411 lines
17 KiB
Plaintext
411 lines
17 KiB
Plaintext
# Andi Chandler <andi@gowling.com>, 2017. #zanata
|
|
# Andi Chandler <andi@gowling.com>, 2018. #zanata
|
|
msgid ""
|
|
msgstr ""
|
|
"Project-Id-Version: barbican\n"
|
|
"Report-Msgid-Bugs-To: \n"
|
|
"POT-Creation-Date: 2018-11-08 03:14+0000\n"
|
|
"MIME-Version: 1.0\n"
|
|
"Content-Type: text/plain; charset=UTF-8\n"
|
|
"Content-Transfer-Encoding: 8bit\n"
|
|
"PO-Revision-Date: 2018-11-08 11:14+0000\n"
|
|
"Last-Translator: Andi Chandler <andi@gowling.com>\n"
|
|
"Language-Team: English (United Kingdom)\n"
|
|
"Language: en_GB\n"
|
|
"X-Generator: Zanata 4.3.3\n"
|
|
"Plural-Forms: nplurals=2; plural=(n != 1)\n"
|
|
|
|
msgid ""
|
|
"(For deployments overriding default policies) After upgrading, please review "
|
|
"Barbican policy files and ensure that you port any rules tied to `order:put` "
|
|
"are remapped to `orders:put`."
|
|
msgstr ""
|
|
"(For deployments overriding default policies) After upgrading, please review "
|
|
"Barbican policy files and ensure that you port any rules tied to `order:put` "
|
|
"are remapped to `orders:put`."
|
|
|
|
msgid "1.0.0-5"
|
|
msgstr "1.0.0-5"
|
|
|
|
msgid "2.0.0"
|
|
msgstr "2.0.0"
|
|
|
|
msgid "3.0.0"
|
|
msgstr "3.0.0"
|
|
|
|
msgid "4.0.0"
|
|
msgstr "4.0.0"
|
|
|
|
msgid "5.0.0"
|
|
msgstr "5.0.0"
|
|
|
|
msgid "6.0.0"
|
|
msgstr "6.0.0"
|
|
|
|
msgid "7.0.0"
|
|
msgstr "7.0.0"
|
|
|
|
msgid "7.0.0-25"
|
|
msgstr "7.0.0-25"
|
|
|
|
msgid ""
|
|
"Added new options to the PKCS#11 Cryptographic Plugin configuration to "
|
|
"enable the use of different encryption and hmac mechanisms. Added support "
|
|
"for `CKM_AES_CBC` encryption in the PKCS#11 Cryptographic Plugin."
|
|
msgstr ""
|
|
"Added new options to the PKCS#11 Cryptographic Plugin configuration to "
|
|
"enable the use of different encryption and HMAC mechanisms. Added support "
|
|
"for `CKM_AES_CBC` encryption in the PKCS#11 Cryptographic Plugin."
|
|
|
|
msgid "Barbican Release Notes"
|
|
msgstr "Barbican Release Notes"
|
|
|
|
msgid "Bug Fixes"
|
|
msgstr "Bug Fixes"
|
|
|
|
msgid ""
|
|
"By default barbican checks only the algorithm and the bit_length when "
|
|
"creating a new secret. The xts-mode cuts the key in half for aes, so for "
|
|
"using aes-256 with xts, you have to use a 512 bit key, but barbican allows "
|
|
"only a maximum of 256 bit. A check for the mode within the "
|
|
"_is_algorithm_supported method of the class SimpleCryptoPlugin was added to "
|
|
"allow 512 bit keys for aes-xts in this plugin."
|
|
msgstr ""
|
|
"By default Barbican checks only the algorithm and the bit_length when "
|
|
"creating a new secret. The xts-mode cuts the key in half for AES, so for "
|
|
"using AES-256 with xts, you have to use a 512 bit key, but barbican allows "
|
|
"only a maximum of 256 bit. A check for the mode within the "
|
|
"_is_algorithm_supported method of the class SimpleCryptoPlugin was added to "
|
|
"allow 512 bit keys for AES-XTS in this plugin."
