# SOME DESCRIPTIVE TITLE. # Copyright (C) 2015, Barbican Developers # This file is distributed under the same license as the Barbican Release Notes package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: Barbican Release Notes \n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2024-04-23 15:48+0000\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #: ../../:61 msgid "" "(For deployments overriding default policies) After upgrading, please review " "Barbican policy files and ensure that you port any rules tied to `order:put` " "are remapped to `orders:put`." msgstr "" #: ../../:5 msgid "1.0.0-5" msgstr "" #: ../../:132 msgid "10.0.0" msgstr "" #: ../../:55 msgid "10.1.0" msgstr "" #: ../../:5 msgid "10.1.0-15" msgstr "" #: ../../:116 msgid "11.0.0" msgstr "" #: ../../:5 msgid "11.0.0-23" msgstr "" #: ../../:69 msgid "12.0.0" msgstr "" #: ../../:5 msgid "12.0.1" msgstr "" #: ../../:58 msgid "13.0.0" msgstr "" #: ../../:5 msgid "13.0.1" msgstr "" #: ../../:5 msgid "14.0.0" msgstr "" #: ../../:5 msgid "17.0.0" msgstr "" #: ../../:5 msgid "2.0.0" msgstr "" #: ../../:5 msgid "3.0.0" msgstr "" #: ../../:5 msgid "4.0.0" msgstr "" #: ../../:5 msgid "5.0.0" msgstr "" #: ../../:53 msgid "6.0.0" msgstr "" #: ../../:5 msgid "6.0.1-12" msgstr "" #: ../../:34 msgid "7.0.0" msgstr "" #: ../../:5 msgid "7.0.0-17" msgstr "" #: ../../:5 msgid "8.0.0" msgstr "" #: ../../:5 msgid "9.0.1-21" msgstr "" #: ../../:34 stable/ussuri>:84 stable/victoria>:34 #: stable/wallaby>:98 msgid "" "A new \"token_labels\" option has been added to the PKCS#11 driver which " "supersedes the previous \"token_label\" option. The new option is used to " "specify a list of tokens that can be used by Barbican. This is required for " "some HSM devices that use separate tokens for load balancing. For most use " "cases the new option will just have a single token. The old option is " "deprecated, but will still be used if present." msgstr "" #: ../../:28 stable/ussuri>:78 stable/victoria>:28 #: stable/wallaby>:92 msgid "" "Added a new boolean option to the PKCS#11 backend: `os_locking_ok`. When " "set to True, the flag CKF_OS_LOCKING_OK will be passed to the C_Initialize " "function. The new option defaults to False." msgstr "" #: ../../:14 stable/rocky>:43 msgid "" "Added new options to the PKCS#11 Cryptographic Plugin configuration to " "enable the use of different encryption and hmac mechanisms. Added support " "for `CKM_AES_CBC` encryption in the PKCS#11 Cryptographic Plugin." msgstr "" #: ../../:14 msgid "Added new tool ``barbican-status upgrade check``." msgstr "" #: ../../:24 msgid "" "Added two new subcommands to `barbican-manage hsm` that can query the HSM to " "check if a MKEK or HMAC key with the given label already exists. See " "`barbican-manage hsm check_mkek --help` and `barbican-manage hsm check_hmac " "--help` for details." msgstr "" #: ../../:14 stable/ussuri>:64 stable/victoria>:14 #: stable/wallaby>:78 msgid "" "Added two options for the PKCS#11 Crypto Plugin: `[p11_crypto_plugin]/" "token_serial_number` and `[p11_crypto_plugin]/token_label`. Both are " "optional and can be used instead of `[p11_crypto_plugin]/slot_id` to " "identify the Token to be used by the PKCS#11 plugin. When either one of the " "new options is defined the plugin will search all slots on the PKCS#11 " "device for a token that matches the given value. `token_serial_number` has " "the highest precendence and other values will be ignored when this value is " "set. If `token_serial_number` is not set, then `token_label` has the next " "highest precedence and `slot_id` will be ignored. `slot_id` will be used " "when neither one of the new options is set." msgstr "" #: ../../:41 stable/rocky>:22 stable/rocky>:81 #: stable/stein>:68 stable/train>:89 stable/ussuri>:38 stable/ussuri>:117 #: stable/victoria>:89 stable/victoria>:135 stable/wallaby>:47 #: stable/wallaby>:295 stable/xena>:36 stable/xena>:74 unmaintained/yoga>:36 msgid "Bug Fixes" msgstr "" #: ../../:85 