internet/community.crypto
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.crypto.git synced 2026-05-06 13:22:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

deploy: 663d1a1321

Browse Source
This commit is contained in:
kaysond
2025-12-07 04:55:39 +00:00
parent 276a629ad8
commit dc58a41044
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pr/972/luks_device_module.html
View File

@@ -262,6 +262,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-lu
<td><div class="ansible-option-cell"><p>Used to unlock the container, but can not be used for container creation. A hidraw device referring to the FIDO2 device (for example <code class="ansible-value docutils literal notranslate"><span class="pre">/dev/hidraw1</span></code>). Alternatively the special value <code class="ansible-value docutils literal notranslate"><span class="pre">auto</span></code> may be specified, in order to automatically determine the device node of a currently currently plugged in security token (of which there must be exactly one).</p>
<p><strong>Note</strong> that only LUKS2 containers are supported</p>
<p><strong>Note</strong> that systemd-cryptsetup (v253 or newer) is required.</p>
<p><strong>Note</strong> that user presence confirmation (e.g. touching the security token) may be required.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
@@ -336,6 +337,8 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-lu
<td><div class="ansible-option-cell"><p>Adds a FIDO2 security token that implements the “hmac-secret” extension (e.g. a YubiKey) to given container on <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code>. Expects a hidraw device referring to the FIDO2 device (e.g. <code class="ansible-value docutils literal notranslate"><span class="pre">/dev/hidraw1</span></code>). Alternatively the special value <code class="ansible-value docutils literal notranslate"><span class="pre">auto</span></code> may be specified, in order to automatically determine the device node of a currently plugged in security token (of which there must be exactly one).</p>
<p><strong>Note</strong> that <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-new-keyslot"><span class="std std-ref"><span class="pre">new_keyslot</span></span></a></strong></code> does not affect the keyslot for fido2 enrollment.</p>
<p><strong>Note</strong> that systemd-cryptsetup (v248 or newer) is required.</p>
<p><strong>Note</strong> that user presence confirmation (e.g. touching the security token) may be required.</p>
<p><strong>Note</strong> that the enrollment operation is NOT idempotent (because systemd-cryptenroll does not support idempotency).</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">

2
pr/972/searchindex.js
View File

File diff suppressed because one or more lines are too long