From ee72cc5e47fad02523513e550dcb6a6906f9dc2c Mon Sep 17 00:00:00 2001 From: Thales Group Date: Wed, 22 Nov 2023 05:00:08 +0000 Subject: [PATCH] updated docs --- README.md | 119 +++++++++++++++--- changelog.md | 11 ++ docs/data-sources/scheduler.md | 70 +++++++++++ docs/index.md | 15 ++- docs/resources/aws_cloudhsm_key.md | 2 + docs/resources/aws_connection.md | 2 + docs/resources/aws_custom_keystore.md | 2 + docs/resources/aws_key.md | 1 + docs/resources/aws_kms.md | 1 + docs/resources/aws_policy_template.md | 2 + docs/resources/aws_xks_key.md | 2 + docs/resources/azure_connection.md | 2 + docs/resources/azure_key.md | 1 + docs/resources/azure_vault.md | 2 + docs/resources/cluster.md | 2 + docs/resources/cm_key.md | 25 +++- docs/resources/cte_client.md | 1 + docs/resources/cte_guardpoint.md | 1 + docs/resources/cte_policies.md | 2 + docs/resources/domain.md | 1 + docs/resources/dsm_connection.md | 1 + docs/resources/dsm_domain.md | 1 + docs/resources/dsm_key.md | 1 + docs/resources/ekm_endpoint.md | 2 + docs/resources/gcp_acl.md | 2 + docs/resources/gcp_connection.md | 1 + docs/resources/gcp_key.md | 1 + docs/resources/gcp_keyring.md | 1 + docs/resources/google_project.md | 2 + docs/resources/groups.md | 1 + docs/resources/gwcse_endpoint.md | 1 + docs/resources/gwcse_identity.md | 1 + docs/resources/hsm_connection.md | 1 + docs/resources/hsm_key.md | 1 + docs/resources/hsm_partition.md | 1 + docs/resources/hsm_server.md | 1 + docs/resources/interface.md | 2 +- docs/resources/license.md | 2 + docs/resources/log_forwarder.md | 2 +- docs/resources/ntp.md | 2 + docs/resources/password_policy.md | 2 +- docs/resources/policies.md | 2 +- docs/resources/policy_attachments.md | 2 +- docs/resources/property.md | 2 + docs/resources/proxy.md | 2 + docs/resources/scheduler.md | 1 + docs/resources/syslog.md | 2 + docs/resources/user.md | 2 +- docs/resources/virtual_key.md | 2 + .../ciphertrust_scheduler/data-source.tf | 9 ++ .../resources/ciphertrust_cm_key/resource.tf | 17 ++- sample-scripts/aws-cloudhsm-keys/main.tf | 2 +- .../aws-keys/create-native/ec/main.tf | 2 +- .../aws-keys/create-native/rsa/main.tf | 2 +- .../aws-keys/create-native/symmetric/main.tf | 2 +- .../aws-keys/import/ciphertrust/main.tf | 2 +- sample-scripts/aws-keys/import/dsm/main.tf | 2 +- .../aws-keys/import/hsm-luna/main.tf | 2 +- .../aws-keys/key-rotation/ciphertrust/main.tf | 2 +- .../aws-keys/key-rotation/dsm/main.tf | 2 +- .../aws-keys/key-rotation/hsm-luna/main.tf | 2 +- .../aws-keys/key-synchronization/main.tf | 2 +- .../aws-keys/policy-templates/main.tf | 2 +- .../aws-keys/upload/ciphertrust/main.tf | 2 +- sample-scripts/aws-keys/upload/dsm/main.tf | 2 +- .../aws-keys/upload/hsm-luna/main.tf | 2 +- .../cm-as-key-source/linked-key/main.tf | 2 +- .../cm-as-key-source/unlinked-key/main.tf | 2 +- .../luna-as-key-source/linked-key/main.tf | 2 +- .../luna-as-key-source/unlinked-key/main.tf | 2 +- .../azure-keys/create-native/ec/main.tf | 2 +- .../azure-keys/create-native/hsm/main.tf | 2 +- .../azure-keys/create-native/rsa/main.tf | 2 +- .../key-rotation/ciphertrust/main.tf | 2 +- .../azure-keys/key-rotation/dsm/main.tf | 2 +- .../azure-keys/key-rotation/hsm-luna/main.tf | 2 +- .../azure-keys/key-rotation/native/main.tf | 2 +- .../azure-keys/key-synchronization/main.tf | 2 +- .../azure-keys/upload/ciphertrust/main.tf | 2 +- sample-scripts/azure-keys/upload/dsm/main.tf | 2 +- .../azure-keys/upload/hsm-luna/main.tf | 2 +- sample-scripts/azure-keys/upload/pfx/main.tf | 2 +- .../Step1-create-a-domain/main.tf | 2 +- .../main.tf | 2 +- .../Step3-domain-user-login/main.tf | 2 +- sample-scripts/connections/aws/main.tf | 2 +- sample-scripts/connections/azure/main.tf | 2 +- sample-scripts/connections/dsm/main.tf | 2 +- sample-scripts/connections/google/main.tf | 2 +- sample-scripts/connections/luna-hsm/main.tf | 2 +- sample-scripts/data-sources/aws-key/main.tf | 2 +- .../data-sources/azure-connection/main.tf | 2 +- sample-scripts/data-sources/azure-key/main.tf | 2 +- .../data-sources/google-connection/main.tf | 2 +- .../data-sources/google-key/main.tf | 2 +- .../data-sources/google-keyring/main.tf | 2 +- .../data-sources/scheduler/README.md | 106 ++++++++++++++++ .../data-sources/scheduler/azure_vars.tf | 4 + .../data-sources/scheduler/hsm_vars.tf | 24 ++++ sample-scripts/data-sources/scheduler/main.tf | 99 +++++++++++++++ sample-scripts/google-ekm-endpoints/main.tf | 2 +- .../google-keyring-acls/groups/main.tf | 2 +- .../google-keyring-acls/users/main.tf | 2 +- .../ciphertrust/asymmetric/main.tf | 2 +- .../ciphertrust/symmetric/main.tf | 2 +- .../add-versions/dsm/asymmetric/main.tf | 2 +- .../add-versions/dsm/symmetric/main.tf | 2 +- .../add-versions/hsm-luna/asymmetric/main.tf | 2 +- .../add-versions/native/asymmetric/main.tf | 2 +- .../add-versions/native/symmetric/main.tf | 2 +- .../create-native/asymmetric/main.tf | 2 +- .../create-native/symmetric/main.tf | 2 +- .../key-rotation/ciphertrust/main.tf | 2 +- .../google-keys/key-rotation/dsm/main.tf | 2 +- .../google-keys/key-rotation/hsm-luna/main.tf | 2 +- .../google-keys/key-rotation/native/main.tf | 2 +- .../google-keys/key-synchronization/main.tf | 2 +- .../upload/ciphertrust/asymmetric/main.tf | 2 +- .../upload/ciphertrust/symmetric/main.tf | 2 +- .../google-keys/upload/dsm/asymmetric/main.tf | 2 +- .../google-keys/upload/dsm/symmetric/main.tf | 2 +- .../upload/hsm-luna/asymmetric/main.tf | 2 +- .../google-workspace-cse/cse-endpoint/main.tf | 2 +- .../google-workspace-cse/cse-identity/main.tf | 2 +- .../aws/allow-kms-add/main.tf | 2 +- .../azure/allow-vault-add/main.tf | 2 +- .../deny-cmkey-export/main.tf | 2 +- .../google/allow-keyring-create/main.tf | 2 +- .../practical-examples/aws_s3_bucket/main.tf | 2 +- .../azure_storage_account/main.tf | 2 +- .../practical-examples/cluster/main.tf | 2 +- 131 files changed, 611 insertions(+), 108 deletions(-) create mode 100644 docs/data-sources/scheduler.md create mode 100644 examples/data-sources/ciphertrust_scheduler/data-source.tf create mode 100644 sample-scripts/data-sources/scheduler/README.md create mode 100644 sample-scripts/data-sources/scheduler/azure_vars.tf create mode 100644 sample-scripts/data-sources/scheduler/hsm_vars.tf create mode 100644 sample-scripts/data-sources/scheduler/main.tf diff --git a/README.md b/README.md index 901e1ad..2556c9c 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ page_title: "CipherTrust Provider" subcategory: "" description: |- - The CipherTrust provider can be used configure a CipherTrust instance or cluster and subsequently manage cloud resources. + The CipherTrust provider can be used configure a CipherTrust instance or cluster or a CipherTrust Data Security Platform as a Service (CDSPaaS) and subsequently manage cloud resources. --- # CipherTrust Provider @@ -37,6 +37,7 @@ To deploy a Virtual CipherTrust Manager from AWS, you must supply the Amazon Mac ## Thales Devices The following devices can be used to create keys for the above public clouds. +- CipherTrust Manager - DSM - HSM Luna @@ -50,41 +51,78 @@ CipherTrust authentication parameters can also be provided as environment variab The following table illustrates which parameters can be provided as environment variables or in the configuration file. -| Provider Parameter | Environment Variable | Config File | Required | Default Value | -|:---------------------|:---------------------|:------------|:----------|:--------------| -| address | CM_ADDRESS | address | Yes | N/A | -| username | CM_USERNAME | username | Yes | N/A | -| password | CM_PASSWORD | password | Yes | N/A | -| domain | CM_DOMAIN | domain | No | root | -| remaining parameters | no | yes | No | N/A | +| Provider Parameter | Environment Variable | Config File | Required | Default Value | +|:---------------------|:---------------------|:------------|:----------|:---------------------------| +| address | CM_ADDRESS | address | Yes | N/A | +| username | CM_USERNAME | username | Yes | N/A | +| password | CM_PASSWORD | password | Yes | N/A | +| domain | CM_DOMAIN | domain | No | Empty string (root domain) | +| auth_domain | CM_AUTH_DOMAIN | auth_domain | No | Empty string (root domain) | +| remaining parameters | no | yes | No | N/A | -The order of precedence when determining the value of a parameter: +The order of precedence when determining the value of a provider parameter: 1. Provider Block 2. Environment Variable 3. Configuration File ## Provider Block +### For CipherTrust Manager + +To authenticate to and log in to the root domain: ```terraform provider "ciphertrust" { address = "cm-address" username = "cm-username" password = "cm-password" - domain = "cm-domain" +} + +``` +To authenticate to and log in to a domain other than root: + +```terraform +provider "ciphertrust" { + address = "cm-address" + username = "cm-username" + password = "cm-password" + auth_domain = "users-auth-domain" +} +``` + +To authenticate to a domain but log in to a different domain: + +```terraform +provider "ciphertrust" { + address = "cm-address" + username = "cm-username" + password = "cm-password" + auth_domain = "users-auth-domain" + domain = "a-different-domain" +} +``` + +### For CipherTrust Data Security Platform as a Service (CDSPaaS) + +```terraform +provider "ciphertrust" { + address = "cdsp-address" + username = "cdsp-tenant-username" + password = "cdsp-tenant-password" + auth_domain = "cdsp-tenant-name" } ``` ## Configuration File All provider parameters can be read from the configuration file. -The configuration