msgid "" "By default barbican checks only the algorithm and the bit_length when " "creating a new secret. The xts-mode cuts the key in half for aes, so for " "using aes-256 with xts, you have to use a 512 bit key, but barbican allows " "only a maximum of 256 bit. A check for the mode within the " "_is_algorithm_supported method of the class SimpleCryptoPlugin was added to " "allow 512 bit keys for aes-xts in this plugin." msgstr "" #: ../../:76 msgid "CAs" msgstr "" #: ../../:72 msgid "Certificate Orders" msgstr "" #: ../../:86 msgid "Critical Issues" msgstr "" #: ../../:125 msgid "" "Default for auto_db_create has been changed to False (was True). This is a " "change compared to the previous behavior, but required to protect production " "deployments from performing upgrades without control. If you wish to keep " "the auto db creation/upgrade behavior, change this to True in your " "configuration." msgstr "" #: ../../:33 stable/rocky>:14 stable/stein>:60 msgid "" "Deprecated the `generate_iv` option name. It has been renamed to " "`aes_gcm_generate_iv` to reflect the fact that it only applies to the " "CKM_AES_GCM mechanism." msgstr "" #: ../../:27 stable/rocky>:73 msgid "" "Deprecated the `p11_crypto_plugin:algoritm` option. Users should update " "their configuration to use `p11_crypto_plugin:encryption_mechanism` instead." msgstr "" #: ../../:68 stable/pike>:21 #: stable/queens>:23 stable/queens>:68 stable/rocky>:10 stable/rocky>:69 #: stable/stein>:56 stable/train>:60 stable/ussuri>:105 stable/victoria>:60 #: stable/wallaby>:173 msgid "Deprecation Notes" msgstr "" #: ../../:126 stable/victoria>:139 msgid "Fixed Story # 2007732: Migrations broken on MySQL 8.x." msgstr "" #: ../../:45 stable/rocky>:26 stable/stein>:72 msgid "" "Fixed Story #2004734: Added a new option `always_set_cka_sensitive` to fix " "a regression that affected Safenet HSMs. The option defaults to `True` as " "required by Safenet HSMs. Other HSMs may require it be set to `False`." msgstr "" #: ../../:78 msgid "" "Fixed Story #2004734: Added a new option 'hmac_keywrap_mechanism' to make " "the mechanism used to calculate a HMAC from an wrapped PKEK configurable. " "This was introduced because of an problem with Utimaco HSMs which throw an " "'CKR_MECHANISM_INVALID' error, e.g. when a new PKEK is generated. For " "Utimaco HSMs, 'hmac_keywrap_mechanism' should be set to 'CKM_AES_MAC' in " "barbican.conf." msgstr "" #: ../../:93 stable/wallaby>:299 msgid "" "Fixed Story #2006978: An admin user now can delete other users secrets by " "adjust the policy file." msgstr "" #: ../../:93 stable/ussuri>:121 #: stable/victoria>:98 stable/wallaby>:304 msgid "" "Fixed Story #2008649: Correctly reinitialize PKCS11 object after secondary " "failures." msgstr "" #: ../../:98 stable/ussuri>:42 #: stable/victoria>:103 stable/wallaby>:51 stable/xena>:40 #: unmaintained/yoga>:40 msgid "" "Fixed Story #2009247 - Fixed the response for POST /v1/secrets/{secret-id}/" "metadata so it matches the documented behavior." msgstr "" #: ../../:104 stable/ussuri>:48 #: stable/victoria>:109 stable/wallaby>:62 stable/xena>:51 #: unmaintained/yoga>:51 msgid "" "Fixed Story #2009672 - Fixed validator for Container Consumers to prevent " "500 errors." msgstr "" #: ../../:76 stable/ussuri>:25 stable/victoria>:76 #: stable/wallaby>:34 stable/xena>:23 unmaintained/yoga>:23 msgid "" "Fixed Story #2009791: Users with the \"creator\" role on a project can now " "delete secrets owned by the project even if the user is different than the " "user that originally created the secret. Previous to this fix a user with " "the \"creator\" role was only allowed to delete a secret owned by the " "project if they were also the same user that originally created, which was " "inconsistent with the way that deletes are handled by other OpenStack " "projects that integrate with Barbican. This change does not affect private " "secrets (i.e. secrets with the \"project-access\" flag set to \"false\")." msgstr "" #: ../../:48 msgid "" "Fixed Story #2010258: Fixes a security vulnerability where the contents of " "a request query string were mistakenly being used in the RBAC policy engine." msgstr "" #: ../../:78 msgid "" "Fixed Story 2008335: Fixed a data encoding issue in the Hashicorp Vault " "backend that was causing errors when retrieving keys that were generated by " "the Vault Key Manager in Castellan." msgstr "" #: ../../:57 stable/xena>:46 #: unmaintained/yoga>:46 msgid "" "Fixed Story 2009664 - Fixed the Consumer controller to be able to use the " "associated Container's ownership information in policy checks." msgstr "" #: ../../:94 msgid "" "Fixed the response code for invalid subroutes for individual secrets. The " "API was previously responding with the incorrect code \"406 - Method not " "allowed\", but now responds correctly with \"404 - Not Found\"." msgstr "" #: ../../:60 origin/stable/mitaka>:90 msgid "" "If you are upgrading from previous version of barbican that uses the PKCS#11 " "Cryptographic Plugin driver, you will need to run the migration script" msgstr "" #: ../../:111 msgid "Implement secure-rbac for consumers resource." msgstr "" #: ../../:115 msgid "Implement secure-rbac for containers resource." msgstr "" #: ../../:119 msgid "Implement secure-rbac for orders resource." msgstr "" #: ../../:123 msgid "Implement secure-rbac for quotas resource." msgstr "" #: ../../:127 msgid "Implement secure-rbac for secretmeta resource." msgstr "" #: ../../:131 msgid "Implement secure-rbac for secrets resource." msgstr "" #: ../../:135 msgid "Implement secure-rbac for secretstores resource." msgstr "" #: ../../:139 msgid "Implement secure-rbac for transportkeys resource." msgstr "" #: ../../:107 msgid "Implement secure-rbac policy for ACLs." msgstr "" #: ../../:141 msgid "" "It is now possible for barbican-keystone-listener to listen on the same " "standard notification topic without interfering with other services by using " "the notification listener pools feature of oslo.messaging. To use it, set " "the new ``[keystone_notifications]pool_name`` option to some unique value " "(but the same for all instances of barbican-keystone-listener service). This " "feature is available only for those messaging transports of oslo.messaging " "that support it. At the moment those are rabbitmq and kafka. For more " "details see `oslo.messagind docs `_" msgstr "" #: ../../:40 msgid "Known Issues" msgstr "" #: ../../:14 msgid "" "Maintain the policy rules in code and add an oslo.policy CLI script in tox " "to generate policy sample file. The script can be called like \"oslopolicy-" "sample-generator --config-file=etc/oslo-config-generator/policy.conf\" and " "will generate a policy.yaml.sample file with the effective policy." msgstr "" #: ../../:36 msgid "" "Microversions enable clients to do a server supported version discovery, " "allowing old clients (not supporting the feature) to interact with newer " "servers." msgstr "" #: ../../:30 origin/stable/newton>:20 #: origin/stable/ocata>:20 stable/2023.2>:21 stable/pike>:10 stable/queens>:10 #: stable/rocky>:39 stable/stein>:20 stable/train>:10 stable/ussuri>:10 #: stable/ussuri>:60 stable/ussuri>:137 stable/victoria>:10 stable/wallaby>:10 #: stable/wallaby>:74 stable/xena>:63 msgid "New Features" msgstr "" #: ../../:24 msgid "" "New feature to support multiple secret store plugin backends. This feature " "is not enabled by default. To use this feature, the relevant feature flag " "needs to be enabled and supporting configuration needs to be added in the " "service configuration. Once enabled, a project adminstrator will be able to " "specify one of the available secret store backends as a preferred secret " "store for their project secrets. This secret store preference applies only " "to new secrets (key material) created or stored within that project. " "Existing secrets are not impacted. See http://docs.openstack.org/developer/" "barbican/setup/plugin_backends.html