VMware vSphere SDKs and Tools 8.0

8.0 7.0 6.7 6.5

Configure
vSphere Trust Authority
 Components
Last Updated December 16, 2024

You can use
HTTP requests
 to perform Key Provider Service and Attestation Service management operations.
  • Verify that you have access to a working
    vSphere Trust Authority
     environment.
  • Verify that you have Trusted Infrastructure administrative privileges.
You can register, list, remove, and retrieve details about Key Provider Service and Attestation Service instances.
Some operations require you to specify parameters in the body of the HTTP request according to your
vSphere Trust Authority
 environment. For details about the syntax of each HTTP request body, see the
API Reference
 documentation.
  1. Register a Key Provider Service instance in a Workload
    vCenter Server
    .
    POST https://<vcenter_ip_address_or_fqdn>/api/vcenter/trusted-infrastructure/kms/services
    The Key Provider Service instance is propagated to all Workload
    ESXi
     hosts that the Workload
    vCenter Server
     manages.
  2. Register an Attestation Service instance in a Workload
    vCenter Server
    .
    POST https://<vcenter_ip_address_or_fqdn>/api/vcenter/trusted-infrastructure/attestation/services
    The Attestation Service instance is propagated to all Workload
    ESXi
     hosts that the Workload
    vCenter Server
     manages.
  3. List Key Provider Service instances registered in a Workload
    vCenter Server
     by using filters.
    POST https://<vcenter_ip_address_or_fqdn>/api/vcenter/trusted-infrastructure/kms/services?action=query
    You receive the results that match your criteria in the response body. You can use the filtered list to retrieve the health status of the Key Provider Service instances.
  4. List Attestation Service instances registered in a Workload
    vCenter Server
     by using filters.
    POST https://<vcenter_ip_address_or_fqdn>/api/vcenter/trusted-infrastructure/attestation/services?action=query
    You receive the results that match your criteria in the response body. You can use the filtered list to retrieve the health status of the Attestation Service instances.
  5. Remove a registered Key Provider Service instance.
    DELETE https://<vcenter_ip_address_or_fqdn>/api/vcenter/trusted-infrastructure/kms/services/<service>
    The Workload
    ESXi
     hosts can no longer retrieve keys by using that Key Provider Service instance.
  6. Remove a registered Attestation Service instance.
    DELETE https://<vcenter_ip_address_or_fqdn>/api/vcenter/trusted-infrastructure/attestation/services/<service>
    The Workload
    ESXi
     hosts can no longer attest that their configuration is secure by using that Attestation Service instance.
  7. Retrieve detailed information, including the certificates, for a registered Key Provider Service instance.
    GET https://<vcenter_ip_address_or_fqdn>/api/vcenter/trusted-infrastructure/kms/services/<service>
    You receive the details in the response body. You can use the retrieved information to verify the Key Provider Service instance.
  8. Retrieve detailed information, including the certificates, for a registered Attestation Service instance.
    GET https://<vcenter_ip_address_or_fqdn>/api/vcenter/trusted-infrastructure/attestation/services/<service>
    You receive the details in the response body. You can use the retrieved information to verify the Attestation Service instance.

Content feedback and comments