|
|
|
|
msgid "CAs"
|
|
msgstr "CAs"
|
|
|
|
msgid "Certificate Orders"
|
|
msgstr "Certificate Orders"
|
|
|
|
msgid "Contents:"
|
|
msgstr "Contents:"
|
|
|
|
msgid "Critical Issues"
|
|
msgstr "Critical Issues"
|
|
|
|
msgid "Current Series Release Notes"
|
|
msgstr "Current Series Release Notes"
|
|
|
|
msgid ""
|
|
"Deprecated the `generate_iv` option name. It has been renamed to "
|
|
"`aes_gcm_generate_iv` to reflect the fact that it only applies to the "
|
|
"CKM_AES_GCM mechanism."
|
|
msgstr ""
|
|
"Deprecated the `generate_iv` option name. It has been renamed to "
|
|
"`aes_gcm_generate_iv` to reflect the fact that it only applies to the "
|
|
"CKM_AES_GCM mechanism."
|
|
|
|
msgid ""
|
|
"Deprecated the `p11_crypto_plugin:algoritm` option. Users should update "
|
|
"their configuration to use `p11_crypto_plugin:encryption_mechanism` instead."
|
|
msgstr ""
|
|
"Deprecated the `p11_crypto_plugin:algoritm` option. Users should update "
|
|
"their configuration to use `p11_crypto_plugin:encryption_mechanism` instead."
|
|
|
|
msgid "Deprecation Notes"
|
|
msgstr "Deprecation Notes"
|
|
|
|
msgid ""
|
|
"Fixed the response code for invalid subroutes for individual secrets. The "
|
|
"API was previously responding with the incorrect code \"406 - Method not "
|
|
"allowed\", but now responds correctly with \"404 - Not Found\"."
|
|
msgstr ""
|
|
"Fixed the response code for invalid subroutes for individual secrets. The "
|
|
"API was previously responding with the incorrect code \"406 - Method not "
|
|
"allowed\", but now responds correctly with \"404 - Not Found\"."
|
|
|
|
msgid ""
|
|
"If you are upgrading from previous version of barbican that uses the PKCS#11 "
|
|
"Cryptographic Plugin driver, you will need to run the migration script"
|
|
msgstr ""
|
|
"If you are upgrading from previous version of barbican that uses the PKCS#11 "
|
|
"Cryptographic Plugin driver, you will need to run the migration script"
|
|
|
|
msgid "Known Issues"
|
|
msgstr "Known Issues"
|
|
|
|
msgid "Liberty Series Release Notes"
|
|
msgstr "Liberty Series Release Notes"
|
|
|
|
msgid ""
|
|
"Maintain the policy rules in code and add an oslo.policy CLI script in tox "
|
|
"to generate policy sample file. The script can be called like \"oslopolicy-"
|
|
"sample-generator --config-file=etc/oslo-config-generator/policy.conf\" and "
|
|
"will generate a policy.yaml.sample file with the effective policy."
|
|
msgstr ""
|
|
"Maintain the policy rules in code and add an oslo.policy CLI script in tox "
|
|
"to generate policy sample file. The script can be called like \"oslopolicy-"
|
|
"sample-generator --config-file=etc/oslo-config-generator/policy.conf\" and "
|
|
"will generate a policy.yaml.sample file with the effective policy."
|
|
|
|
msgid "Mitaka Series Release Notes"
|
|
msgstr "Mitaka Series Release Notes"
|
|
|
|
msgid "New Features"
|
|
msgstr "New Features"
|
|
|
|
msgid ""
|
|
"New feature to support multiple secret store plugin backends. This feature "
|
|
"is not enabled by default. To use this feature, the relevant feature flag "
|
|
"needs to be enabled and supporting configuration needs to be added in the "
|
|
"service configuration. Once enabled, a project adminstrator will be able to "
|
|
"specify one of the available secret store backends as a preferred secret "
|
|
"store for their project secrets. This secret store preference applies only "
|
|
"to new secrets (key material) created or stored within that project. "
|
|
"Existing secrets are not impacted. See http://docs.openstack.org/developer/"
|
|
"barbican/setup/plugin_backends.html for instructions on how to setup "
|
|
"Barbican multiple backends, and the API documentation for further details."