for instructions on how to setup " "Barbican multiple backends, and the API documentation for further details." msgstr "" #: ../../:31 msgid "" "New framework for ``barbican-status upgrade check`` command is added. This " "framework allows adding various checks which can be run before a Barbican " "upgrade to ensure if the upgrade can be performed safely." msgstr "" #: ../../:14 msgid "" "Now within a single deployment, multiple secret store plugin backends can be " "configured and used. With this change, a project adminstrator can pre-define " "a preferred plugin backend for storing their secrets. New APIs are added to " "manage this project level secret store preference." msgstr "" #: ../../:48 msgid "" "Operator can now use new CLI tool ``barbican-status upgrade check`` to check " "if Barbican deployment can be safely upgraded from N-1 to N release." msgstr "" #: ../../:10 stable/pike>:32 #: stable/queens>:82 stable/rocky>:102 msgid "Other Notes" msgstr "" #: ../../:25 stable/xena>:14 #: unmaintained/yoga>:14 msgid "" "Part of the fix for Story 2009664 required renaming the policy for Container " "Consumers from \"consumers:get\" to \"container_consumers:get\", \"consumers:" "post\" to \"container_consumers:post\", and \"consumers:delete\" to " "\"container_consumers:delete\". If you are using custom policies to " "override the default policies you will need to update them to use the new " "names." msgstr "" #: ../../:37 msgid "" "Port existing policy RuleDefault objects to the newer, more verbose " "DocumentedRuleDefaults." msgstr "" #: ../../:10 origin/stable/newton>:10 #: origin/stable/ocata>:10 stable/2023.2>:10 stable/queens>:58 stable/stein>:10 msgid "Prelude" msgstr "" #: ../../:161 msgid "" "Python 2.7 support has been dropped. Last release of Barbican to support " "python 2.7 is OpenStack Train. The minimum version of Python now supported " "by Barbican is Python 3.6." msgstr "" #: ../../:50 msgid "" "Remap the `order:put` to `orders:put` to align with language in the orders " "controller." msgstr "" #: ../../:25 msgid "" "Removed application/pkix media type because Barbican will not be using media " "types for format conversion." msgstr "" #: ../../:30 msgid "" "Secret consumers do not block the secret to be deleted by the end user " "though. When an end user needs to delete a secret that has consumers, it " "can simply do it. However, deletion of secrets with consumers must be " "forced using a corresponding parameter, either in the client's CLI or in the " "client's API." msgstr "" #: ../../:44 stable/train>:72 stable/ussuri>:21 #: stable/victoria>:72 stable/wallaby>:21 stable/wallaby>:194 stable/xena>:10 #: unmaintained/yoga>:10 msgid "Security Issues" msgstr "" #: ../../:14 msgid "Start using reno to manage release notes." msgstr "" #: ../../:54 msgid "" "System scope has been removed from the RBAC policies as specified in the " "Consistent and Secure Default RBAC community goal. See: https://governance." "openstack.org/tc/goals/selected/consistent-and-secure-rbac.html APIs that " "required system scoped tokens can now be accessed by using a project scoped " "token with the \"admin\" role." msgstr "" #: ../../:64 stable/ussuri>:109 #: stable/victoria>:64 stable/wallaby>:177 msgid "" "The \"token_label\" option in the PKCS#11 driver is deprecated. Th new " "\"token_labels\" option should be used instead. If present, \"token_label\" " "will still be used by appending it to \"token_labels\"." msgstr "" #: ../../:72 msgid "" "The 'barbican-db-manage' script is deprecated. Use the new 'barbican-" "manage' utility instead." msgstr "" #: ../../:34 msgid "" "The 'barbican-manage' tool can be used to manage database schema changes as " "well as provision and rotate keys in the HSM backend." msgstr "" #: ../../:24 msgid "" "The 'http_proxy_to_wsgi' middleware can be used to help barbican respond " "with the correct URL refs when it's put behind a TLS proxy (such as " "HAProxy). This middleware is