file is ~/.ciphertrust/config. +The configuration file is ~/.ciphertrust/config. For example: ```terraform address = cm-address username = cm-username password = cm-password ``` -If the above values exist in the configuration file the provider block can be: +If authentication values exist in the configuration file the provider block can be: ```terraform provider "ciphertrust" {} @@ -97,10 +135,11 @@ Some provider parameters can be specified in environment variables. ```bash export CM_USERNAME=cm-username export CM_PASSWORD=cm-password +export CM_AUTH_DOMAIN=cm-auth-domain export CM_DOMAIN=cm-domain ``` -If the above environment variables exist the provider block can be: +If environment variables required for authentication exist the provider block can be: ```terraform provider "ciphertrust" {} @@ -117,12 +156,64 @@ provider "ciphertrust" {} ### Optional - **address** (String) HTTPS URL of the CipherTrust instance. address can be set in the provider block, via the CM_ADDRESS environment variable or in ~/.ciphertrust/config. An address need not be provided when creating a cluster of CipherTrust instances. +- **auth_domain** (String) CipherTrust authentication domain of the user. This is the domain where the user was created. auth_domain can be set in the provider block, via the CM_AUTH_DOMAIN environment variable or in ~/.ciphertrust/config. Default is the empty string (root domain). - **aws_operation_timeout** (Number) Some AWS key operations, for example, replication, can take some time to complete. This specifies how long to wait for an operation to complete in seconds. aws_operation_timeout can be set in the provider block or in ~/.ciphertrust/config. Default is 480. - **azure_operation_timeout** (Number) Azure key operations can take time to complete. This specifies how long to wait for an operation to complete in seconds. azure_operation_timeout can be set in the provider block or in ~/.ciphertrust/config. Default is 240. -- **domain** (String) CipherTrust domain of the user. domain can be set in the provider block, via the CM_DOMAIN environment variable or in ~/.ciphertrust/config. Default is the root domain. +- **domain** (String) CipherTrust domain to log in to. domain can be set in the provider block, via the CM_DOMAIN environment variable or in ~/.ciphertrust/config. Default is the root domain. - **gcp_operation_timeout** (Number) Some Google Cloud operations, for example, schedule destroy, are not synchronous. This specifies how long to wait for an operation to complete in seconds. gcp_operation_timeout can be set in the provider block or in ~/.ciphertrust/config. Default is 120. - **hsm_operation_timeout** (Number) HSM connection operations are not synchronous. This specifies how long to wait for an operation to complete in seconds. hsm_operation_timeout can be set in the provider block or in ~/.ciphertrust/config. Default is 60. - **log_file** (String) Log file name. log_file can be set in the provider block or in ~/.ciphertrust/config. Default is ctp.log. - **log_level** (String) Logging level. log_level can be set in the provider block or in ~/.ciphertrust/config. Default is info. Options: debug, info, warning or error. - **no_ssl_verify** (Boolean) Set to false to verify the server's certificate chain and host name. no_ssl_verify can be set in the provider block or in ~/.ciphertrust/config. Default is true. - **rest_api_timeout** (Number) CipherTrust rest api timeout in seconds. rest_api_timeout can be set in the provider block or in ~/.ciphertrust/config. Default is 60. + +## Supported resource types + +The following table illustrates which resource types are supported in CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS). +| Resource Type | CipherTrust Manager | CDSPaaS | +|:---------------------------------|:--------------------|:--------| +| ciphertrust_aws_cloudhsm_key | yes | yes | +| ciphertrust_aws_connection | yes | yes | +| ciphertrust_aws_custom_keystore | yes | yes | +| ciphertrust_aws_key | yes | yes | +| ciphertrust_aws_kms | yes | yes | +| ciphertrust_aws_policy_template | yes | yes | +| ciphertrust_aws_xks_key | yes | yes | +| ciphertrust_azure_connection | yes | yes | +| ciphertrust_azure_key | yes | yes | +| ciphertrust_azure_vault | yes | yes | +| ciphertrust_cluster | yes | no | +| ciphertrust_cm_key | yes | yes | +| ciphertrust_cte_client | yes | no | +| ciphertrust_cte_guardpoint | yes | no | +| ciphertrust_cte_policies | yes | no | +| ciphertrust_domain | yes | no | +| ciphertrust_dsm_connection | yes | no | +| ciphertrust_dsm_domain | yes | no | +| ciphertrust_dsm_key | yes | no | +| ciphertrust_ekm_endpoint | yes | yes | +| ciphertrust_gcp_acl | yes | yes | +| ciphertrust_gcp_connection | yes | yes | +| ciphertrust_gcp_key | yes | yes | +| ciphertrust_gcp_keyring | yes | yes | +| ciphertrust_google_project | yes | yes | +| ciphertrust_groups | yes | yes | +| ciphertrust_gwcse_endpoint | yes | yes | +| ciphertrust_gwcse_identity | yes | yes | +| ciphertrust_hsm_connection | yes | no | +| ciphertrust_hsm_key | yes | no | +| ciphertrust_hsm_partition | yes | no | +| ciphertrust_hsm_server | yes | no | +| ciphertrust_interface | yes | no | +| ciphertrust_license | yes | no | +| ciphertrust_log_forwarder | yes | no | +| ciphertrust_ntp | yes | no | +| ciphertrust_password_policy | yes | no | +| ciphertrust_policies | yes | no | +| ciphertrust_policy_attachments | yes | no | +| ciphertrust_property | yes | no | +| ciphertrust_proxy | yes | no | +| ciphertrust_scheduler | yes | yes | +| ciphertrust_syslog | yes | no | +| ciphertrust_user | yes | yes | +| ciphertrust_virtual_key | yes | no | \ No newline at end of file diff --git a/changelog.md b/changelog.md index 9145697..948a83e 100644 --- a/changelog.md +++ b/changelog.md @@ -1,3 +1,14 @@ +# 0.10.3-beta + +## New Data Source + Added the ciphertrust_scheduler data source. + +## Fixes + ciphertrust_cm_key key_size will accept 128, 192 and 256 for AES keys. + +## Documentation + Added documentation for CipherTrust Data Security Platform as a Service (CDSPaaS). + # 0.10.2-beta Changed provider parameter `domain`'s default value from `root` to the empty string. diff --git a/docs/data-sources/scheduler.md b/docs/data-sources/scheduler.md new file mode 100644 index 0000000..bd58b38 --- /dev/null +++ b/docs/data-sources/scheduler.md @@ -0,0 +1,70 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "ciphertrust_scheduler Data Source - terraform-provider-ciphertrust" +subcategory: "" +description: |- + +--- + +# ciphertrust_scheduler (Data Source) + +This data-source retrieves details of a [ciphertrust_scheduler](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/scheduler) resource. + +It's possible to identify the scheduler using the scheduler's name or ID. + + +## Example Usage + +```terraform +# Retrieve details using the scheduler's name +data "ciphertrust_scheduler" "scheduler_by_name" { + name = "Rotation Scheduler" +} + +# Retrieve details using the ID of the scheduler +data "ciphertrust_aws_key" "scheduler_by_id" { + id = "77b4acd3-80e4-4270-81b5-11bb13b8053a" +} +``` + + +## Schema + +### Optional + +- `id` (String) Job configuration ID. +- `name` (String) Name of the job configuration. + +### Read-Only + +- `cckm_key_rotation_params` (List of Object) Specifies key rotation parameters (see [below for nested schema](#nestedatt--cckm_key_rotation_params)) +- `cckm_synchronization_params` (List of Object) Specifies key synchronization parameters (see [below for nested schema](#nestedatt--cckm_synchronization_params)) +- `description` (String) Description of the job configuration. +- `disabled` (Boolean) Indicates if the the job configuration is disabled. +- `end_date` (String) Date the job configuration becomes inactive. +- `operation` (String) Type of operation. +- `run_at` (String) Cron expression indicating when the job will run. +- `run_on` (String) Node on which the job will run. +- `start_date` (String) Date the job configuration becomes active. + + +### Nested Schema for `cckm_key_rotation_params` + +Read-Only: + +- `aws_retain_alias` (Boolean) +- `cloud_name` (String) +- `expiration` (String) +- `expire_in` (String) + + + +### Nested Schema for `cckm_synchronization_params` + +Read-Only: + +- `cloud_name` (String) +- `key_rings` (Set of String) +- `key_vaults` (Set of String) +- `kms` (Set of String) +- `synchronize_all` (Boolean) diff --git a/docs/index.md b/docs/index.md index 2703011..e16a031 100644 --- a/docs/index.md +++ b/docs/index.md @@ -51,6 +51,8 @@ The order of precedence when determining the value of a provider parameter: ## Provider Block +### For CipherTrust Manager + To authenticate to and log in to the root domain: ```terraform provider "ciphertrust" { @@ -82,6 +84,17 @@ provider "ciphertrust" { domain = "a-different-domain" } ``` + +### For CipherTrust Data Security Platform as a Service (CDSPaaS) + +```terraform +provider "ciphertrust" { + address = "cdsp-address" + username = "cdsp-tenant-username" + password = "cdsp-tenant-password" + auth_domain = "cdsp-tenant-name" +} +``` ## Configuration File All provider parameters can be read from the configuration file. @@ -136,6 +149,4 @@ provider "ciphertrust" {} - `log_file` (String) Log file name. log_file can be set in the provider block or in ~/.ciphertrust/config. Default is ctp.log. - `log_level` (String) Logging level. log_level can be set in the provider block or in ~/.ciphertrust/config. Default is info. Options: debug, info, warning or