imperva · sivan-hajbi-imperva · Jun 19, 2025 · Jun 19, 2025 · Jun 19, 2025 · Jun 23, 2025
diff --git a/.github/workflows/deploy_module.yml b/.github/workflows/deploy_module.yml
@@ -127,6 +127,18 @@ jobs:
             hidden_submodules: "azurerm/statistics null/statistics"
             begin_tag: 1.7.6
 
+          # CipherTrust
+          ## aws provider
+          - source_module: "aws/ciphertrust-manager"
+            destination_repo: "terraform-aws-dsf-ciphertrust-manager"
+            begin_tag: 1.7.31
+          - source_module: "aws/ciphertrust-manager-cluster-setup"
+            destination_repo: "terraform-aws-dsf-ciphertrust-manager-cluster-setup"
+            begin_tag: 1.7.31
+          - source_module: "aws/cte-ddc-agent"
+            destination_repo: "terraform-aws-dsf-cte-ddc-agent"
+            begin_tag: 1.7.31
+
           # Globals
           ## aws provider
           - source_module: "aws/core/globals"

diff --git a/.github/workflows/dsf_poc_cli.yml b/.github/workflows/dsf_poc_cli.yml
@@ -12,7 +12,7 @@ on:
       deployment_type:
         required: false
         type: string
-        default: 'all'
+        default: 'all-permutations'
       version:
         type: string
         default: 'latest'
@@ -44,12 +44,12 @@ on:
         default: false
         required: false
       deployment_type:
-        description: 'Choose the type of deployments to run: all (default), sonar, dam, dra'
+        description: 'Choose the type of deployments to run: sonar, sonar-with-fam, dra, dam, all-products (currently does not include FAM) or all-permutations'
         type: string
-        default: 'all'
+        default: 'all-permutations'
         required: false
       product_version:
-        description: 'Product (DAM, DRA, SONAR) version to deploy, default is latest'
+        description: 'Product version to deploy. Valid for options: sonar, sonar-with-fam, dra and dam. Otherwise latest per product is used.'
         type: string
         default: 'latest'
         required: false
@@ -99,14 +99,15 @@ jobs:
       - name: Set Matrix
         id: set-matrix
         env:
-          VAR: ${{ github.event.inputs.deployment_type || 'all' }}
+          VAR: ${{ github.event.inputs.deployment_type || 'all-permutations' }}
         run: |
           MATRIX=$(jq -n --compact-output --arg var "$VAR" '{
             "include": [
-              (if $var == "all" then {"name":"DSF POC","workspace":"dsf_cli-all-","enable_sonar":true,"enable_dam":true,"enable_dra":true} else empty end),
-              (if $var == "all" or $var == "sonar" then {"name":"DSF POC - SONAR","workspace":"dsf_cli-sonar-","enable_sonar":true,"enable_dam":false,"enable_dra":false} else empty end),
-              (if $var == "all" or $var == "dam" then {"name":"DSF POC - DAM","workspace":"dsf_cli-dam-","enable_sonar":false,"enable_dam":true,"enable_dra":false} else empty end),
-              (if $var == "all" or $var == "dra" then {"name":"DSF POC - DRA","workspace":"dsf_cli-dra-","enable_sonar":false,"enable_dam":false,"enable_dra":true} else empty end)
+              (if $var == "all-permutations" or $var == "all-products" then {"name":"DSF POC","workspace":"dsf_cli-all-","enable_sonar":true,"enable_ciphertrust":false,"enable_dam":true,"enable_dra":true} else empty end),
+              (if $var == "all-permutations" or $var == "sonar" then {"name":"DSF POC - Sonar","workspace":"dsf_cli-sonar-","enable_sonar":true,"enable_ciphertrust":false,"enable_dam":false,"enable_dra":false} else empty end),
+              (if $var == "all-permutations" or $var == "sonar-with-fam" then {"name":"DSF POC - Sonar with FAM","workspace":"dsf_cli-sonar-with-fam-","enable_sonar":true,"enable_ciphertrust":true,"enable_dam":false,"enable_dra":false} else empty end),
+              (if $var == "all-permutations" or $var == "dam" then {"name":"DSF POC - DAM","workspace":"dsf_cli-dam-","enable_sonar":false,"enable_ciphertrust":false,"enable_dam":true,"enable_dra":false} else empty end),
+              (if $var == "all-permutations" or $var == "dra" then {"name":"DSF POC - DRA","workspace":"dsf_cli-dra-","enable_sonar":false,"enable_ciphertrust":false,"enable_dam":false,"enable_dra":true} else empty end)
             ]
           }')
 
