thalesgroup / thalesgroup.ciphertrust / 1.0.0 / module / cckm_gcp_key CCKM module for GCP Keys | "added in version" 1.0.0 of thalesgroup.ciphertrust" Authors: Anurag Jain, Developer Advocate Thales Groupthalesgroup.ciphertrust.cckm_gcp_key (1.0.0) — module
Install with ansible-galaxy collection install thalesgroup.ciphertrust:==1.0.0
collections: - name: thalesgroup.ciphertrust version: 1.0.0
This is a Thales CipherTrust Manager module for working with the CipherTrust Manager APIs, more specifically with CCKM for GCP Keys
- name: "Create GCP Key" thalesgroup.ciphertrust.cckm_gcp_key: localNode: server_ip: "IP/FQDN of CipherTrust Manager" server_private_ip: "Private IP in case that is different from above" server_port: 5432 user: "CipherTrust Manager Username" password: "CipherTrust Manager Password" verify: false op_type: create
job_id: description: Synchronization job ID to be cancelled type: str key_id: description: GCP Key ID to be acted upon type: str labels: description: Labels attached to the Google Cloud key in the form of string key,value json pair. type: dict op_type: choices: - create - update - key_op - key_version_op - upload-key - create-sync-job - cancel-sync-job - update-all-versions description: Operation to be performed required: true type: str key_ring: description: ID or Resource URL of the Google Cloud keyRing where key will be created. type: str algorithm: choices: - RSA_SIGN_PSS_2048_SHA256 - RSA_SIGN_PSS_3072_SHA256 - RSA_SIGN_PSS_4096_SHA256 - RSA_SIGN_PSS_4096_SHA512 - RSA_SIGN_PKCS1_2048_SHA256 - RSA_SIGN_PKCS1_3072_SHA256 - RSA_SIGN_PKCS1_4096_SHA256 - RSA_SIGN_PKCS1_4096_SHA512 - RSA_DECRYPT_OAEP_2048_SHA256 - RSA_DECRYPT_OAEP_3072_SHA256 - RSA_DECRYPT_OAEP_4096_SHA256 - RSA_DECRYPT_OAEP_4096_SHA512 - EC_SIGN_P256_SHA256 - EC_SIGN_P384_SHA384 - EC_SIGN_SECP256K1_SHA256 - GOOGLE_SYMMETRIC_ENCRYPTION description: Algorithm of the key type: str is_native: description: This flag tells whether the key version will be created natively or will be uploaded. type: bool key_rings: description: Name or ID of key rings from which Google Cloud keys will be synchronized. synchronize_all and key_rings are mutually exclusive. Specify either the synchronize_all or key_rings. type: str localNode: description: - this holds the connection parameters required to communicate with an instance of CipherTrust Manager (CM) - holds IP/FQDN of the server, username, password, and port required: true suboptions: password: description: admin password of CM required: true type: str server_ip: description: CM Server IP or FQDN required: true type: str server_port: default: 5432 description: Port on which CM server is listening required: true type: int server_private_ip: description: internal or private IP of the CM Server, if different from the server_ip required: true type: str user: description: admin username of CM required: true type: str verify: default: false description: if SSL verification is required required: true type: bool type: dict operation: choices: - enable - disable - schedule_destroy - cancel_destroy description: Operation to be performed on all versions of the Google Cloud key type: str version_id: description: Key version ID to be acted upon type: str key_op_type: choices: - create-version - refresh - enable-auto-rotation - disable-auto-rotation description: Operation to be performed type: str job_config_id: description: Id of the scheduler job that will perform key rotation. type: str source_key_id: description: The key ID which will be uploaded from key source. type: str gcp_key_params: description: Google Cloud Key related parameters type: dict rotation_period: description: Frequency at which the Google Cloud key will to be automatically rotated by Google Cloud KMS (symmetric key only). Must be formatted as a duration in seconds terminated by "s". Example "360000s". type: str source_key_tier: choices: - local - dsm - hsm-luna description: Key source from where the key will be uploaded. - local for keySecure - dsm for DSM - hsm-luna for Luna HSM type: str synchronize_all: description: Set true to synchronize all keys from all rings. synchronize_all and key_rings are mutually exclusive. Specify either the synchronize_all or key_rings. type: str next_rotation_time: description: Next time the Google Cloud key will be automatically rotated by Google Cloud KMS (symmetric key only). Must be formatted as per RFC3339. Example "2022-07-31T17:18:37.085Z". type: str primary_version_id: description: Version number of the new primary version. type: str key_version_op_type: choices: - refresh - enable - disable - schedule-destroy - cancel-schedule-destroy - download-public-key description: Operation to be performed type: str auto_rotate_algorithm: choices: - RSA_SIGN_PSS_2048_SHA256 - RSA_SIGN_PSS_3072_SHA256 - RSA_SIGN_PSS_4096_SHA256 - RSA_SIGN_PSS_4096_SHA512 - RSA_SIGN_PKCS1_2048_SHA256 - RSA_SIGN_PKCS1_3072_SHA256 - RSA_SIGN_PKCS1_4096_SHA256 - RSA_SIGN_PKCS1_4096_SHA512 - RSA_DECRYPT_OAEP_2048_SHA256 - RSA_DECRYPT_OAEP_3072_SHA256 - RSA_DECRYPT_OAEP_4096_SHA256 - RSA_DECRYPT_OAEP_4096_SHA512 - EC_SIGN_P256_SHA256 - EC_SIGN_P384_SHA384 - EC_SIGN_SECP256K1_SHA256 - GOOGLE_SYMMETRIC_ENCRYPTION - HMAC_SHA256 description: Algorithm of the key. type: str auto_rotate_domain_id: description: Id of the domain in which dsm key will be created. type: str auto_rotate_key_source: description: Source of the key material. Options are native, hsm-luna, dsm and ciphertrust. type: str auto_rotate_partition_id: description: Id of the partition in which hsm key will be created. type: str version_template_algorithm: choices: - RSA_SIGN_PSS_2048_SHA256 - RSA_SIGN_PSS_3072_SHA256 - RSA_SIGN_PSS_4096_SHA256 - RSA_SIGN_PSS_4096_SHA512 - RSA_SIGN_PKCS1_2048_SHA256 - RSA_SIGN_PKCS1_3072_SHA256 - RSA_SIGN_PKCS1_4096_SHA256 - RSA_SIGN_PKCS1_4096_SHA512 - RSA_DECRYPT_OAEP_2048_SHA256 - RSA_DECRYPT_OAEP_3072_SHA256 - RSA_DECRYPT_OAEP_4096_SHA256 - RSA_DECRYPT_OAEP_4096_SHA512 - EC_SIGN_P256_SHA256 - EC_SIGN_P384_SHA384 - EC_SIGN_SECP256K1_SHA256 description: Algorithm of the asymmetric key (Symmetric key algorithm is not updatable). type: str