|
|
msgstr ""
|
|
"New feature to support multiple secret store plugin backends. This feature "
|
|
"is not enabled by default. To use this feature, the relevant feature flag "
|
|
"needs to be enabled and supporting configuration needs to be added in the "
|
|
"service configuration. Once enabled, a project administrator will be able to "
|
|
"specify one of the available secret store backends as a preferred secret "
|
|
"store for their project secrets. This secret store preference applies only "
|
|
"to new secrets (key material) created or stored within that project. "
|
|
"Existing secrets are not impacted. See http://docs.openstack.org/developer/"
|
|
"barbican/setup/plugin_backends.html for instructions on how to setup "
|
|
"Barbican multiple backends, and the API documentation for further details."
|
|
|
|
msgid "Newton Series Release Notes"
|
|
msgstr "Newton Series Release Notes"
|
|
|
|
msgid ""
|
|
"Now within a single deployment, multiple secret store plugin backends can be "
|
|
"configured and used. With this change, a project adminstrator can pre-define "
|
|
"a preferred plugin backend for storing their secrets. New APIs are added to "
|
|
"manage this project level secret store preference."
|
|
msgstr ""
|
|
"Now within a single deployment, multiple secret store plugin backends can be "
|
|
"configured and used. With this change, a project administrator can pre-"
|
|
"define a preferred plugin backend for storing their secrets. New APIs are "
|
|
"added to manage this project level secret store preference."
|
|
|
|
msgid "Ocata Series Release Notes"
|
|
msgstr "Ocata Series Release Notes"
|
|
|
|
msgid "Other Notes"
|
|
msgstr "Other Notes"
|
|
|
|
msgid "Pike Series Release Notes"
|
|
msgstr "Pike Series Release Notes"
|
|
|
|
msgid ""
|
|
"Port existing policy RuleDefault objects to the newer, more verbose "
|
|
"DocumentedRuleDefaults."
|
|
msgstr ""
|
|
"Port existing policy RuleDefault objects to the newer, more verbose "
|
|
"DocumentedRuleDefaults."
|
|
|
|
msgid "Prelude"
|
|
msgstr "Prelude"
|
|
|
|
msgid "Queens Series Release Notes"
|
|
msgstr "Queens Series Release Notes"
|
|
|
|
msgid ""
|
|
"Remap the `order:put` to `orders:put` to align with language in the orders "
|
|
"controller."
|
|
msgstr ""
|
|
"Remap the `order:put` to `orders:put` to align with language in the orders "
|
|
"controller."
|
|
|
|
msgid ""
|
|
"Removed application/pkix media type because Barbican will not be using media "
|
|
"types for format conversion."
|
|
msgstr ""
|
|
"Removed application/pkix media type because Barbican will not be using media "
|
|
"types for format conversion."
|
|
|
|
msgid "Rocky Series Release Notes"
|
|
msgstr "Rocky Series Release Notes"
|
|
|
|
msgid "Start using reno to manage release notes."
|
|
msgstr "Start using reno to manage release notes."
|
|
|
|
msgid ""
|
|
"The 'barbican-db-manage' script is deprecated. Use the new 'barbican-"
|
|
"manage' utility instead."
|
|
msgstr ""
|
|
"The 'barbican-db-manage' script is deprecated. Use the new 'barbican-"
|
|
"manage' utility instead."
|
|
|
|
msgid ""
|
|
"The 'barbican-manage' tool can be used to manage database schema changes as "
|
|
"well as provision and rotate keys in the HSM backend."
|
|
msgstr ""
|
|
"The 'barbican-manage' tool can be used to manage database schema changes as "
|
|
"well as provision and rotate keys in the HSM backend."
|
|
|
|
msgid ""
|
|
"The 'http_proxy_to_wsgi' middleware can be used to help barbican respond "
|
|
"with the correct URL refs when it's put behind a TLS proxy (such as "
|
|
"HAProxy). This middleware is disabled by default, but can be enabled via a "
|
|
"configuration option in the oslo_middleware group."
|
|
msgstr ""
|
|
"The 'http_proxy_to_wsgi' middleware can be used to help Barbican respond "
|
|
"with the correct URL refs when it's put behind a TLS proxy (such as "
|
|
"HAProxy). This middleware is disabled by default, but can be enabled via a "
|
|
"configuration option in the oslo_middleware group."
