Configure
vSphere Trust Authority
Components for Trusted Clusters

You can use
the
Services
interface from the
com.vmware.vcenter.trusted_infrastructure.trusted_clusters.kms
and
com.vmware.vcenter.trusted_infrastructure.trusted_clusters.attestation
packages
to manage Key Provider Service and Attestation Service instances that a Trusted Cluster is configured to use.
  • Verify that you have access to a working
    vSphere Trust Authority
    environment.
  • Verify that you have Trusted Infrastructure administrative privileges.
You can configure, list, remove, and retrieve details about Key Provider Service and Attestation Service instances.
  1. Configure a cluster in a Workload
    vCenter Server
    to use a registered Key Provider Service instance
    by calling the
    create_Task(java.lang.String cluster, ServicesTypes.CreateSpec spec)
    method of the
    Services
    interface from the
    com.vmware.vcenter.trusted_infrastructure.trusted_clusters.kms
    package
    .
    You receive the task ID in the response body. You can use the task ID to check the status of the task by running the following HTTP request.
    If the operation is successful, the Key Provider Service instance is propagated to all Trusted
    ESXi
    hosts in the cluster.
  2. Configure a cluster in a Workload
    vCenter Server
    to use a registered Attestation Service instance
    by calling the
    create_Task(java.lang.String cluster, ServicesTypes.CreateSpec spec)
    method of the
    Services
    interface from the
    com.vmware.vcenter.trusted_infrastructure.trusted_clusters.attestation
    package
    .
    You receive the task ID in the response body. You can use the task ID to check the status of the task by running the following HTTP request.
    If the operation is successful, the Attestation Service instance is propagated to all Trusted
    ESXi
    hosts in the cluster.
  3. List Key Provider Service instances used by a cluster by using filters
    by calling the
    list(java.lang.String cluster, ServicesTypes.FilterSpec spec)
    method of the
    Services
    interface from the
    com.vmware.vcenter.trusted_infrastructure.trusted_clusters.kms
    package
    .
  4. List Attestation Service instances used by a cluster by using filters
    by calling the
    list(java.lang.String cluster, ServicesTypes.FilterSpec spec)
    method of the
    Services
    interface from the
    com.vmware.vcenter.trusted_infrastructure.trusted_clusters.attestation
    package
    .
  5. Remove a Key Provider Service instance from the configuration of a Trusted Cluster
    by calling the
    delete_Task(java.lang.String cluster, java.lang.String service)
    method of the
    Services
    interface from the
    com.vmware.vcenter.trusted_infrastructure.trusted_clusters.kms
    package
    .
    If the operation is successful, the Trusted
    ESXi
    hosts can no longer retrieve keys by using that Key Provider Service instance.
  6. Remove a registered Attestation Service instance from the configuration of a Trusted Cluster
    by calling the
    delete_Task(java.lang.String cluster, java.lang.String service)
    method of the
    Services
    interface from the
    com.vmware.vcenter.trusted_infrastructure.trusted_clusters.attestation
    package
    .
    If the operation is successful, the Trusted
    ESXi
    hosts can no longer attest that their configuration is secure by using that Attestation Service instance.
  7. Retrieve detailed information, including the certificates, for a configured Key Provider Service instance used by a Trusted Cluster
    by calling the
    get(java.lang.String cluster, java.lang.String service)
    method of the
    Services
    interface from the
    com.vmware.vcenter.trusted_infrastructure.trusted_clusters.kms
    package
    .
  8. Retrieve detailed information, including the certificates, for a registered Attestation Service instance used by a Trusted Cluster
    by calling the
    get(java.lang.String cluster, java.lang.String service)
    method of the
    Services
    interface from the
    com.vmware.vcenter.trusted_infrastructure.trusted_clusters.attestation
    package
    .