thalesgroup / thalesgroup.ciphertrust / 1.0.0 / module / cckm_az_key CCKM module for Azure Keys | "added in version" 1.0.0 of thalesgroup.ciphertrust" Authors: Anurag Jain, Developer Advocate Thales Groupthalesgroup.ciphertrust.cckm_az_key (1.0.0) — module
Install with ansible-galaxy collection install thalesgroup.ciphertrust:==1.0.0
collections: - name: thalesgroup.ciphertrust version: 1.0.0
This is a Thales CipherTrust Manager module for working with the CipherTrust Manager APIs, more specifically with CCKM for Azure Keys API
- name: "Create Azure Key" thalesgroup.ciphertrust.cckm_az_key: localNode: server_ip: "IP/FQDN of CipherTrust Manager" server_private_ip: "Private IP in case that is different from above" server_port: 5432 user: "CipherTrust Manager Username" password: "CipherTrust Manager Password" verify: false op_type: create
pfx: description: PFX key. Specify a Base64 encoded key. type: str tags: description: Application specific metadata in the form of key-value pair. type: dict job_id: description: Synchronization job to be deleted type: str key_id: description: Id of the key to be acted upon type: str kek_kid: description: Identifier of azure key encryption key. type: str key_ops: choices: - encrypt - decrypt - sign - verify - wrapKey - unwrapKey description: Key operations to be updated. type: list op_type: choices: - create - update - key_op - upload-key - create-sync-job - cancel-sync-job description: Operation to be performed required: true type: str key_name: description: Name for the key on Azure. Key names can only contain alphanumeric characters and dashes. type: str password: description: PFX password. Specify only if the PFX certificate is provided. type: str key_vault: description: Id or name of the key vault where the key will be created on Azure. type: str localNode: description: - this holds the connection parameters required to communicate with an instance of CipherTrust Manager (CM) - holds IP/FQDN of the server, username, password, and port required: true suboptions: password: description: admin password of CM required: true type: str server_ip: description: CM Server IP or FQDN required: true type: str server_port: default: 5432 description: Port on which CM server is listening required: true type: int server_private_ip: description: internal or private IP of the CM Server, if different from the server_ip required: true type: str user: description: admin username of CM required: true type: str verify: default: false description: if SSL verification is required required: true type: bool type: dict attributes: description: Key attributes to be updated. type: dict exportable: description: Allow private key to be exported from Azure. Currently, it is only valid when key source is hsm-luna and vault is a premium vault or a managed-hsm vault. type: bool key_vaults: description: Name or ID of key vaults from which Azure keys will be synchronized. synchronize_all and key_vaults are mutually exclusive. Specify either the synchronize_all or key_vaults. type: list azure_param: description: Azure key parameters. type: dict key_op_type: choices: - soft-delete - hard-delete - restore - recover - delete-backup - enable-rotation-job - disable-rotation-job description: Operation to be performed on the key type: str job_config_id: description: Id of the scheduler job that will perform key rotation. type: str release_policy: description: Key release policy. Must be set if exportable is true. type: dict source_key_tier: choices: - local' - pfx - dsm - hsm-luna default: local description: Source key tier. Options are local, pfx, dsm, and hsm-luna. Default is local. type: str synchronize_all: description: Set true to synchronize all keys from all vaults. synchronize_all and key_vaults are mutually exclusive. Specify either the synchronize_all or key_vaults. type: bool dsm_key_identifier: description: Identifier of the dsm key. It is a required parameter if source key tier is dsm. type: str auto_rotate_ec_name: choices: - P-256 - P-384 - P-521 - SECP256K1 description: Name of the Elliptical curve key. Required only when key_type is EC type: str luna_key_identifier: description: Identifier of the luna hsm key. It is a required parameter if source key tier is hsm-luna. type: str auto_rotate_key_size: choices: - 2048 - 3072 - 4096 description: Size of the new rotated key. Required only when key_type is RSA. type: str auto_rotate_key_type: choices: - EC - EC-HSM - RSA - RSA-HSM description: Algorithm for the key. type: str local_key_identifier: description: Identifier of the CipherTrust Manager key to upload. Key name or ID can be specified. It is a required parameter if source key tier is local. type: str auto_rotate_domain_id: description: Id of the domain in which dsm key will be created. type: str auto_rotate_enable_key: description: Whether to enable the newly rotated key. type: bool auto_rotate_key_source: choices: - native - hsm-luna - dsm - ciphertrust description: Source of the key material. Options are native, hsm-luna, dsm and ciphertrust. type: str auto_rotate_partition_id: description: Id of the partition in which hsm key will be created. type: str auto_rotate_release_policy: description: Optional, new key release policy for exportable keys. type: dict