|
|
|
|
msgid ""
|
|
"The 'pkcs11-kek-rewrap' script is deprecated. Use the new 'barbican-manage' "
|
|
"utility instead."
|
|
msgstr ""
|
|
"The 'pkcs11-kek-rewrap' script is deprecated. Use the new 'barbican-manage' "
|
|
"utility instead."
|
|
|
|
msgid ""
|
|
"The 'pkcs11-key-generation' script is deprecated. Use the new 'barbican-"
|
|
"manage' utility instead."
|
|
msgstr ""
|
|
"The 'pkcs11-key-generation' script is deprecated. Use the new 'barbican-"
|
|
"manage' utility instead."
|
|
|
|
msgid ""
|
|
"The Metadata API requires an update to the Database Schema. Existing "
|
|
"deployments that are being upgraded to Mitaka should use the 'barbican-"
|
|
"manage' utility to update the schema."
|
|
msgstr ""
|
|
"The Metadata API requires an update to the Database Schema. Existing "
|
|
"deployments that are being upgraded to Mitaka should use the 'barbican-"
|
|
"manage' utility to update the schema."
|
|
|
|
msgid ""
|
|
"The Mitaka release includes a new API to add arbitrary user-defined metadata "
|
|
"to Secrets."
|
|
msgstr ""
|
|
"The Mitaka release includes a new API to add arbitrary user-defined metadata "
|
|
"to Secrets."
|
|
|
|
msgid ""
|
|
"The barbican-api-paste.ini configuration file for the paste pipeline was "
|
|
"updated to add the http_proxy_to_wsgi middleware."
|
|
msgstr ""
|
|
"The barbican-api-paste.ini configuration file for the paste pipeline was "
|
|
"updated to add the http_proxy_to_wsgi middleware."
|
|
|
|
msgid ""
|
|
"The service will encounter errors if you attempt to run this new release "
|
|
"using data stored by a previous version of the PKCS#11 Cryptographic Plugin "
|
|
"that has not yet been migrated for this release. The logged errors will "
|
|
"look like"
|
|
msgstr ""
|
|
"The service will encounter errors if you attempt to run this new release "
|
|
"using data stored by a previous version of the PKCS#11 Cryptographic Plugin "
|
|
"that has not yet been migrated for this release. The logged errors will "
|
|
"look like"
|
|
|
|
msgid "This release adds http_proxy_to_wsgi middleware to the pipeline."
|
|
msgstr "This release adds http_proxy_to_wsgi middleware to the pipeline."
|
|
|
|
msgid ""
|
|
"This release includes a new command line utility 'barbican-manage' that "
|
|
"consolidates and supersedes the separate HSM and database management scripts."
|
|
msgstr ""
|
|
"This release includes a new command line utility 'barbican-manage' that "
|
|
"consolidates and supersedes the separate HSM and database management scripts."
|
|
|
|
msgid ""
|
|
"This release includes significant improvements to the performance of the "
|
|
"PKCS#11 Cryptographic Plugin driver. These changes will require a data "
|
|
"migration of any existing data stored by previous versions of the PKCS#11 "
|
|
"backend."
|
|
msgstr ""
|
|
"This release includes significant improvements to the performance of the "
|
|
"PKCS#11 Cryptographic Plugin driver. These changes will require a data "
|
|
"migration of any existing data stored by previous versions of the PKCS#11 "
|
|
"backend."
|
|
|
|
msgid ""
|
|
"This release notify that we will remove Certificate Orders and CAs from API."
|
|
msgstr ""
|
|
"This release notify that we will remove Certificate Orders and CAs from the "
|
|
"API."
