REST API - create-task

vcenter trusted infrastructure trust authority clusters attestation tpm2 endorsement keys: create-task

Add a new TPM endorsement key on a cluster. This operation was added in vSphere API 7.0.0.

Request:

HTTP request

POST https://{server}/api/vcenter/trusted-infrastructure/trust-authority-clusters/{cluster}/attestation/tpm2/endorsement-keys

?vmw-task=true
{
    "public_key""string",
    "name""obj-103",
    "certificate""string"
}

Path Parameters

Name Type Description
Required
cluster string The id of the cluster on which the operation will be executed.

Body Parameters:

Name Type Description
bold = required
- create_spec The configuration.
-.name string A unique name for the TPM endorsement key.

The unique name should be something that an administrator can use to easily identify the remote system. For example, the hostname, or hardware UUID.

. This attribute was added in vSphere API 7.0.0.

When clients pass a value of this structure as a parameter, the field must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.attestation.tpm2.EndorsementKey. When operations return a value of this structure as a result, the field will be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.attestation.tpm2.EndorsementKey.

-.public_key string TPM public endorsement key in PEM format. This attribute was added in vSphere API 7.0.0.

Optional. If unset vcenter.trusted_infrastructure.trust_authority_clusters.attestation.tpm2.endorsement_keys.create_spec.certificate must be set.

-.certificate string TPM endorsement key certificate in PEM format.

When a endorsement key certificate is provided, it will be verified against the CA certificate list. Endorsement key certificates that are not signed by one of the CA certificates will be rejected.

Using this format allows for failures to be caught during configuration rather than later during attestation.

. This attribute was added in vSphere API 7.0.0.

Optional. If unset vcenter.trusted_infrastructure.trust_authority_clusters.attestation.tpm2.endorsement_keys.create_spec.public_key must be set.

Response:

HTTP Status Code: 202

Response Body Structure:

"obj-103"

Headers:

None

Type:

Name Type Description
bold = required
- string

Errors:

HTTP Status Code Type Description
400 already_exists if the endorsement key name exists.
500 error if there is a generic error.
400 invalid_argument if the configuration is invalid or cluster id is empty.
404 not_found if cluster doesn't match to any cluster in the vCenter.
401 unauthenticated if the caller is not authenticated.