disabled by default, but can be enabled via a " "configuration option in the oslo_middleware group." msgstr "" #: ../../:76 msgid "" "The 'pkcs11-kek-rewrap' script is deprecated. Use the new 'barbican-manage' " "utility instead." msgstr "" #: ../../:80 msgid "" "The 'pkcs11-key-generation' script is deprecated. Use the new 'barbican-" "manage' utility instead." msgstr "" #: ../../:56 msgid "" "The Metadata API requires an update to the Database Schema. Existing " "deployments that are being upgraded to Mitaka should use the 'barbican-" "manage' utility to update the schema." msgstr "" #: ../../:19 msgid "" "The Mitaka release includes a new API to add arbitrary user-defined metadata " "to Secrets." msgstr "" #: ../../:34 msgid "" "The barbican-api-paste.ini configuration file for the paste pipeline was " "updated to add the http_proxy_to_wsgi middleware." msgstr "" #: ../../:252 msgid "" "The current policy allows all users except those with the audit role to list " "a secrets metadata keys and get the metadata values. The new desired policy " "will restrict this to members. For backwards compatibility, the old " "policies remain in effect, but they are deprecated and will be removed in " "future, leaving the more restrictive new policy." msgstr "" #: ../../:230 msgid "" "The current policy allows all users except those with the audit role to list " "orders or retrieve an orders metadata. The new desired policy will restrict " "this to members. For backwards compatibility, the old policies remain in " "effect, but they are deprecated and will be removed in future, leaving the " "more restrictive new policy." msgstr "" #: ../../:286 msgid "" "The current policy allows users with the admin role to add or delete " "transport keys. This interface was only ever intended to be used by system " "admins, and so it has been restricted using the new policy to the system " "admin only (admins with system_scope:all)." msgstr "" #: ../../:280 msgid "" "The current policy only allows users with the admin role to list and get " "secretstore resources. The new policy allows all users to perform these " "operations." msgstr "" #: ../../:244 msgid "" "The current policy only allows users with the key-manager:service-admin role " "to list, get, add, update or delete project quotas. The new policy allows " "system readers to list quotas and get quotas for specific projects and " "system admins (role:admin and system_scope:all) to add, update and delete " "project quotas." msgstr "" #: ../../:43 stable/ussuri>:14 stable/victoria>:43 #: stable/wallaby>:14 stable/xena>:67 msgid "" "The default maximum secret size has been increased from 10 kB to 20 kb, and " "the default maximum request size has been increased from 15 kB to 25 kB." msgstr "" #: ../../:159 msgid "" "The default value of ``[oslo_policy] policy_file`` config option has been " "changed from ``policy.json`` to ``policy.yaml``. Operators who are utilizing " "customized or previously generated static policy JSON files (which are not " "needed by default), should generate new policy files or convert them in YAML " "format. Use the `oslopolicy-convert-json-to-yaml `_ tool to " "convert a JSON to YAML formatted policy file in backward compatible way." msgstr "" #: ../../:48 stable/ussuri>:93 stable/victoria>:48 #: stable/wallaby>:143 msgid "" "The hsm subcommand for the barbican-manage command line tool no longer " "requires any parameters at run time. If any value used by the PKCS#11 value " "is needed it will be taken from /etc/barbican/barbican.conf. You may " "continue to specify any values on the command line, and those will take " "precedence over the values specified in barbican.conf, so any existing " "scripts that use barbican-manage should continue to work as expected." msgstr "" #: ../../:206 msgid "" "The new secure-rbac policy allows ACLs to be modified or deleted by members " "of a project. This is a change from the previous policy which only allowed " "these