@@ -123,6 +124,8 @@ jobs:
               DEPLOYMENT_VERSION="dra_version=${{ github.event.inputs.product_version }}"
             elif [[ "${{ github.event.inputs.deployment_type }}" == "sonar" ]]; then
               DEPLOYMENT_VERSION="sonar_version=${{ github.event.inputs.product_version }}"
+            elif [[ "${{ github.event.inputs.deployment_type }}" == "sonar-with-fam" ]]; then
+              DEPLOYMENT_VERSION="sonar_version=${{ github.event.inputs.product_version }}"
             fi
           fi
           echo "deployment_version=$DEPLOYMENT_VERSION" >> $GITHUB_OUTPUT
@@ -139,6 +142,7 @@ jobs:
       EXAMPLE_DIR: ./examples/aws/poc/dsf_deployment
       AWS_REGION: eu-west-2
       TF_VAR_enable_sonar: ${{ matrix.enable_sonar }}
+      TF_VAR_enable_ciphertrust: ${{ matrix.enable_ciphertrust }}
       TF_VAR_enable_dam: ${{ matrix.enable_dam }}
       TF_VAR_enable_dra: ${{ matrix.enable_dra }}
       TF_VAR_allowed_ssh_cidrs: ${{ secrets.ALLOWED_SSH_CIDRS }}
@@ -229,6 +233,9 @@ jobs:
             mv $EXAMPLE_DIR/networking.tf{,_}
             mv $EXAMPLE_DIR/agentless_sources.tf{,_}
             mv $EXAMPLE_DIR/agent_sources.tf{,_}
+            mv $EXAMPLE_DIR/versions.tf{,_}
+            mv $EXAMPLE_DIR/cm.tf{,_}
+            mv $EXAMPLE_DIR/cte_ddc_agents.tf{,_}
             terraform -chdir=$EXAMPLE_DIR destroy -var dam_license=license.mprv -auto-approve
             mv $EXAMPLE_DIR/main.tf{_,}
             mv $EXAMPLE_DIR/outputs.tf{_,}
@@ -238,6 +245,9 @@ jobs:
             mv $EXAMPLE_DIR/networking.tf{_,}
             mv $EXAMPLE_DIR/agentless_sources.tf{_,}
             mv $EXAMPLE_DIR/agent_sources.tf{_,}
+            mv $EXAMPLE_DIR/versions.tf{_,}
+            mv $EXAMPLE_DIR/cm.tf{_,}
+            mv $EXAMPLE_DIR/cte_ddc_agents.tf{_,}
           fi
 
       - name: Terraform Validate

diff --git a/.github/workflows/dsf_poc_cli_azure.yml b/.github/workflows/dsf_poc_cli_azure.yml
@@ -350,12 +350,10 @@ jobs:
       id: destroy
       if: always()
       run: |
-        if [ '${{ steps.apply.conclusion }}' == 'success' ] || [ "${{ github.event_name }}" != 'schedule' ]; then
-            if [ -n "${{ env.DEPLOYMENT_VERSION }}" && "${{ env.DEPLOYMENT_VERSION }}" != $'\n' ]; then
-                terraform -chdir=$EXAMPLE_DIR destroy -var dam_license=license.mprv -var "${{ env.DEPLOYMENT_VERSION }}" -auto-approve
-            else
-                terraform -chdir=$EXAMPLE_DIR destroy -var dam_license=license.mprv -auto-approve
-            fi
+        if [ -n "${{ env.DEPLOYMENT_VERSION }}" && "${{ env.DEPLOYMENT_VERSION }}" != $'\n' ]; then
+            terraform -chdir=$EXAMPLE_DIR destroy -var dam_license=license.mprv -var "${{ env.DEPLOYMENT_VERSION }}" -auto-approve
+        else
+            terraform -chdir=$EXAMPLE_DIR destroy -var dam_license=license.mprv -auto-approve
         fi
 
 

diff --git a/.github/workflows/dsf_poc_standalone.yml b/.github/workflows/dsf_poc_standalone.yml
@@ -1,10 +1,10 @@
-name: DSF POC Standalone
+name: DSF POC Standalone - AWS and Azure
 
 on:
   workflow_dispatch:  # This allows the workflow to be manually triggered from the GitHub UI
     inputs:
       deployment_type:
-        description: "Deployment type to pass, choose: dra, dam or sonar."
+        description: "Deployment type to pass, choose: sonar, sonar-with-fam, dra or dam."
         required: true
         default: "dra"
       version:
@@ -37,7 +37,7 @@ jobs:
     with:
       use_modules_from_terraform_registry: true
       explicit_ref: master
-      deployment_type: "dra"
+      deployment_type: ${{ github.event.inputs.deployment_type }}
       product_full_version: ${{ github.event.inputs.version }}
     secrets:
       AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -206,15 +206,15 @@ jobs:
         env:
           GH_TOKEN: ${{ github.token }}
 
-  test_apply:
-    needs: release
-    uses: ./.github/workflows/sonar_poc_cli.yml
-    with:
-      use_modules_from_terraform_registry: true
-      explicit_ref: master
-    secrets:
-      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
-      ALLOWED_SSH_CIDRS: ${{secrets.ALLOWED_SSH_CIDRS }}
-      DEPLOYMENT_TAGS: ${{ secrets.DEPLOYMENT_TAGS }}
+#  test_apply:
+#    needs: release
+#    uses: ./.github/workflows/sonar_poc_cli.yml
+#    with:
+#      use_modules_from_terraform_registry: true
+#      explicit_ref: master
+#    secrets:
+#      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+#      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+#      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+#      ALLOWED_SSH_CIDRS: ${{secrets.ALLOWED_SSH_CIDRS }}
+#      DEPLOYMENT_TAGS: ${{ secrets.DEPLOYMENT_TAGS }}
diff --git a/README.md b/README.md
@@ -595,6 +595,16 @@ The following table lists the _latest_ DSF Kit releases, their release date and
       <br/>2. Added internal support for DRA version 15.0. Set the variable ‘dra_version’ to 15.0 to use it.
     </td>
   </tr>
+  <tr>
+    <td>15 Jul 2025
+    </td>
+    <td>1.7.31
+    </td>
+    <td>
+      1. Added support for CipherTrust in AWS.
+      <br/>2. Updated the AWS POC dsf_deployment example.
+    </td>
+  </tr>
 
 </table>