thalesgroup.ciphertrust.cckm_gcp_key module – CCKM module for GCP Keys
Note
This module is part of the thalesgroup.ciphertrust collection (version 1.0.0).
To install it, use: ansible-galaxy collection install thalesgroup.ciphertrust
.
To use it in a playbook, specify: thalesgroup.ciphertrust.cckm_gcp_key
.
New in thalesgroup.ciphertrust 1.0.0
Synopsis
This is a Thales CipherTrust Manager module for working with the CipherTrust Manager APIs, more specifically with CCKM for GCP Keys
Parameters
Parameter |
Comments |
---|---|
Algorithm of the key Choices:
|
|
Algorithm of the key. Choices:
|
|
Id of the domain in which dsm key will be created. |
|
Source of the key material. Options are native, hsm-luna, dsm and ciphertrust. |
|
Id of the partition in which hsm key will be created. |
|
Google Cloud Key related parameters |
|
This flag tells whether the key version will be created natively or will be uploaded. Choices:
|
|
Id of the scheduler job that will perform key rotation. |
|
Synchronization job ID to be cancelled |
|
GCP Key ID to be acted upon |
|
Operation to be performed Choices:
|
|
ID or Resource URL of the Google Cloud keyRing where key will be created. |
|
Name or ID of key rings from which Google Cloud keys will be synchronized. synchronize_all and key_rings are mutually exclusive. Specify either the synchronize_all or key_rings. |
|
Operation to be performed Choices:
|
|
Labels attached to the Google Cloud key in the form of string key,value json pair. |
|
this holds the connection parameters required to communicate with an instance of CipherTrust Manager (CM) holds IP/FQDN of the server, username, password, and port |
|
admin password of CM |
|
CM Server IP or FQDN |
|
Port on which CM server is listening Default: |
|
internal or private IP of the CM Server, if different from the server_ip |
|
admin username of CM |
|
if SSL verification is required Choices:
|
|
Next time the Google Cloud key will be automatically rotated by Google Cloud KMS (symmetric key only). Must be formatted as per RFC3339. Example “2022-07-31T17:18:37.085Z”. |
|
Operation to be performed Choices:
|
|
Operation to be performed on all versions of the Google Cloud key Choices:
|
|
Version number of the new primary version. |
|
Frequency at which the Google Cloud key will to be automatically rotated by Google Cloud KMS (symmetric key only). Must be formatted as a duration in seconds terminated by “s”. Example “360000s”. |
|
The key ID which will be uploaded from key source. |
|
Key source from where the key will be uploaded. - local for keySecure - dsm for DSM - hsm-luna for Luna HSM Choices:
|
|
Set true to synchronize all keys from all rings. synchronize_all and key_rings are mutually exclusive. Specify either the synchronize_all or key_rings. |
|
Key version ID to be acted upon |
|
Algorithm of the asymmetric key (Symmetric key algorithm is not updatable). Choices:
|
Examples
- name: "Create GCP Key"
thalesgroup.ciphertrust.cckm_gcp_key:
localNode:
server_ip: "IP/FQDN of CipherTrust Manager"
server_private_ip: "Private IP in case that is different from above"
server_port: 5432
user: "CipherTrust Manager Username"
password: "CipherTrust Manager Password"
verify: false
op_type: create