simple_crypto: kek should be secret

... because the parameter takes encryption key.

Change-Id: I2d20cffb14295d560135ab1f1907da8b7ca3fc94

manifests/plugins/simple_crypto.pp

@@ -5,7 +5,7 @@
 # === Parameters
 #
 # [*simple_crypto_plugin_kek*]
-#   (optional) base64 encoded 32-byte value
+#   (optional) Key encryption key to be used by Simple Crypto Pluging.
 #   Defaults to $::os_service_default
 #
 # [*global_default*]
@@ -26,6 +26,6 @@ class barbican::plugins::simple_crypto (
   }
 
   barbican_config {
-    'simple_crypto_plugin/kek':  value => $simple_crypto_plugin_kek;
+    'simple_crypto_plugin/kek': value => $simple_crypto_plugin_kek, secret => true;
   }
 }

spec/classes/barbican_plugins_simple_crypto_spec.rb

@@ -25,14 +25,15 @@ describe 'barbican::plugins::simple_crypto' do
     describe 'with parameter passed into pk11 plugin' do
       let :params do
         {
-          :simple_crypto_plugin_kek       => 'XXXXXXXXXXXXX',
-          :global_default                 => true,
+          :simple_crypto_plugin_kek => 'XXXXXXXXXXXXX',
+          :global_default           => true,
         }
       end
 
       it 'is_expected.to set simple_crypto parameters' do
         is_expected.to contain_barbican_config('simple_crypto_plugin/kek') \
-          .with_value(params[:simple_crypto_plugin_kek])
+          .with_value(params[:simple_crypto_plugin_kek]) \
+          .with_secret(true)
         is_expected.to contain_barbican_config(
           'secretstore:simple_crypto/secret_store_plugin') \
           .with_value('store_crypto')
@@ -52,7 +53,8 @@ describe 'barbican::plugins::simple_crypto' do
 
       it 'is_expected.to set default simple_crypto parameters' do
         is_expected.to contain_barbican_config('simple_crypto_plugin/kek') \
-          .with_value('<SERVICE DEFAULT>')
+          .with_value('<SERVICE DEFAULT>') \
+          .with_secret(true)
         is_expected.to contain_barbican_config(
           'secretstore:simple_crypto/secret_store_plugin') \
           .with_value('store_crypto')