VMware vSphere SDKs and Tools 8.0

8.0 7.0 6.7 6.5

Export and Import vSphere Native Key Provider Configuration

You can use
HTTP requests
 to export and import vSphere Native Key Provider configuration.
You can set a vSphere Native Key Provider as the default for a
vCenter Server
 instance by using the
SetDefaultKmsCluster
 method of the
CryptoManagerKmip
 managed object from the vSphere Мanagement SDK.
The operations require you to specify parameters in the body of the HTTP request according to your environment. For details about the syntax of each HTTP request body, see the
API Reference
 documentation.
  1. Export a vSphere Native Key Provider configuration
    by specifying the provider you want to export in the request body
    .
    You must export the vSphere Native Key Provider configuration at least once before you can use a vSphere Native Key Provider.
    1. Initiate the export by providing the name identifier of the key provider and a password to encrypt the export data in the request body.
      POST https://<vcenter_ip_address_or_fqdn>/api/vcenter/crypto-manager/kms/providers?action=export
      The following request body contains example syntax.
      {
    "password": <
      your_password
      >,
    "provider": Test_Provider
}
      In the response body, you receive the URL of the exported configuration and an authentication token. The following response body contains example syntax.
      {
    "location": {
        "download_token": {
            "expiry": 2023-09-20T21:04:50.000Z,
            "token": eyJhbGciOiJIUzI1NjKXn21y01CM
        },
        "url": https://vc8.home/cryptomanager/kms/test
    },
    "type": LOCATION
}
    2. Send an HTTP request to the URL with the authentication token to fetch the exported PKCS12 data by providing the URL and token values received in the response body of the previous step.
      POST <
      url
      >
Authorization: Bearer <
      token
      >
      The following example HTTP request contains the values from the example response in the previous step.
      POST https://vc8.home/cryptomanager/kms/test
Authorization: Bearer eyJhbGciOiJIUzI1NjKXn21y01CM
  2. Import a vSphere Native Key Provider configuration
    by specifying the configuration you want to import in the request body
    .
    POST https://<vcenter_ip_address_or_fqdn>/api/vcenter/crypto-manager/kms/providers?action=import
    The following request body contains example syntax.
    You must provide a Base64-encoded string that is a representation of the PKCS12 data exported in the previous step as the value of the
    config
     parameter. The other parameters are optional.
    {
    "config": <
    string
    >,
    "constraints": {
        "tpm_required": false
    },
    "dry_run": false,
    "password": <
    your_password
    >
}
    In the response body, you receive information about the imported provider and the time when that provider was exported.

Content feedback and comments