|
|
|
|
msgid "Upgrade Notes"
|
|
msgstr "Upgrade Notes"
|
|
|
|
msgid ""
|
|
"Why are we deprecating Certificate Issuance? There are a few reasons that "
|
|
"were considered for this decision. First, there does not seem to be a lot "
|
|
"of interest in the community to fully develop the Certificate Authority "
|
|
"integration with Barbican. We have a few outstanding blueprints that are "
|
|
"needed to make Certificate Issuance fully functional, but so far no one has "
|
|
"committed to getting the work done. Additionally, we've had very little buy-"
|
|
"in from public Certificate Authorities. Both Symantec and Digicert were "
|
|
"interested in integration in the past, but that interest didn't materialize "
|
|
"into robust CA plugins like we hoped it would. Secondly, there have been new "
|
|
"developments in the space of Certificate Authorities since we started "
|
|
"Barbican. The most significant of these was the launch of the Let's Encrypt "
|
|
"public CA along with the definition of the ACME protocol for certificate "
|
|
"issuance. We believe that future certificate authority services would do "
|
|
"good to implement the ACME standard, which is quite different than the API "
|
|
"the Barbican team had developed. Lastly, deprecating Certificate Issuance "
|
|
"within Barbican will simplify both the architecture and deployment of "
|
|
"Barbican. This will allow us to focus on the features that Barbican does "
|
|
"well -- the secure storage of secret material."
|
|
msgstr ""
|
|
"Why are we deprecating Certificate Issuance? There are a few reasons that "
|
|
"were considered for this decision. First, there does not seem to be a lot "
|
|
"of interest in the community to fully develop the Certificate Authority "
|
|
"integration with Barbican. We have a few outstanding blueprints that are "
|
|
"needed to make Certificate Issuance fully functional, but so far no one has "
|
|
"committed to getting the work done. Additionally, we've had very little buy-"
|
|
"in from public Certificate Authorities. Both Symantec and Digicert were "
|
|
"interested in integration in the past, but that interest didn't materialise "
|
|
"into robust CA plugins like we hoped it would. Secondly, there have been new "
|
|
"developments in the space of Certificate Authorities since we started "
|
|
"Barbican. The most significant of these was the launch of the Let's Encrypt "
|
|
"public CA along with the definition of the ACME protocol for certificate "
|
|
"issuance. We believe that future certificate authority services would do "
|
|
"good to implement the ACME standard, which is quite different than the API "
|
|
"the Barbican team had developed. Lastly, deprecating Certificate Issuance "
|
|
"within Barbican will simplify both the architecture and deployment of "
|
|
"Barbican. This will allow us to focus on the features that Barbican does "
|
|
"well -- the secure storage of secret material."
|
|
|
|
msgid ""
|
|
"Will Barbican still be able to store Certificates? Yes, absolutely! The "
|
|
"only thing we're deprecating is the plugin interface that talks to "
|
|
"Certificate Authorities and associated APIs. While you will not be able to "
|
|
"use Barbican to issue a new certificate, you will always be able to securely "
|
|
"store any certificates in Barbican, including those issued by public CAs or "
|
|
"internal CAs."
|
|
msgstr ""
|
|
"Will Barbican still be able to store Certificates? Yes, absolutely! The "
|
|
"only thing we're deprecating is the plugin interface that talks to "
|
|
"Certificate Authorities and associated APIs. While you will not be able to "
|
|
"use Barbican to issue a new certificate, you will always be able to securely "
|
|
"store any certificates in Barbican, including those issued by public CAs or "
|
|
"internal CAs."
|
|
|
|
msgid ""
|
|
"``'P11CryptoPluginException: HSM returned response code: 0xc0L "
|
|
"CKR_SIGNATURE_INVALID'``"
|
|
msgstr ""
|
|
"``'P11CryptoPluginException: HSM returned response code: 0xc0L "
|
|
"CKR_SIGNATURE_INVALID'``"
|
|
|
|
msgid "``python barbican/cmd/pkcs11_migrate_kek_signatures.py``"
|
|
msgstr "``python barbican/cmd/pkcs11_migrate_kek_signatures.py``"
|
|
|
|
msgid ""
|
|
"default value of 'control_exchange' in 'barbican.conf' has been changed to "
|
|
"'keystone'."
|
|
msgstr ""
|
|
"default value of 'control_exchange' in 'barbican.conf' has been changed to "
|
|
"'keystone'."
|
|
|
|
msgid ""
|
|
"oslo-config-generator is now used to generate a barbican.conf.sample file"
|
|
msgstr ""
|
|
"oslo-config-generator is now used to generate a barbican.conf.sample file"
|