from above"
server_port: 5432
user: "CipherTrust Manager Username"
password: "CipherTrust Manager Password"
verify: false
op_type: create