thalesgroup.ciphertrust.cm_regtoken module – Create or update registration token

Note

This module is part of the thalesgroup.ciphertrust collection (version 1.0.0).

To install it, use: ansible-galaxy collection install thalesgroup.ciphertrust.

To use it in a playbook, specify: thalesgroup.ciphertrust.cm_regtoken.

New in thalesgroup.ciphertrust 1.0.0

Synopsis

  • The module is to create or update client registration token

Parameters

Parameter

Comments

ca_id

string

ID of the trusted Certificate Authority that will be used to sign client certificate during registration process. By default local Certificate Authority will be used to issue certificates.

cert_duration

integer

Duration in days for which the CipherTrust Manager client’s certificate is valid, default (730).

Default: 730

id

string

registration token ID to be updated

label

dictionary

Label is the key value pair. In case of KMIP client registration, Key is KmipClientProfile and in case of PA client registration Key is ClientProfile. Value for the key is the profile name of protectapp/Kmip client profile to be mapped with the token for protectapp/Kmip client registration.

lifetime

string

Duration in minutes/hours/days for which this token can be used for registering CipherTrust Manager clients. No limit by default. For 'x' amount of time, it should formatted as xm for x minutes, xh for hours and xd for days.

localNode

dictionary / required

this holds the connection parameters required to communicate with an instance of CipherTrust Manager (CM)

holds IP/FQDN of the server, username, password, and port

password

string / required

admin password of CM

server_ip

string / required

CM Server IP or FQDN

server_port

integer / required

Port on which CM server is listening

Default: 5432

server_private_ip

string / required

internal or private IP of the CM Server, if different from the server_ip

user

string / required

admin username of CM

verify

boolean / required

if SSL verification is required

Choices:

  • false ← (default)

  • true

max_clients

integer

Maximum number of clients that can be registered using this registration token. No limit by default.

name_prefix

string

Prefix for the client name. For a client registered using this registration token, name_prefix, if specified, client name will be constructed as 'name_prefix{nth client registered using this registation token}', If name_prefix is not specified, CipherTrust Manager server will generate a random name for the client.

op_type

string / required

Operation to be performed

Choices:

  • "create"

  • "patch"

Examples

- name: "Create Registration Token"
  thalesgroup.ciphertrust.cm_regtoken:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: create
    ca_id: 76c4da32-0953-4c6a-bf77-c5a70314244c
    cert_duration: 730
    label:
      ClientProfile: DefaultClientProfile
    lifetime: 30d
    max_clients: 100
    name_prefix: "ansible_client"

Authors

  • Anurag Jain, Developer Advocate Thales Group