operations by the project admin or the secret or container creators." msgstr "" #: ../../:212 msgid "" "The new secure-rbac policy allows consumers to be added and deleted by " "members. This is a change from the previous policy which only allowed the " "secret's creator or admins or those that had a read acl on the secret." msgstr "" #: ../../:224 msgid "" "The new secure-rbac policy allows for container deletion by members. This is " "a change from the previous policy that only allowed deletion by the creator " "or the project admin." msgstr "" #: ../../:274 msgid "" "The new secure-rbac policy allows for secret deletion by members. This is a " "change from the previous policy that only allowed deletion by the creator or " "the project admin." msgstr "" #: ../../:238 msgid "" "The new secure-rbac policy allows for secret deletion by members. This is a " "change from the previous policy that only allowed deletion by the project " "admin." msgstr "" #: ../../:261 msgid "" "The new secure-rbac policy allows for secret metadata addition, modification " "and deletion by members. This is a change from the previous policy that " "only allowed deletion by the project admin or the secret creator." msgstr "" #: ../../:268 msgid "" "The new secure-rbac policy allows for two-step secret creation to be done by " "any member. This is a change from the previous policy that only allowed " "step two to be performed by the creator." msgstr "" #: ../../:218 msgid "" "The new secure-rbac policy allows secrets to be added and removed from " "containers by members. This is a change from the previous policy which only " "allowed admins to add and remove secrets." msgstr "" #: ../../:198 msgid "" "The new secure-rbac policy does not allow listing ACLs for private secrets " "or private containers. This is a change from the previous policy which " "allowed listing ACLs of private secrets or private containers by users with " "some role assignments on the project. The previous policy is deprecated, " "but it will continue to be used until it is removed in a future release." msgstr "" #: ../../:25 msgid "" "The secret consumers functionality allows other OpenStack projects, such as " "Cinder and Glance, to name a few, to register consumers of secrets. This is " "useful when a project wants to make an end user aware that it is using the " "secret." msgstr "" #: ../../:44 msgid "" "The service will encounter errors if you attempt to run this new release " "using data stored by a previous version of the PKCS#11 Cryptographic Plugin " "that has not yet been migrated for this release. The logged errors will " "look like" msgstr "" #: ../../:14 msgid "This release adds http_proxy_to_wsgi middleware to the pipeline." msgstr "" #: ../../:14 msgid "" "This release includes a new command line utility 'barbican-manage' that " "consolidates and supersedes the separate HSM and database management scripts." msgstr "" #: ../../:24 msgid "" "This release includes significant improvements to the performance of the " "PKCS#11 Cryptographic Plugin driver. These changes will require a data " "migration of any existing data stored by previous versions of the PKCS#11 " "backend." msgstr "" #: ../../:62 msgid "" "This release notify that we will remove Certificate Orders and CAs from API." msgstr "" #: ../../:14 msgid "" "This version adds support to the secret consumers and microversions " "functionalities. The detailed secret consumers specification can be found " "on . Microversions allow clients to interact with Barbican " "server to gather information on minimum and maximum versions supported by " "the server. More information can be found on ." msgstr "" #: ../../:52 origin/stable/ocata>:30 #: stable/rocky>:57 stable/stein>:44 stable/ussuri>:157 stable/victoria>:121 #: stable/wallaby>:155 msgid "Upgrade Notes" msgstr "" #: ../../:183 msgid "" "Use of JSON policy files was deprecated by the ``oslo.policy`` library " "during the Victoria development cycle. As