Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ThalesGroup/ciphertrust provider: External key store consistently enters disconnected state #10

Open
anuj1366 opened this issue Apr 25, 2024 · 0 comments
Open

ThalesGroup/ciphertrust provider: External key store consistently enters disconnected state #10

anuj1366 opened this issue Apr 25, 2024 · 0 comments

Comments

@anuj1366
Copy link

anuj1366 commented Apr 25, 2024
edited
Loading

We're currently creating an external key store in the account using the Terraform "ThalesGroup/ciphertrust" provider. However, upon creation, it consistently enters a disconnected state. We've thoroughly reviewed our CloudTrail logs and found no events indicating an attempt to establish a connection.

We have followed the configuration based on the Terraform documentation, and everything seems to be set up correctly on our end. However, the provider is not entering a connected state automatically as expected.

Could you please investigate on your end or reach out to the ThalesGroup/ciphertrust team to determine if there are any restrictions preventing it from entering a connected state?

Steps to Reproduce

  1. Deploy ThalesGroup/ciphertrust provider using Terraform.
  2. Observe that the external key store consistently enters a disconnected state.
  3. Review CloudTrail logs for any relevant events.

Expected Behavior

The ThalesGroup/ciphertrust provider should automatically establish a connection to the external key store upon creation, without requiring manual intervention.

Additional Information

  • Terraform version: 1.5
  • CipherTrust Manager version 2.14.0+10829
  • crypto version: 1.7.0
  • Cloud provider : AWS

terraform {
required_providers {
ciphertrust = {
source = "ThalesGroup/ciphertrust"
version = "0.10.0-beta"
}
}
}

resource "ciphertrust_aws_custom_keystore" "linked_xks_custom_keystore_for_cm_as_source" {
  for_each = var.cks
  name = format("CKS_%s_%s_%s",var.accountid,var.region,each.key)
  region = var.region
  kms    = var.kms
  linked_state = true
  connect_disconnect_keystore = "CONNECT_KEYSTORE"
  local_hosted_params {
    blocked = false
    health_check_key_id = var.ciphertrustcmkey
    max_credentials = 8
    source_key_tier = "local"
  }
  aws_param {
    xks_proxy_vpc_endpoint_service_name = each.value.endpoint_details.service_name
    xks_proxy_connectivity = "VPC_ENDPOINT_SERVICE"
    custom_key_store_type = "EXTERNAL_KEY_STORE"
    xks_proxy_uri_endpoint = format("https://%s",each.value.endpoint_details.private_dns_name)
  }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@anuj1366