Configure vSphere Trust Authority Components for Trusted Clusters
vSphere Trust Authority
Components for Trusted ClustersYou can use
the
to manage Key Provider Service and Attestation Service instances that a
Trusted Cluster is configured to use.Services
interface from the
com.vmware.vcenter.trusted_infrastructure.trusted_clusters.kms
and
com.vmware.vcenter.trusted_infrastructure.trusted_clusters.attestation
packages- Verify that you have access to a workingvSphere Trust Authorityenvironment.
- Verify that you have Trusted Infrastructure administrative privileges.
You can configure, list, remove, and retrieve
details about Key Provider Service and Attestation Service instances.
- Configure a cluster in a WorkloadvCenter Serverto use a registered Key Provider Service instanceby calling the.create_Task(java.lang.String cluster, ServicesTypes.CreateSpec spec)method of theServicesinterface from thecom.vmware.vcenter.trusted_infrastructure.trusted_clusters.kmspackageYou receive the task ID in the response body. You can use the task ID to check the status of the task by running the following HTTP request.If the operation is successful, the Key Provider Service instance is propagated to all TrustedESXihosts in the cluster.
- Configure a cluster in a WorkloadvCenter Serverto use a registered Attestation Service instanceby calling the.create_Task(java.lang.String cluster, ServicesTypes.CreateSpec spec)method of theServicesinterface from thecom.vmware.vcenter.trusted_infrastructure.trusted_clusters.attestationpackageYou receive the task ID in the response body. You can use the task ID to check the status of the task by running the following HTTP request.If the operation is successful, the Attestation Service instance is propagated to all TrustedESXihosts in the cluster.
- List Key Provider Service instances used by a cluster by using filtersby calling the.list(java.lang.String cluster, ServicesTypes.FilterSpec spec)method of theServicesinterface from thecom.vmware.vcenter.trusted_infrastructure.trusted_clusters.kmspackage
- List Attestation Service instances used by a cluster by using filtersby calling the.list(java.lang.String cluster, ServicesTypes.FilterSpec spec)method of theServicesinterface from thecom.vmware.vcenter.trusted_infrastructure.trusted_clusters.attestationpackage
- Remove a Key Provider Service instance from the configuration of a Trusted Clusterby calling the.delete_Task(java.lang.String cluster, java.lang.String service)method of theServicesinterface from thecom.vmware.vcenter.trusted_infrastructure.trusted_clusters.kmspackageIf the operation is successful, the TrustedESXihosts can no longer retrieve keys by using that Key Provider Service instance.
- Remove a registered Attestation Service instance from the configuration of a Trusted Clusterby calling the.delete_Task(java.lang.String cluster, java.lang.String service)method of theServicesinterface from thecom.vmware.vcenter.trusted_infrastructure.trusted_clusters.attestationpackageIf the operation is successful, the TrustedESXihosts can no longer attest that their configuration is secure by using that Attestation Service instance.
- Retrieve detailed information, including the certificates, for a configured Key Provider Service instance used by a Trusted Clusterby calling the.get(java.lang.String cluster, java.lang.String service)method of theServicesinterface from thecom.vmware.vcenter.trusted_infrastructure.trusted_clusters.kmspackage
- Retrieve detailed information, including the certificates, for a registered Attestation Service instance used by a Trusted Clusterby calling the.get(java.lang.String cluster, java.lang.String service)method of theServicesinterface from thecom.vmware.vcenter.trusted_infrastructure.trusted_clusters.attestationpackage