thalesgroup.ciphertrust.cckm_gcp_key module – CCKM module for GCP Keys

Note

This module is part of the thalesgroup.ciphertrust collection (version 1.0.0).

To install it, use: ansible-galaxy collection install thalesgroup.ciphertrust.

To use it in a playbook, specify: thalesgroup.ciphertrust.cckm_gcp_key.

New in thalesgroup.ciphertrust 1.0.0

Synopsis 

This is a Thales CipherTrust Manager module for working with the CipherTrust Manager APIs, more specifically with CCKM for GCP Keys

Parameters 

Parameter	Comments
algorithm string	Algorithm of the key Choices: `"RSA_SIGN_PSS_2048_SHA256"` `"RSA_SIGN_PSS_3072_SHA256"` `"RSA_SIGN_PSS_4096_SHA256"` `"RSA_SIGN_PSS_4096_SHA512"` `"RSA_SIGN_PKCS1_2048_SHA256"` `"RSA_SIGN_PKCS1_3072_SHA256"` `"RSA_SIGN_PKCS1_4096_SHA256"` `"RSA_SIGN_PKCS1_4096_SHA512"` `"RSA_DECRYPT_OAEP_2048_SHA256"` `"RSA_DECRYPT_OAEP_3072_SHA256"` `"RSA_DECRYPT_OAEP_4096_SHA256"` `"RSA_DECRYPT_OAEP_4096_SHA512"` `"EC_SIGN_P256_SHA256"` `"EC_SIGN_P384_SHA384"` `"EC_SIGN_SECP256K1_SHA256"` `"GOOGLE_SYMMETRIC_ENCRYPTION"`
auto_rotate_algorithm string	Algorithm of the key. Choices: `"RSA_SIGN_PSS_2048_SHA256"` `"RSA_SIGN_PSS_3072_SHA256"` `"RSA_SIGN_PSS_4096_SHA256"` `"RSA_SIGN_PSS_4096_SHA512"` `"RSA_SIGN_PKCS1_2048_SHA256"` `"RSA_SIGN_PKCS1_3072_SHA256"` `"RSA_SIGN_PKCS1_4096_SHA256"` `"RSA_SIGN_PKCS1_4096_SHA512"` `"RSA_DECRYPT_OAEP_2048_SHA256"` `"RSA_DECRYPT_OAEP_3072_SHA256"` `"RSA_DECRYPT_OAEP_4096_SHA256"` `"RSA_DECRYPT_OAEP_4096_SHA512"` `"EC_SIGN_P256_SHA256"` `"EC_SIGN_P384_SHA384"` `"EC_SIGN_SECP256K1_SHA256"` `"GOOGLE_SYMMETRIC_ENCRYPTION"` `"HMAC_SHA256"`
auto_rotate_domain_id string	Id of the domain in which dsm key will be created.
auto_rotate_key_source string	Source of the key material. Options are native, hsm-luna, dsm and ciphertrust.
auto_rotate_partition_id string	Id of the partition in which hsm key will be created.
gcp_key_params dictionary	Google Cloud Key related parameters
is_native boolean	This flag tells whether the key version will be created natively or will be uploaded. Choices: `false` `true`
job_config_id string	Id of the scheduler job that will perform key rotation.
job_id string	Synchronization job ID to be cancelled
key_id string	GCP Key ID to be acted upon
key_op_type string	Operation to be performed Choices: `"create-version"` `"refresh"` `"enable-auto-rotation"` `"disable-auto-rotation"`
key_ring string	ID or Resource URL of the Google Cloud keyRing where key will be created.
key_rings string	Name or ID of key rings from which Google Cloud keys will be synchronized. synchronize_all and key_rings are mutually exclusive. Specify either the synchronize_all or key_rings.
key_version_op_type string	Operation to be performed Choices: `"refresh"` `"enable"` `"disable"` `"schedule-destroy"` `"cancel-schedule-destroy"` `"download-public-key"`
labels dictionary	Labels attached to the Google Cloud key in the form of string key,value json pair.
localNode dictionary / required	this holds the connection parameters required to communicate with an instance of CipherTrust Manager (CM) holds IP/FQDN of the server, username, password, and port
password string / required	admin password of CM
server_ip string / required	CM Server IP or FQDN
server_port integer / required	Port on which CM server is listening Default: `5432`
server_private_ip string / required	internal or private IP of the CM Server, if different from the server_ip
user string / required	admin username of CM
verify boolean / required	if SSL verification is required Choices: `false` ← (default) `true`
next_rotation_time string	Next time the Google Cloud key will be automatically rotated by Google Cloud KMS (symmetric key only). Must be formatted as per RFC3339. Example “2022-07-31T17:18:37.085Z”.
op_type string / required	Operation to be performed Choices: `"create"` `"update"` `"key_op"` `"key_version_op"` `"upload-key"` `"create-sync-job"` `"cancel-sync-job"` `"update-all-versions"`
operation string	Operation to be performed on all versions of the Google Cloud key Choices: `"enable"` `"disable"` `"schedule_destroy"` `"cancel_destroy"`
primary_version_id string	Version number of the new primary version.
rotation_period string	Frequency at which the Google Cloud key will to be automatically rotated by Google Cloud KMS (symmetric key only). Must be formatted as a duration in seconds terminated by “s”. Example “360000s”.
source_key_id string	The key ID which will be uploaded from key source.
source_key_tier string	Key source from where the key will be uploaded. - local for keySecure - dsm for DSM - hsm-luna for Luna HSM Choices: `"local"` `"dsm"` `"hsm-luna"`
synchronize_all string	Set true to synchronize all keys from all rings. synchronize_all and key_rings are mutually exclusive. Specify either the synchronize_all or key_rings.
version_id string	Key version ID to be acted upon
version_template_algorithm string	Algorithm of the asymmetric key (Symmetric key algorithm is not updatable). Choices: `"RSA_SIGN_PSS_2048_SHA256"` `"RSA_SIGN_PSS_3072_SHA256"` `"RSA_SIGN_PSS_4096_SHA256"` `"RSA_SIGN_PSS_4096_SHA512"` `"RSA_SIGN_PKCS1_2048_SHA256"` `"RSA_SIGN_PKCS1_3072_SHA256"` `"RSA_SIGN_PKCS1_4096_SHA256"` `"RSA_SIGN_PKCS1_4096_SHA512"` `"RSA_DECRYPT_OAEP_2048_SHA256"` `"RSA_DECRYPT_OAEP_3072_SHA256"` `"RSA_DECRYPT_OAEP_4096_SHA256"` `"RSA_DECRYPT_OAEP_4096_SHA512"` `"EC_SIGN_P256_SHA256"` `"EC_SIGN_P384_SHA384"` `"EC_SIGN_SECP256K1_SHA256"`

Examples 

- name: "Create GCP Key"
  thalesgroup.ciphertrust.cckm_gcp_key:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: create

Authors

Anurag Jain, Developer Advocate Thales Group

Collection links

Issue Tracker Homepage Repository (Sources)