a result, this deprecation is " "being noted in the Wallaby cycle with an anticipated future removal of " "support by ``oslo.policy``. As such operators will need to convert to YAML " "policy files. Please see the upgrade notes for details on migration of any " "custom policy files." msgstr "" #: ../../:86 msgid "" "Why are we deprecating Certificate Issuance? There are a few reasons that " "were considered for this decision. First, there does not seem to be a lot " "of interest in the community to fully develop the Certificate Authority " "integration with Barbican. We have a few outstanding blueprints that are " "needed to make Certificate Issuance fully functional, but so far no one has " "committed to getting the work done. Additionally, we've had very little buy-" "in from public Certificate Authorities. Both Symantec and Digicert were " "interested in integration in the past, but that interest didn't materialize " "into robust CA plugins like we hoped it would. Secondly, there have been new " "developments in the space of Certificate Authorities since we started " "Barbican. The most significant of these was the launch of the Let's Encrypt " "public CA along with the definition of the ACME protocol for certificate " "issuance. We believe that future certificate authority services would do " "good to implement the ACME standard, which is quite different than the API " "the Barbican team had developed. Lastly, deprecating Certificate Issuance " "within Barbican will simplify both the architecture and deployment of " "Barbican. This will allow us to focus on the features that Barbican does " "well -- the secure storage of secret material." msgstr "" #: ../../:92 msgid "" "Will Barbican still be able to store Certificates? Yes, absolutely! The " "only thing we're deprecating is the plugin interface that talks to " "Certificate Authorities and associated APIs. While you will not be able to " "use Barbican to issue a new certificate, you will always be able to securely " "store any certificates in Barbican, including those issued by public CAs or " "internal CAs." msgstr "" #: ../../:46 msgid "" "``'P11CryptoPluginException: HSM returned response code: 0xc0L " "CKR_SIGNATURE_INVALID'``" msgstr "" #: ../../:62 origin/stable/mitaka>:92 msgid "``python barbican/cmd/pkcs11_migrate_kek_signatures.py``" msgstr "" #: ../../:106 msgid "" "default value of 'control_exchange' in 'barbican.conf' has been changed to " "'keystone'." msgstr "" #: ../../:36 msgid "" "oslo-config-generator is now used to generate a barbican.conf.sample file" msgstr "" #: ../source/2023.1.rst:3 msgid "2023.1 Series Release Notes" msgstr "" #: ../source/2023.2.rst:3 msgid "2023.2 Series Release Notes" msgstr "" #: ../source/index.rst:3 msgid "Barbican Release Notes" msgstr "" #: ../source/index.rst:5 msgid "Contents:" msgstr "" #: ../source/liberty.rst:3 msgid "Liberty Series Release Notes" msgstr "" #: ../source/mitaka.rst:3 msgid "Mitaka Series Release Notes" msgstr "" #: ../source/newton.rst:3 msgid "Newton Series Release Notes" msgstr "" #: ../source/ocata.rst:3 msgid "Ocata Series Release Notes" msgstr "" #: ../source/pike.rst:3 msgid "Pike Series Release Notes" msgstr "" #: ../source/queens.rst:3 msgid "Queens Series Release Notes" msgstr "" #: ../source/rocky.rst:3 msgid "Rocky Series Release Notes" msgstr "" #: ../source/stein.rst:3 msgid "Stein Series Release Notes" msgstr "" #: ../source/train.rst:3 msgid "Train Series Release Notes" msgstr "" #: ../source/unreleased.rst:3 msgid "Current Series Release Notes" msgstr "" #: ../source/ussuri.rst:3 msgid "Ussuri Series Release Notes" msgstr "" #: ../source/victoria.rst:3 msgid "Victoria Series Release Notes" msgstr "" #: ../source/wallaby.rst:3 msgid "Wallaby Series Release Notes" msgstr "" #: ../source/xena.rst:3 msgid "Xena Series Release Notes" msgstr "" #: ../source/yoga.rst:3 msgid "Yoga Series Release Notes" msgstr "" #: ../source/zed.rst:3 msgid "Zed Series Release Notes" msgstr ""