error. - `no_ssl_verify` (Boolean) Set to false to verify the server's certificate chain and host name. no_ssl_verify can be set in the provider block or in ~/.ciphertrust/config. Default is true. -- `password` (String, Sensitive) Password of a CipherTrust user. password can be set in the provider block, via the CM_PASSWORD environment variable or in ~/.ciphertrust/config - `rest_api_timeout` (Number) CipherTrust rest api timeout in seconds. rest_api_timeout can be set in the provider block or in ~/.ciphertrust/config. Default is 60. -- `username` (String) Username of a CipherTrust user. username can be set in the provider block, via the CM_USERNAME environment variable or in ~/.ciphertrust/config diff --git a/docs/resources/aws_cloudhsm_key.md b/docs/resources/aws_cloudhsm_key.md index a182bde..2e61ac6 100644 --- a/docs/resources/aws_cloudhsm_key.md +++ b/docs/resources/aws_cloudhsm_key.md @@ -15,6 +15,8 @@ Primary uses of the ciphertrust_aws_cloudhsm_key resource include: - Creating an AWS key in custom key store of type AWS_CLOUDHSM - Updating attributes of an linked AWS HYOK key (description, tags, alias, policy, enable/disable) +This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS). + ## Prerequisites - CloudHSM cluster setup on AWS is required before creating custom key store of type AWS_CLOUDHSM (refer AWS CloudHSM documentation including the AWS Key Management Service Developer Guide and AWS CloudHSM User Guide.) - For CloudHSM key, CloudHSM Key Store needs to be in `Connected` state before creating CloudHSM key. It takes upto 30 minutes for Connect/Disconnect operations. diff --git a/docs/resources/aws_connection.md b/docs/resources/aws_connection.md index 7595a65..6c46c90 100644 --- a/docs/resources/aws_connection.md +++ b/docs/resources/aws_connection.md @@ -14,6 +14,8 @@ A connection is required before operations can be performed on the AWS cloud. [ciphertrust_aws_kms](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/aws_kms) resources are dependent on this resource. +This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS). + ## Optional Use of Environment Variables | Parameter | Environment Variable | diff --git a/docs/resources/aws_custom_keystore.md b/docs/resources/aws_custom_keystore.md index dcefabe..92ed7a9 100644 --- a/docs/resources/aws_custom_keystore.md +++ b/docs/resources/aws_custom_keystore.md @@ -25,6 +25,8 @@ Primary uses of the ciphertrust_aws_custom_keystore resource include: - Perform following operations on a custom keystore of type AWS_CLOUDHSM: - connect/disconnect +This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS). + ## Prerequisites ### External Key Store - External Key Store can be in either linked or Unlinked state. Linked keystore is automatically created in AWS too. diff --git a/docs/resources/aws_key.md b/docs/resources/aws_key.md index ea76c7f..d5818c2 100644 --- a/docs/resources/aws_key.md +++ b/docs/resources/aws_key.md @@ -29,6 +29,7 @@ Scheduling key rotation requires a [ciphertrust_scheduler](https://registry.terr This resource is dependent on a [ciphertrust_aws_kms](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/aws_kms) resource. +This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS). ## Example Usage diff --git a/docs/resources/aws_kms.md b/docs/resources/aws_kms.md index 013cbe1..066d19d 100644 --- a/docs/resources/aws_kms.md +++ b/docs/resources/aws_kms.md @@ -14,6 +14,7 @@ This resource is dependent on a [ciphertrust_aws_connection](https://registry.te [ciphertrust_aws_key](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/aws_key) resources are dependent on this resource. +This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS). ## Example Usage diff --git a/docs/resources/aws_policy_template.md b/docs/resources/aws_policy_template.md index bddf99a..7dc3d7b 100644 --- a/docs/resources/aws_policy_template.md +++ b/docs/resources/aws_policy_template.md @@ -12,6 +12,8 @@ A ciphertrust_aws_policy_template can be used to add the key policy for [ciphert If the policy json is provided no other fields can be specified. +This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS). + ## Example Usage ```terraform diff --git a/docs/resources/aws_xks_key.md b/docs/resources/aws_xks_key.md index 93f6129..b480e3a 100644 --- a/docs/resources/aws_xks_key.md +++ b/docs/resources/aws_xks_key.md @@ -16,6 +16,8 @@ Primary uses of the ciphertrust_aws_xks_key resource include: - block/unblock - link an unlinked key +This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS). + ## Prerequisites - Creation of AWS HYOK key is supported for locally hosted External Key Store. - HYOK Keys can be backed by Luna HSM as key source or by Ciphertrust Manager as key source. diff --git a/docs/resources/azure_connection.md b/docs/resources/azure_connection.md index 59a8cff..058b211 100644 --- a/docs/resources/azure_connection.md +++ b/docs/resources/azure_connection.md @@ -14,6 +14,8 @@ A connection is required before operations can be performed on the Azure cloud. [ciphertrust_azure_vault](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/azure_vault) resources are dependent on this resource. +This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS). + ## Optional Use of Environment Variables | Parameter | Environment Variable | diff --git a/docs/resources/azure_key.md b/docs/resources/azure_key.md index fe47e22..3084233 100644 --- a/docs/resources/azure_key.md +++ b/docs/resources/azure_key.md @@ -28,6 +28,7 @@ Scheduling key rotation requires a [ciphertrust_scheduler](https://registry.terr This resource is dependent on a [ciphertrust_azure_vault](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/azure_vault) resource. +This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS). ## Example Usage diff --git a/docs/resources/azure_vault.md b/docs/resources/azure_vault.md index b1afb55..3fa67cb 100644 --- a/docs/resources/azure_vault.md +++ b/docs/resources/azure_vault.md @@ -16,6 +16,8 @@ This resource is dependent on a [ciphertrust_azure_connection](https://registry. [ciphertrust_azure_key](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/azure_key) resources are dependent on this resource. +This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS). + ## Optional Use of Environment Variables | Parameter | Environment Variable | diff --git a/docs/resources/cluster.md b/docs/resources/cluster.md index 40fee67..c78fa3d 100644 --- a/docs/resources/cluster.md +++ b/docs/resources/cluster.md @@ -16,6 +16,8 @@ Cluster operations will not use the "address" configured for the provider. It wi "original" then we will try and use that one. The provider will attempt to use the "username" and "password" values configured at the provider level. But if those do not work we will attempt to use the default credentials and then change the password to the "password" value. +This resource is applicable to CipherTrust Manager only. + ## Example Usage ```terraform diff --git a/docs/resources/cm_key.md b/docs/resources/cm_key.md index 692eea8..82189db 100644 --- a/docs/resources/cm_key.md +++ b/docs/resources/cm_key.md @@ -13,6 +13,7 @@ CipherTrust Manager keys are primarily used to create the following: - [ciphertrust_azure_key](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/azure_key) resources - [ciphertrust_gcp_key](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/gcp_key) resources +This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS). ## Example Usage @@ -24,16 +25,30 @@ resource "ciphertrust_cm_key" "cm_rsa_key" { key_size = 2048 } +# Create a 256 bit AES key +resource "ciphertrust_cm_key" "cm_aes_key" { + name = "key-name" + algorithm = "AES" +} + +# Create a 128 bit AES key +resource "ciphertrust_cm_key" "cm_aes_key" { + name = "key-name" + algorithm = "AES" + key_size = 128 +} + # Create a secp384r1 EC key resource "ciphertrust_cm_key" "cm_ec_key" { name = "key-name" algorithm = "EC" } -# Create a 256 bit AES key -resource "ciphertrust_cm_key" "cm_aes_key" { +# Create a curve25519 EC key +resource "ciphertrust_cm_key" "cm_ec_key" { name = "key-name" - algorithm = "AES" + algorithm = "EC" + curve = "curve25519" } ``` @@ -47,8 +62,8 @@ resource "ciphertrust_cm_key" "cm_aes_key" { ### Optional -- `curve` (String) Curve for an EC key. Options: secp256k1, secp384r1, secp521r1, curve25519 and prime256v1. Default is secp384r1. -- `key_size` (Number) Required for RSA keys. Optional for AES keys. Defaults to 256 for AES keys. Options are: 1024, 2048, 3072, 4096. +- `curve` (String) Curve for an EC key. Options: secp224k1, secp224r1, secp256k1, secp384r1, secp521r1, prime256v1, brainpoolP224r1, brainpoolP224t1, brainpoolP256r1, brainpoolP256t1, brainpoolP384r1, brainpoolP384t1, brainpoolP512r1, brainpoolP512t1 and curve25519. Default is secp384r1. +- `key_size` (Number) Required for RSA keys. Optional for AES keys. Defaults to 256 for AES keys. Options are: 128, 192, 256 for AES keys and 1024, 2048, 3072, 4096 for RSA keys. - `undeletable` (Boolean) (Updateable) Parameter to indicate if CM key is undeletable. Must be set to false before this key and any linked keys can be destroyed. Default is false. - `unexportable` (Boolean) (Updateable) Parameter to indicate if CM key is unexportable. - `usage_mask` (Number) Cryptographic usage mask. Add the usage masks to allow certain usages. Sign (1), Verify (2), Encrypt (4), Decrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512), Content Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384), Validate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144), Translate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow the usages. To set all usage mask bits, use 4194303. Equivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728), 'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12), 'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks). diff --git a/docs/resources/cte_client.md b/docs/resources/cte_client.md index c259479..a5ad4b3 100644 --- a/docs/resources/cte_client.md +++ b/docs/resources/cte_client.md @@ -10,6 +10,7 @@ description: |- This resouce is used to create a CTE Client. A client is a computer system where the data needs to be protected. A compatible CTE Agent software is installed on the client. The CTE Agent can protect data on the client or devices connected to it. A client can be associated with multiple GuardPoints for encryption of various paths. +This resource is applicable to CipherTrust Manager only. ## Schema diff --git a/docs/resources/cte_guardpoint.md b/docs/resources/cte_guardpoint.md index 96b982c..5a8f2e1 100644 --- a/docs/resources/cte_guardpoint.md +++ b/docs/resources/cte_guardpoint.md @@ -12,6 +12,7 @@ This resource is used to create a CTE GuardPoint on a CTE Client. A GuardPoint s A user can apply GuardPoint on specific path on a selected file server. It can be either on a directory, or on a raw device, it can be a applied on a cloud storage, and all these options will be driven by the "gp_type" parameter. +This resource is applicable to CipherTrust Manager only. diff --git a/docs/resources/cte_policies.md b/docs/resources/cte_policies.md index 6ce1d14..ea55879 100644 --- a/docs/resources/cte_policies.md +++ b/docs/resources/cte_policies.md @@ -10,6 +10,8 @@ description: |- This resource is used to create CTE policies which can be used to add a guardpoint on CTE client. A policy is a collection of rules that govern data access and encryption. Think of a policy as an if-then statement. Policy rules are processed sequentially. If the criteria of rule one are not met, the policy enforcement engine moves on to the second rule and so on. +This resource is applicable to CipherTrust Manager only. + Policies specify: Actors: Users, groups, and processes that are permitted/denied access to protected data. Actions: What actions authorized actors are allowed to perform. For example create/delete, read/write, decrypt, modify permissions, and so on. diff --git a/docs/resources/domain.md b/docs/resources/domain.md index e0f167a..48e7336 100644 --- a/docs/resources/domain.md +++ b/docs/resources/domain.md @@ -12,6 +12,7 @@ Domains isolate resources like keys to a single domain and cannot be accessed ac When a domain is created an administrator can define which system users are administrators of that domain. Domain administrators can explicitly add or remove system users to / from the domain or create group maps to implicitly include system users in the domain. +This resource is applicable to CipherTrust Manager only. ## Example Usage diff --git a/docs/resources/dsm_connection.md b/docs/resources/dsm_connection.md index 2691e84..f9e2c32 100644 --- a/docs/resources/dsm_connection.md +++ b/docs/resources/dsm_connection.md @@ -14,6 +14,7 @@ A connection is required before operations can be performed on the DSM. [ciphertrust_dsm_domain](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/dsm_domain) resources are dependent on this resource. +This resource is applicable to CipherTrust Manager only. ## Example Usage diff --git a/docs/resources/dsm_domain.md b/docs/resources/dsm_domain.md index d3d1b5d..0a1c061 100644 --- a/docs/resources/dsm_domain.md +++ b/docs/resources/dsm_domain.md @@ -19,6 +19,7 @@ This resource is dependent on a [ciphertrust_dsm_connection](https://registry.te [ciphertrust_dsm_key](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/dsm_key) resources are dependent on this resource. +This resource is applicable to CipherTrust Manager only. ## Example Usage diff --git a/docs/resources/dsm_key.md b/docs/resources/dsm_key.md index d7e2273..a6c2ee8 100644 --- a/docs/resources/dsm_key.md +++ b/docs/resources/dsm_key.md @@ -15,6 +15,7 @@ DSM keys are primarily used to create the following: This resource is dependent on a [ciphertrust_dsm_domain](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/dsm_domain) resource. +This resource is applicable to CipherTrust Manager only. ## Example Usage diff --git a/docs/resources/ekm_endpoint.md b/docs/resources/ekm_endpoint.md index 891a7a1..0e39861 100644 --- a/docs/resources/ekm_endpoint.md +++ b/docs/resources/ekm_endpoint.md @@ -16,6 +16,8 @@ Projects can be added to CipherTrust Manager by creating either of the following - [ciphertrust_gcp_connection](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/gcp_connection) - [ciphertrust_google_project](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/google_project) +This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS). + ## Example Usage ```terraform diff --git a/docs/resources/gcp_acl.md b/docs/resources/gcp_acl.md index 5a276ac..4adc421 100644 --- a/docs/resources/gcp_acl.md +++ b/docs/resources/gcp_acl.md @@ -31,6 +31,8 @@ The resource is dependent on a [ciphertrust_gcp_keyring](https://registry.terraf Access control is applied for either a [ciphertrust_user](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/user) or a [ciphertrust_group](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/group). +This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS). + ## Example Usage ```terraform diff --git a/docs/resources/gcp_connection.md b/docs/resources/gcp_connection.md index cde735d..2629eab 100644 --- a/docs/resources/gcp_connection.md +++ b/docs/resources/gcp_connection.md @@ -14,6 +14,7 @@ A connection is required before operations can be performed on Google cloud. [ciphertrust_gcp_keyring](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/gcp_keyring) resources are dependent on this resource. +This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS). ## Example Usage diff --git a/docs/resources/gcp_key.md b/docs/resources/gcp_key.md index a9e3b78..1d96f2d 100644 --- a/docs/resources/gcp_key.md +++ b/docs/resources/gcp_key.md @@ -32,6 +32,7 @@ Scheduling key rotation requires a [ciphertrust_scheduler](https://registry.terr The resource is dependent on a [ciphertrust_gcp_keyring](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/gcp_keyring) resource. +This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS). ## Example Usage diff --git a/docs/resources/gcp_keyring.md b/docs/resources/gcp_keyring.md index ee6296c..09e8145 100644 --- a/docs/resources/gcp_keyring.md +++ b/docs/resources/gcp_keyring.md @@ -14,6 +14,7 @@ This resource is dependent on a [ciphertrust_gcp_connection](https://registry.te [ciphertrust_gcp_acl](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/gcp_acl) resources can be added the keyring. +This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS). ## Example Usage diff --git a/docs/resources/google_project.md b/docs/resources/google_project.md index 95101d1..690e105 100644 --- a/docs/resources/google_project.md +++ b/docs/resources/google_project.md @@ -14,6 +14,8 @@ This resource adds a Google Project to CipherTrust Manager. [ciphertrust_gcp_connection](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/gcp_connection) resources will also add Google Project. +This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS). + ## Schema diff --git a/docs/resources/groups.md b/docs/resources/groups.md index f74b73e..a25ca7a 100644 --- a/docs/resources/groups.md +++ b/docs/resources/groups.md @@ -14,6 +14,7 @@ Users can be added to groups by using the id. This resource is dependent on a [ciphertrust_user](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/user) resource. +This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS). ## Example Usage diff --git a/docs/resources/gwcse_endpoint.md b/docs/resources/gwcse_endpoint.md index 12aefca..dce59fb 100644 --- a/docs/resources/gwcse_endpoint.md +++ b/docs/resources/gwcse_endpoint.md @@ -12,6 +12,7 @@ This resource establishes the connection between Google Client Side Encryption a This resource is dependent on a [ciphertrust_gwcse_identity](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/ciphertrust_gwcse_identity) resource. +This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS). ## Example Usage diff --git a/docs/resources/gwcse_identity.md b/docs/resources/gwcse_identity.md index 3fb622d..56ff0f8 100644 --- a/docs/resources/gwcse_identity.md +++ b/docs/resources/gwcse_identity.md @@ -14,6 +14,7 @@ This resource manages a customer specific identity provider which is used for au It's possible to create ciphertrust_gwcse_identity using a variety of optional fields. +This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS). ## Example Usage diff --git a/docs/resources/hsm_connection.md b/docs/resources/hsm_connection.md index 08c9a37..73f3c65 100644 --- a/docs/resources/hsm_connection.md +++ b/docs/resources/hsm_connection.md @@ -16,6 +16,7 @@ This resource is dependent on a [ciphertrust_hsm_server](https://registry.terraf [ciphertrust_hsm_partition](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/hsm_partition) resources are dependent on this resource. +This resource is applicable to CipherTrust Manager only. ## Example Usage diff --git a/docs/resources/hsm_key.md b/docs/resources/hsm_key.md index f726e82..dd5496b 100644 --- a/docs/resources/hsm_key.md +++ b/docs/resources/hsm_key.md @@ -14,6 +14,7 @@ Luna-HSM keys are primarily used to create the following: This resource is dependent on a [ciphertrust_hsm_partition](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/hsm_partition) resource. +This resource is applicable to CipherTrust Manager only. ## Example Usage diff --git a/docs/resources/hsm_partition.md b/docs/resources/hsm_partition.md index 1a31fd8..14f6b70 100644 --- a/docs/resources/hsm_partition.md +++ b/docs/resources/hsm_partition.md @@ -18,6 +18,7 @@ Resources of this type can be used as the container when scheduling rotation for This resource is dependent on a [ciphertrust_hsm_connection](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/hsm_connection) resource. +This resource is applicable to CipherTrust Manager only. ## Example Usage diff --git a/docs/resources/hsm_server.md b/docs/resources/hsm_server.md index 63bbb04..c5f8878 100644 --- a/docs/resources/hsm_server.md +++ b/docs/resources/hsm_server.md @@ -12,6 +12,7 @@ This resource established a network connection between CipherTrust Manager and t [ciphertrust_hsm_connection](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/hsm_connection) resources are dependent on this resource. +This resource is applicable to CipherTrust Manager only. ## Example Usage diff --git a/docs/resources/interface.md b/docs/resources/interface.md index 6061d59..7048840 100644 --- a/docs/resources/interface.md +++ b/docs/resources/interface.md @@ -8,7 +8,7 @@ description: |- # ciphertrust_interface (Resource) - +This resource is applicable to CipherTrust Manager only. ## Example Usage diff --git a/docs/resources/license.md b/docs/resources/license.md index 8aa46a4..1e43ffd 100644 --- a/docs/resources/license.md +++ b/docs/resources/license.md @@ -10,6 +10,8 @@ description: |- Licenses can be installed to enable extended functionality for enterprise level features such as clustering and external identity provider options, and for various connectors such as KMIP clients. +This resource is applicable to CipherTrust Manager only. + ## Example Usage ```terraform diff --git a/docs/resources/log_forwarder.md b/docs/resources/log_forwarder.md index 1924b83..de44349 100644 --- a/docs/resources/log_forwarder.md +++ b/docs/resources/log_forwarder.md @@ -8,7 +8,7 @@ description: |- # ciphertrust_log_forwarder (Resource) - +This resource is applicable to CipherTrust Manager only. ## Example Usage diff --git a/docs/resources/ntp.md b/docs/resources/ntp.md index cab56c5..4baca73 100644 --- a/docs/resources/ntp.md +++ b/docs/resources/ntp.md @@ -10,6 +10,8 @@ description: |- NTP (Network Time Protocol) is used to synchronize time with an external time source. +This resource is applicable to CipherTrust Manager only. + ## Example Usage ```terraform diff --git a/docs/resources/password_policy.md b/docs/resources/password_policy.md index 7dcf3a7..e8e3524 100644 --- a/docs/resources/password_policy.md +++ b/docs/resources/password_policy.md @@ -10,7 +10,7 @@ description: |- - Change the current global password policy for all users. Can only be used by a member of the admin or user admin group. Currently, by default 'global' policy is applied to all users. - Create, Update and Delete a custom password policy. Can only be used by a member of the admin or user admin group. Currently, by default 'global' policy is applied to all users. To apply the policy, you need to assign it to a user. - +This resource is applicable to CipherTrust Manager only. ## Example Usage diff --git a/docs/resources/policies.md b/docs/resources/policies.md index b08228f..b6fbd65 100644 --- a/docs/resources/policies.md +++ b/docs/resources/policies.md @@ -8,7 +8,7 @@ description: |- # ciphertrust_policies (Resource) - +This resource is applicable to CipherTrust Manager only. ## Example Usage diff --git a/docs/resources/policy_attachments.md b/docs/resources/policy_attachments.md index 0f27201..474c6ee 100644 --- a/docs/resources/policy_attachments.md +++ b/docs/resources/policy_attachments.md @@ -8,7 +8,7 @@ description: |- # ciphertrust_policy_attachments (Resource) - +This resource is applicable to CipherTrust Manager only. diff --git a/docs/resources/property.md b/docs/resources/property.md index 83b04e2..6ddf434 100644 --- a/docs/resources/property.md +++ b/docs/resources/property.md @@ -10,6 +10,8 @@ description: |- Set server level properties. +This resource is applicable to CipherTrust Manager only. + ## Example Usage ```terraform diff --git a/docs/resources/proxy.md b/docs/resources/proxy.md index d113a34..1ada9f3 100644 --- a/docs/resources/proxy.md +++ b/docs/resources/proxy.md @@ -10,6 +10,8 @@ description: |- The proxy API is used to set the proxy in the system. The API also provides an option to input a CA certificate to trust by the system. A system restart is required after adding new or changing proxy settings. +This resource is applicable to CipherTrust Manager only. + ## Example Usage ```terraform diff --git a/docs/resources/scheduler.md b/docs/resources/scheduler.md index 55a6b17..369e828 100644 --- a/docs/resources/scheduler.md +++ b/docs/resources/scheduler.md @@ -22,6 +22,7 @@ A schedule can be created to synchronize keys for: - Azure - Google Cloud +This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS). ## Example Usage diff --git a/docs/resources/syslog.md b/docs/resources/syslog.md index 9563cb0..e3f156f 100644 --- a/docs/resources/syslog.md +++ b/docs/resources/syslog.md @@ -10,6 +10,8 @@ description: |- Audit records can optionally be sent to one or more external syslog server(s). By default audit records are stored in the local database and will continue to do so even if syslog connections are configured. Each audit record will be sent to each configured syslog connection. +This resource is applicable to CipherTrust Manager only. + ## Example Usage ```terraform diff --git a/docs/resources/user.md b/docs/resources/user.md index 7439caa..ca672fb 100644 --- a/docs/resources/user.md +++ b/docs/resources/user.md @@ -8,7 +8,7 @@ description: |- # ciphertrust_user (Resource) - +This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS). ## Example Usage diff --git a/docs/resources/virtual_key.md b/docs/resources/virtual_key.md index 3e16c42..4308805 100644 --- a/docs/resources/virtual_key.md +++ b/docs/resources/virtual_key.md @@ -21,6 +21,8 @@ description: |- - Virtual key resource depends on following resources: - [ciphertrust_hsm_key](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/hsm_key) resource for Luna as key source. +This resource is applicable to CipherTrust Manager only. + ## Example Usage ```terraform diff --git a/examples/data-sources/ciphertrust_scheduler/data-source.tf b/examples/data-sources/ciphertrust_scheduler/data-source.tf new file mode 100644 index 0000000..91002cf --- /dev/null +++ b/examples/data-sources/ciphertrust_scheduler/data-source.tf @@ -0,0 +1,9 @@ +# Retrieve details using the scheduler's name +data "ciphertrust_scheduler" "scheduler_by_name" { + name = "Rotation Scheduler" +} + +# Retrieve details using the ID of the scheduler +data "ciphertrust_aws_key" "scheduler_by_id" { + id = "77b4acd3-80e4-4270-81b5-11bb13b8053a" +} diff --git a/examples/resources/ciphertrust_cm_key/resource.tf b/examples/resources/ciphertrust_cm_key/resource.tf index 5929600..299ea00 100644 --- a/examples/resources/ciphertrust_cm_key/resource.tf +++ b/examples/resources/ciphertrust_cm_key/resource.tf @@ -5,16 +5,23 @@ resource "ciphertrust_cm_key" "cm_rsa_key" { key_size = 2048 } -# Create a secp384r1 EC key -resource "ciphertrust_cm_key" "cm_ec_key" { +# Create a 256 bit AES key +resource "ciphertrust_cm_key" "cm_aes_key" { name = "key-name" - algorithm = "EC" + algorithm = "AES" } -# Create a 256 bit AES key +# Create a 128 bit AES key resource "ciphertrust_cm_key" "cm_aes_key" { name = "key-name" algorithm = "AES" + key_size = 128 +} + +# Create a secp384r1 EC key +resource "ciphertrust_cm_key" "cm_ec_key" { + name = "key-name" + algorithm = "EC" } # Create a curve25519 EC key @@ -22,4 +29,4 @@ resource "ciphertrust_cm_key" "cm_ec_key" { name = "key-name" algorithm = "EC" curve = "curve25519" -} \ No newline at end of file +} diff --git a/sample-scripts/aws-cloudhsm-keys/main.tf b/sample-scripts/aws-cloudhsm-keys/main.tf index 64954bc..91e7e1a 100644 --- a/sample-scripts/aws-cloudhsm-keys/main.tf +++ b/sample-scripts/aws-cloudhsm-keys/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/aws-keys/create-native/ec/main.tf b/sample-scripts/aws-keys/create-native/ec/main.tf index 75e6587..67c19c8 100644 --- a/sample-scripts/aws-keys/create-native/ec/main.tf +++ b/sample-scripts/aws-keys/create-native/ec/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/aws-keys/create-native/rsa/main.tf b/sample-scripts/aws-keys/create-native/rsa/main.tf index 8063ee8..169968e 100644 --- a/sample-scripts/aws-keys/create-native/rsa/main.tf +++ b/sample-scripts/aws-keys/create-native/rsa/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/aws-keys/create-native/symmetric/main.tf b/sample-scripts/aws-keys/create-native/symmetric/main.tf index 67f246f..f7d8909 100644 --- a/sample-scripts/aws-keys/create-native/symmetric/main.tf +++ b/sample-scripts/aws-keys/create-native/symmetric/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/aws-keys/import/ciphertrust/main.tf b/sample-scripts/aws-keys/import/ciphertrust/main.tf index ad165e9..14a5c36 100644 --- a/sample-scripts/aws-keys/import/ciphertrust/main.tf +++ b/sample-scripts/aws-keys/import/ciphertrust/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/aws-keys/import/dsm/main.tf b/sample-scripts/aws-keys/import/dsm/main.tf index 45a8ad3..f8aec18 100644 --- a/sample-scripts/aws-keys/import/dsm/main.tf +++ b/sample-scripts/aws-keys/import/dsm/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/aws-keys/import/hsm-luna/main.tf b/sample-scripts/aws-keys/import/hsm-luna/main.tf index 8078d33..a77072a 100644 --- a/sample-scripts/aws-keys/import/hsm-luna/main.tf +++ b/sample-scripts/aws-keys/import/hsm-luna/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/aws-keys/key-rotation/ciphertrust/main.tf b/sample-scripts/aws-keys/key-rotation/ciphertrust/main.tf index ea42242..0a5a64c 100644 --- a/sample-scripts/aws-keys/key-rotation/ciphertrust/main.tf +++ b/sample-scripts/aws-keys/key-rotation/ciphertrust/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/aws-keys/key-rotation/dsm/main.tf b/sample-scripts/aws-keys/key-rotation/dsm/main.tf index 5e95ba5..53bcf75 100644 --- a/sample-scripts/aws-keys/key-rotation/dsm/main.tf +++ b/sample-scripts/aws-keys/key-rotation/dsm/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/aws-keys/key-rotation/hsm-luna/main.tf b/sample-scripts/aws-keys/key-rotation/hsm-luna/main.tf index 9f86309..f6bcc0d 100644 --- a/sample-scripts/aws-keys/key-rotation/hsm-luna/main.tf +++ b/sample-scripts/aws-keys/key-rotation/hsm-luna/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/aws-keys/key-synchronization/main.tf b/sample-scripts/aws-keys/key-synchronization/main.tf index 44a9937..e9475ea 100644 --- a/sample-scripts/aws-keys/key-synchronization/main.tf +++ b/sample-scripts/aws-keys/key-synchronization/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/aws-keys/policy-templates/main.tf b/sample-scripts/aws-keys/policy-templates/main.tf index 97ebc79..eff3fa7 100644 --- a/sample-scripts/aws-keys/policy-templates/main.tf +++ b/sample-scripts/aws-keys/policy-templates/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/aws-keys/upload/ciphertrust/main.tf b/sample-scripts/aws-keys/upload/ciphertrust/main.tf index dbf836f..6f423d0 100644 --- a/sample-scripts/aws-keys/upload/ciphertrust/main.tf +++ b/sample-scripts/aws-keys/upload/ciphertrust/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/aws-keys/upload/dsm/main.tf b/sample-scripts/aws-keys/upload/dsm/main.tf index 986574e..bc2b46b 100644 --- a/sample-scripts/aws-keys/upload/dsm/main.tf +++ b/sample-scripts/aws-keys/upload/dsm/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/aws-keys/upload/hsm-luna/main.tf b/sample-scripts/aws-keys/upload/hsm-luna/main.tf index 47d3c8d..9a4b105 100644 --- a/sample-scripts/aws-keys/upload/hsm-luna/main.tf +++ b/sample-scripts/aws-keys/upload/hsm-luna/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/aws-xks/cm-as-key-source/linked-key/main.tf b/sample-scripts/aws-xks/cm-as-key-source/linked-key/main.tf index 3346de8..633a4f4 100644 --- a/sample-scripts/aws-xks/cm-as-key-source/linked-key/main.tf +++ b/sample-scripts/aws-xks/cm-as-key-source/linked-key/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/aws-xks/cm-as-key-source/unlinked-key/main.tf b/sample-scripts/aws-xks/cm-as-key-source/unlinked-key/main.tf index c2b1907..7d6e2c4 100644 --- a/sample-scripts/aws-xks/cm-as-key-source/unlinked-key/main.tf +++ b/sample-scripts/aws-xks/cm-as-key-source/unlinked-key/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/aws-xks/luna-as-key-source/linked-key/main.tf b/sample-scripts/aws-xks/luna-as-key-source/linked-key/main.tf index 5ad2885..5c31b91 100644 --- a/sample-scripts/aws-xks/luna-as-key-source/linked-key/main.tf +++ b/sample-scripts/aws-xks/luna-as-key-source/linked-key/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/aws-xks/luna-as-key-source/unlinked-key/main.tf b/sample-scripts/aws-xks/luna-as-key-source/unlinked-key/main.tf index 115b483..0f4065c 100644 --- a/sample-scripts/aws-xks/luna-as-key-source/unlinked-key/main.tf +++ b/sample-scripts/aws-xks/luna-as-key-source/unlinked-key/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/azure-keys/create-native/ec/main.tf b/sample-scripts/azure-keys/create-native/ec/main.tf index 1135f33..91f6223 100644 --- a/sample-scripts/azure-keys/create-native/ec/main.tf +++ b/sample-scripts/azure-keys/create-native/ec/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/azure-keys/create-native/hsm/main.tf b/sample-scripts/azure-keys/create-native/hsm/main.tf index 760641a..8b5f27a 100644 --- a/sample-scripts/azure-keys/create-native/hsm/main.tf +++ b/sample-scripts/azure-keys/create-native/hsm/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/azure-keys/create-native/rsa/main.tf b/sample-scripts/azure-keys/create-native/rsa/main.tf index 94bbb33..01d3d61 100644 --- a/sample-scripts/azure-keys/create-native/rsa/main.tf +++ b/sample-scripts/azure-keys/create-native/rsa/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/azure-keys/key-rotation/ciphertrust/main.tf b/sample-scripts/azure-keys/key-rotation/ciphertrust/main.tf index 9df670d..9739a7a 100644 --- a/sample-scripts/azure-keys/key-rotation/ciphertrust/main.tf +++ b/sample-scripts/azure-keys/key-rotation/ciphertrust/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/azure-keys/key-rotation/dsm/main.tf b/sample-scripts/azure-keys/key-rotation/dsm/main.tf index a5f7d51..2b82532 100644 --- a/sample-scripts/azure-keys/key-rotation/dsm/main.tf +++ b/sample-scripts/azure-keys/key-rotation/dsm/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/azure-keys/key-rotation/hsm-luna/main.tf b/sample-scripts/azure-keys/key-rotation/hsm-luna/main.tf index 5412bd5..55e52fd 100644 --- a/sample-scripts/azure-keys/key-rotation/hsm-luna/main.tf +++ b/sample-scripts/azure-keys/key-rotation/hsm-luna/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/azure-keys/key-rotation/native/main.tf b/sample-scripts/azure-keys/key-rotation/native/main.tf index decbbbf..d18dfe1 100644 --- a/sample-scripts/azure-keys/key-rotation/native/main.tf +++ b/sample-scripts/azure-keys/key-rotation/native/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/azure-keys/key-synchronization/main.tf b/sample-scripts/azure-keys/key-synchronization/main.tf index fb89170..691f2f8 100644 --- a/sample-scripts/azure-keys/key-synchronization/main.tf +++ b/sample-scripts/azure-keys/key-synchronization/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/azure-keys/upload/ciphertrust/main.tf b/sample-scripts/azure-keys/upload/ciphertrust/main.tf index b7206af..80eeb03 100644 --- a/sample-scripts/azure-keys/upload/ciphertrust/main.tf +++ b/sample-scripts/azure-keys/upload/ciphertrust/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/azure-keys/upload/dsm/main.tf b/sample-scripts/azure-keys/upload/dsm/main.tf index cf5909f..bf9f453 100644 --- a/sample-scripts/azure-keys/upload/dsm/main.tf +++ b/sample-scripts/azure-keys/upload/dsm/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/azure-keys/upload/hsm-luna/main.tf b/sample-scripts/azure-keys/upload/hsm-luna/main.tf index e5fe1ee..c0b627c 100644 --- a/sample-scripts/azure-keys/upload/hsm-luna/main.tf +++ b/sample-scripts/azure-keys/upload/hsm-luna/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/azure-keys/upload/pfx/main.tf b/sample-scripts/azure-keys/upload/pfx/main.tf index f6353d3..4930b67 100644 --- a/sample-scripts/azure-keys/upload/pfx/main.tf +++ b/sample-scripts/azure-keys/upload/pfx/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/ciphertrust-domain-users/Step1-create-a-domain/main.tf b/sample-scripts/ciphertrust-domain-users/Step1-create-a-domain/main.tf index f97c178..1aa0ea9 100644 --- a/sample-scripts/ciphertrust-domain-users/Step1-create-a-domain/main.tf +++ b/sample-scripts/ciphertrust-domain-users/Step1-create-a-domain/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/ciphertrust-domain-users/Step2-create-a-domain-user-in-domain/main.tf b/sample-scripts/ciphertrust-domain-users/Step2-create-a-domain-user-in-domain/main.tf index fe97370..071ec8d 100644 --- a/sample-scripts/ciphertrust-domain-users/Step2-create-a-domain-user-in-domain/main.tf +++ b/sample-scripts/ciphertrust-domain-users/Step2-create-a-domain-user-in-domain/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/ciphertrust-domain-users/Step3-domain-user-login/main.tf b/sample-scripts/ciphertrust-domain-users/Step3-domain-user-login/main.tf index 7955f55..321e0cd 100644 --- a/sample-scripts/ciphertrust-domain-users/Step3-domain-user-login/main.tf +++ b/sample-scripts/ciphertrust-domain-users/Step3-domain-user-login/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/connections/aws/main.tf b/sample-scripts/connections/aws/main.tf index 5b72e4b..8d3b571 100644 --- a/sample-scripts/connections/aws/main.tf +++ b/sample-scripts/connections/aws/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/connections/azure/main.tf b/sample-scripts/connections/azure/main.tf index dabf4ed..c9c9892 100644 --- a/sample-scripts/connections/azure/main.tf +++ b/sample-scripts/connections/azure/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/connections/dsm/main.tf b/sample-scripts/connections/dsm/main.tf index a2246ee..b1db3c3 100644 --- a/sample-scripts/connections/dsm/main.tf +++ b/sample-scripts/connections/dsm/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/connections/google/main.tf b/sample-scripts/connections/google/main.tf index cd37ef0..9133246 100644 --- a/sample-scripts/connections/google/main.tf +++ b/sample-scripts/connections/google/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/connections/luna-hsm/main.tf b/sample-scripts/connections/luna-hsm/main.tf index 271ad7a..77d39e2 100644 --- a/sample-scripts/connections/luna-hsm/main.tf +++ b/sample-scripts/connections/luna-hsm/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/data-sources/aws-key/main.tf b/sample-scripts/data-sources/aws-key/main.tf index 4d6b03c..d37bee0 100644 --- a/sample-scripts/data-sources/aws-key/main.tf +++ b/sample-scripts/data-sources/aws-key/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/data-sources/azure-connection/main.tf b/sample-scripts/data-sources/azure-connection/main.tf index 6083738..e8d7f68 100644 --- a/sample-scripts/data-sources/azure-connection/main.tf +++ b/sample-scripts/data-sources/azure-connection/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/data-sources/azure-key/main.tf b/sample-scripts/data-sources/azure-key/main.tf index 19b949f..5e5e754 100644 --- a/sample-scripts/data-sources/azure-key/main.tf +++ b/sample-scripts/data-sources/azure-key/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/data-sources/google-connection/main.tf b/sample-scripts/data-sources/google-connection/main.tf index b458b99..8ba66a1 100644 --- a/sample-scripts/data-sources/google-connection/main.tf +++ b/sample-scripts/data-sources/google-connection/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/data-sources/google-key/main.tf b/sample-scripts/data-sources/google-key/main.tf index 8828c6a..c8369ef 100644 --- a/sample-scripts/data-sources/google-key/main.tf +++ b/sample-scripts/data-sources/google-key/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/data-sources/google-keyring/main.tf b/sample-scripts/data-sources/google-keyring/main.tf index 2dbd842..50e47f3 100644 --- a/sample-scripts/data-sources/google-keyring/main.tf +++ b/sample-scripts/data-sources/google-keyring/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/data-sources/scheduler/README.md b/sample-scripts/data-sources/scheduler/README.md new file mode 100644 index 0000000..dc8bacf --- /dev/null +++ b/sample-scripts/data-sources/scheduler/README.md @@ -0,0 +1,106 @@ +# Schedule Rotation of Azure Keys using a HSM-Luna as the Key Source + +This example shows how to: +- Create a connection to Azure +- Configure a scheduled rotation job for Azure keys using a HSM-Luna as the key source +- Use the scheduler datasource to retrieve scheduler details to be used in the next step +- Create an Azure key that will be rotated by the scheduler + +The following steps explain how to: +- Configure CipherTrust Manager Provider parameters required to run the examples +- Configure Azure parameters required to create Azure keys +- Configure HSM-Luna parameters required to create HSM-Luna keys +- Run the example + +## Configure CipherTrust Manager + +### Use environment variables + +```bash +export CM_ADDRESS=https://cm-address +export CM_USERNAME=cm-username +export CM_PASSWORD=cm-password +export CM_DOMAIN=cm-domain +``` +### Use a configuration file + +Create a ~/.ciphertrust/config file and configure these keys with your values + +```bash +address = https://cm-address +username = cm-username +password = cm-password +domain = cm-domain +``` + +### Edit the provider block in main.tf + +```bash +provider "ciphertrust" { + address = "https://cm-address" + username = "cm-username" + password = "cm-password" + domain = "cm-domain" +} +``` + +## Configure Azure Credentials + +### Use environment variables + +```bash +export ARM_CLIENT_ID=client-id +export ARM_CLIENT_SECRET=client-secret +export ARM_TENANT_ID=tenant-id +``` + +### Edit the connection resource in main.tf + +```bash +resource "ciphertrust_azure_connection" "azure_connection" { + name = "azure-connection" + client_id = "client-id" + client_secret = "client-secret" + tenant_id = "tenant-id" +} +``` + +## Configure Azure Vaults + +### Configure for all Azure examples + +Update values in scripts/azure_vars.sh and run the script. + +This updates all azure_vars.tf files found in the subdirectories. + +### Configure for this example only + +Edit azure_vars.tf in this directory and update with your values. + +## Configure HSM-Luna Credentials and Partitions + +### Configure for all HSM-Luna examples + +Update values in scripts/hsm_vars.sh and run the script. + +This updates all hsm_vars.tf files found in the subdirectories. + +### Configure for this example only + +Edit hsm_vars.tf in this directory and update with your values. + +## Run the Example + +```bash +terraform init +terraform apply +``` + +## Delete the Resources + +Resources must be destroyed before another sample script using the same clouds is run. + +```bash +terraform destroy +``` +It's important to run this step even if the apply step fails. diff --git a/sample-scripts/data-sources/scheduler/azure_vars.tf b/sample-scripts/data-sources/scheduler/azure_vars.tf new file mode 100644 index 0000000..14ce72c --- /dev/null +++ b/sample-scripts/data-sources/scheduler/azure_vars.tf @@ -0,0 +1,4 @@ +variable "vault_name" { + type = string + default = "azure-premium-vault-name" +} diff --git a/sample-scripts/data-sources/scheduler/hsm_vars.tf b/sample-scripts/data-sources/scheduler/hsm_vars.tf new file mode 100644 index 0000000..83b0b8f --- /dev/null +++ b/sample-scripts/data-sources/scheduler/hsm_vars.tf @@ -0,0 +1,24 @@ +variable "hsm_certificate" { + type = string + default = "hsm-server-cert-path" +} + +variable "hsm_hostname" { + type = string + default = "hsm-hostname" +} + +variable "hsm_partition_password" { + type = string + default = "hsm-partition-password" +} + +variable "hsm_partition_label" { + type = string + default = "hsm-partition-label" +} + +variable "hsm_partition_serial_number" { + type = string + default = "hsm-partition-sn" +} \ No newline at end of file diff --git a/sample-scripts/data-sources/scheduler/main.tf b/sample-scripts/data-sources/scheduler/main.tf new file mode 100644 index 0000000..fc9a30b --- /dev/null +++ b/sample-scripts/data-sources/scheduler/main.tf @@ -0,0 +1,99 @@ +terraform { + required_providers { + ciphertrust = { + source = "ThalesGroup/ciphertrust" + version = "0.10.3-beta" + } + } +} + +provider "ciphertrust" {} + +resource "random_id" "random" { + byte_length = 8 +} + +locals { + azure_connection_name = "azure-connection-${lower(random_id.random.hex)}" + hsm_connection_name = "hsm-connection-${lower(random_id.random.hex)}" + key_name = "hsm-rotation-${lower(random_id.random.hex)}" + rotation_job_name = "azure-hsm-${lower(random_id.random.hex)}" +} + +# Create an Azure connection +resource "ciphertrust_azure_connection" "azure_connection" { + name = local.azure_connection_name +} + +# Get Azure subscription +data "ciphertrust_azure_account_details" "subscriptions" { + azure_connection = ciphertrust_azure_connection.azure_connection.name +} + +# Add a vault +resource "ciphertrust_azure_vault" "azure_vault" { + azure_connection = ciphertrust_azure_connection.azure_connection.name + subscription_id = data.ciphertrust_azure_account_details.subscriptions.subscription_id + name = var.vault_name +} + +# Create a HSM-Luna network server +resource "ciphertrust_hsm_server" "hsm_server" { + hostname = var.hsm_hostname + hsm_certificate = var.hsm_certificate +} + +# Create a HSM-Luna connection +resource "ciphertrust_hsm_connection" "hsm_connection" { + hostname = var.hsm_hostname + server_id = ciphertrust_hsm_server.hsm_server.id + name = local.hsm_connection_name + partitions { + partition_label = var.hsm_partition_label + serial_number = var.hsm_partition_serial_number + } + partition_password = var.hsm_partition_password +} + +# Add a partition to connection +resource "ciphertrust_hsm_partition" "hsm_partition" { + hsm_connection = ciphertrust_hsm_connection.hsm_connection.id +} + +# Create scheduled rotation job to run every Saturday at 9 am +resource "ciphertrust_scheduler" "rotation_job" { + cckm_key_rotation_params { + cloud_name = "AzureCloud" + } + name = local.rotation_job_name + operation = "cckm_key_rotation" + run_at = "0 9 * * sat" + run_on = "any" +} +output "rotation_job" { + value = ciphertrust_scheduler.rotation_job +} + +# Retrieve details using the scheduler's name +data "ciphertrust_scheduler" "rotation_scheduler" { + name = ciphertrust_scheduler.rotation_job.name +} +output "rotation_scheduler" { + value = data.ciphertrust_scheduler.rotation_scheduler +} + +# Create an RSA key with scheduled rotation +resource "ciphertrust_azure_key" "azure_key" { + enable_rotation { + hsm_partition_id = ciphertrust_hsm_partition.hsm_partition.id + job_config_id = data.ciphertrust_scheduler.rotation_scheduler.id + key_source = "hsm-luna" + } + key_type = "RSA-HSM" + name = local.key_name + key_size = 2048 + vault = ciphertrust_azure_vault.azure_vault.id +} +output "key" { + value = ciphertrust_azure_key.azure_key +} diff --git a/sample-scripts/google-ekm-endpoints/main.tf b/sample-scripts/google-ekm-endpoints/main.tf index 631389d..e2a662b 100644 --- a/sample-scripts/google-ekm-endpoints/main.tf +++ b/sample-scripts/google-ekm-endpoints/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "thales.com/terraform/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/google-keyring-acls/groups/main.tf b/sample-scripts/google-keyring-acls/groups/main.tf index 3b9c3df..579ac90 100644 --- a/sample-scripts/google-keyring-acls/groups/main.tf +++ b/sample-scripts/google-keyring-acls/groups/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/google-keyring-acls/users/main.tf b/sample-scripts/google-keyring-acls/users/main.tf index 48acb99..79c62ee 100644 --- a/sample-scripts/google-keyring-acls/users/main.tf +++ b/sample-scripts/google-keyring-acls/users/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/google-keys/add-versions/ciphertrust/asymmetric/main.tf b/sample-scripts/google-keys/add-versions/ciphertrust/asymmetric/main.tf index a0e3043..fa57246 100644 --- a/sample-scripts/google-keys/add-versions/ciphertrust/asymmetric/main.tf +++ b/sample-scripts/google-keys/add-versions/ciphertrust/asymmetric/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/google-keys/add-versions/ciphertrust/symmetric/main.tf b/sample-scripts/google-keys/add-versions/ciphertrust/symmetric/main.tf index 02df007..7ab5c1c 100644 --- a/sample-scripts/google-keys/add-versions/ciphertrust/symmetric/main.tf +++ b/sample-scripts/google-keys/add-versions/ciphertrust/symmetric/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/google-keys/add-versions/dsm/asymmetric/main.tf b/sample-scripts/google-keys/add-versions/dsm/asymmetric/main.tf index 1410626..d9d770e 100644 --- a/sample-scripts/google-keys/add-versions/dsm/asymmetric/main.tf +++ b/sample-scripts/google-keys/add-versions/dsm/asymmetric/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/google-keys/add-versions/dsm/symmetric/main.tf b/sample-scripts/google-keys/add-versions/dsm/symmetric/main.tf index 35afc55..cb2991c 100644 --- a/sample-scripts/google-keys/add-versions/dsm/symmetric/main.tf +++ b/sample-scripts/google-keys/add-versions/dsm/symmetric/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/google-keys/add-versions/hsm-luna/asymmetric/main.tf b/sample-scripts/google-keys/add-versions/hsm-luna/asymmetric/main.tf index 8e738f3..d25f7cf 100644 --- a/sample-scripts/google-keys/add-versions/hsm-luna/asymmetric/main.tf +++ b/sample-scripts/google-keys/add-versions/hsm-luna/asymmetric/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/google-keys/add-versions/native/asymmetric/main.tf b/sample-scripts/google-keys/add-versions/native/asymmetric/main.tf index 1713ecb..b2a62d4 100644 --- a/sample-scripts/google-keys/add-versions/native/asymmetric/main.tf +++ b/sample-scripts/google-keys/add-versions/native/asymmetric/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/google-keys/add-versions/native/symmetric/main.tf b/sample-scripts/google-keys/add-versions/native/symmetric/main.tf index a2b5ebe..e6ba99c 100644 --- a/sample-scripts/google-keys/add-versions/native/symmetric/main.tf +++ b/sample-scripts/google-keys/add-versions/native/symmetric/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/google-keys/create-native/asymmetric/main.tf b/sample-scripts/google-keys/create-native/asymmetric/main.tf index e65480f..580eefa 100644 --- a/sample-scripts/google-keys/create-native/asymmetric/main.tf +++ b/sample-scripts/google-keys/create-native/asymmetric/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/google-keys/create-native/symmetric/main.tf b/sample-scripts/google-keys/create-native/symmetric/main.tf index 807ef18..9d5b35e 100644 --- a/sample-scripts/google-keys/create-native/symmetric/main.tf +++ b/sample-scripts/google-keys/create-native/symmetric/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/google-keys/key-rotation/ciphertrust/main.tf b/sample-scripts/google-keys/key-rotation/ciphertrust/main.tf index bdbdc23..62acee7 100644 --- a/sample-scripts/google-keys/key-rotation/ciphertrust/main.tf +++ b/sample-scripts/google-keys/key-rotation/ciphertrust/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/google-keys/key-rotation/dsm/main.tf b/sample-scripts/google-keys/key-rotation/dsm/main.tf index 4be584f..b193a30 100644 --- a/sample-scripts/google-keys/key-rotation/dsm/main.tf +++ b/sample-scripts/google-keys/key-rotation/dsm/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/google-keys/key-rotation/hsm-luna/main.tf b/sample-scripts/google-keys/key-rotation/hsm-luna/main.tf index 6d40396..adcb93c 100644 --- a/sample-scripts/google-keys/key-rotation/hsm-luna/main.tf +++ b/sample-scripts/google-keys/key-rotation/hsm-luna/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/google-keys/key-rotation/native/main.tf b/sample-scripts/google-keys/key-rotation/native/main.tf index 416891d..d0fcfc1 100644 --- a/sample-scripts/google-keys/key-rotation/native/main.tf +++ b/sample-scripts/google-keys/key-rotation/native/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/google-keys/key-synchronization/main.tf b/sample-scripts/google-keys/key-synchronization/main.tf index cc62891..eab479c 100644 --- a/sample-scripts/google-keys/key-synchronization/main.tf +++ b/sample-scripts/google-keys/key-synchronization/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/google-keys/upload/ciphertrust/asymmetric/main.tf b/sample-scripts/google-keys/upload/ciphertrust/asymmetric/main.tf index 3c0df34..465f61d 100644 --- a/sample-scripts/google-keys/upload/ciphertrust/asymmetric/main.tf +++ b/sample-scripts/google-keys/upload/ciphertrust/asymmetric/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/google-keys/upload/ciphertrust/symmetric/main.tf b/sample-scripts/google-keys/upload/ciphertrust/symmetric/main.tf index e7304b1..15bbe35 100644 --- a/sample-scripts/google-keys/upload/ciphertrust/symmetric/main.tf +++ b/sample-scripts/google-keys/upload/ciphertrust/symmetric/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/google-keys/upload/dsm/asymmetric/main.tf b/sample-scripts/google-keys/upload/dsm/asymmetric/main.tf index 326a304..3132c2e 100644 --- a/sample-scripts/google-keys/upload/dsm/asymmetric/main.tf +++ b/sample-scripts/google-keys/upload/dsm/asymmetric/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/google-keys/upload/dsm/symmetric/main.tf b/sample-scripts/google-keys/upload/dsm/symmetric/main.tf index b2db699..9859e7d 100644 --- a/sample-scripts/google-keys/upload/dsm/symmetric/main.tf +++ b/sample-scripts/google-keys/upload/dsm/symmetric/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/google-keys/upload/hsm-luna/asymmetric/main.tf b/sample-scripts/google-keys/upload/hsm-luna/asymmetric/main.tf index 43d2e63..425c695 100644 --- a/sample-scripts/google-keys/upload/hsm-luna/asymmetric/main.tf +++ b/sample-scripts/google-keys/upload/hsm-luna/asymmetric/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/google-workspace-cse/cse-endpoint/main.tf b/sample-scripts/google-workspace-cse/cse-endpoint/main.tf index 278f62a..ef25b8a 100644 --- a/sample-scripts/google-workspace-cse/cse-endpoint/main.tf +++ b/sample-scripts/google-workspace-cse/cse-endpoint/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/google-workspace-cse/cse-identity/main.tf b/sample-scripts/google-workspace-cse/cse-identity/main.tf index 65f85d3..ae5fb61 100644 --- a/sample-scripts/google-workspace-cse/cse-identity/main.tf +++ b/sample-scripts/google-workspace-cse/cse-identity/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/policies/cloud-key-manager/aws/allow-kms-add/main.tf b/sample-scripts/policies/cloud-key-manager/aws/allow-kms-add/main.tf index 88e2236..65643ca 100644 --- a/sample-scripts/policies/cloud-key-manager/aws/allow-kms-add/main.tf +++ b/sample-scripts/policies/cloud-key-manager/aws/allow-kms-add/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/policies/cloud-key-manager/azure/allow-vault-add/main.tf b/sample-scripts/policies/cloud-key-manager/azure/allow-vault-add/main.tf index 771bbde..1aa2501 100644 --- a/sample-scripts/policies/cloud-key-manager/azure/allow-vault-add/main.tf +++ b/sample-scripts/policies/cloud-key-manager/azure/allow-vault-add/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/policies/cloud-key-manager/deny-cmkey-export/main.tf b/sample-scripts/policies/cloud-key-manager/deny-cmkey-export/main.tf index fa4cd69..13360f0 100644 --- a/sample-scripts/policies/cloud-key-manager/deny-cmkey-export/main.tf +++ b/sample-scripts/policies/cloud-key-manager/deny-cmkey-export/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/policies/cloud-key-manager/google/allow-keyring-create/main.tf b/sample-scripts/policies/cloud-key-manager/google/allow-keyring-create/main.tf index c5d94f0..343f2e4 100644 --- a/sample-scripts/policies/cloud-key-manager/google/allow-keyring-create/main.tf +++ b/sample-scripts/policies/cloud-key-manager/google/allow-keyring-create/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/practical-examples/aws_s3_bucket/main.tf b/sample-scripts/practical-examples/aws_s3_bucket/main.tf index f3de63f..1f0b015 100644 --- a/sample-scripts/practical-examples/aws_s3_bucket/main.tf +++ b/sample-scripts/practical-examples/aws_s3_bucket/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/practical-examples/azure_storage_account/main.tf b/sample-scripts/practical-examples/azure_storage_account/main.tf index e10c8d0..c9ca0d2 100644 --- a/sample-scripts/practical-examples/azure_storage_account/main.tf +++ b/sample-scripts/practical-examples/azure_storage_account/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } } } diff --git a/sample-scripts/practical-examples/cluster/main.tf b/sample-scripts/practical-examples/cluster/main.tf index a955dcb..2c45d0d 100644 --- a/sample-scripts/practical-examples/cluster/main.tf +++ b/sample-scripts/practical-examples/cluster/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { ciphertrust = { source = "ThalesGroup/ciphertrust" - version = ".10.1-beta" + version = "0.10.3-beta" } aws = {