Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The attestationProviders resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Attestation/attestationProviders resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Attestation/attestationProviders@2020-10-01' = {
location: 'string'
name: 'string'
properties: {
policySigningCertificates: {
keys: [
{
alg: 'string'
crv: 'string'
d: 'string'
dp: 'string'
dq: 'string'
e: 'string'
k: 'string'
kid: 'string'
kty: 'string'
n: 'string'
p: 'string'
q: 'string'
qi: 'string'
use: 'string'
x: 'string'
x5c: [
'string'
]
y: 'string'
}
]
}
}
tags: {
{customized property}: 'string'
}
}
Property Values
Microsoft.Attestation/attestationProviders
| Name | Description | Value |
|---|---|---|
| location | The supported Azure location where the attestation provider should be created. | string (required) |
| name | The resource name | string (required) |
| properties | Properties of the attestation provider | AttestationServiceCreationSpecificParamsOrStatusResult (required) |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
AttestationServiceCreationParamsTags
| Name | Description | Value |
|---|
AttestationServiceCreationSpecificParamsOrStatusResult
| Name | Description | Value |
|---|---|---|
| policySigningCertificates | JSON Web Key Set defining a set of X.509 Certificates that will represent the parent certificate for the signing certificate used for policy operations | JsonWebKeySet |
JsonWebKey
| Name | Description | Value |
|---|---|---|
| alg | The "alg" (algorithm) parameter identifies the algorithm intended for use with the key. The values used should either be registered in the IANA "JSON Web Signature and Encryption Algorithms" registry established by [JWA] or be a value that contains a Collision- Resistant Name. |
string |
| crv | The "crv" (curve) parameter identifies the curve type | string |
| d | RSA private exponent or ECC private key | string |
| dp | RSA Private Key Parameter | string |
| dq | RSA Private Key Parameter | string |
| e | RSA public exponent, in Base64 | string |
| k | Symmetric key | string |
| kid | The "kid" (key ID) parameter is used to match a specific key. This is used, for instance, to choose among a set of keys within a JWK Set during key rollover. The structure of the "kid" value is unspecified. When "kid" values are used within a JWK Set, different keys within the JWK Set SHOULD use distinct "kid" values. (One example in which different keys might use the same "kid" value is if they have different "kty" (key type) values but are considered to be equivalent alternatives by the application using them.) The "kid" value is a case-sensitive string. |
string |
| kty | The "kty" (key type) parameter identifies the cryptographic algorithm family used with the key, such as "RSA" or "EC". "kty" values should either be registered in the IANA "JSON Web Key Types" registry established by [JWA] or be a value that contains a Collision- Resistant Name. The "kty" value is a case-sensitive string. |
string (required) |
| n | RSA modulus, in Base64 | string |
| p | RSA secret prime | string |
| q | RSA secret prime, with p < q | string |
| qi | RSA Private Key Parameter | string |
| use | Use ("public key use") identifies the intended use of the public key. The "use" parameter is employed to indicate whether a public key is used for encrypting data or verifying the signature on data. Values are commonly "sig" (signature) or "enc" (encryption). |
string |
| x | X coordinate for the Elliptic Curve point | string |
| x5c | The "x5c" (X.509 certificate chain) parameter contains a chain of one or more PKIX certificates [RFC5280]. The certificate chain is represented as a JSON array of certificate value strings. Each string in the array is a base64-encoded (Section 4 of [RFC4648] -- not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value. The PKIX certificate containing the key value MUST be the first certificate. |
string[] |
| y | Y coordinate for the Elliptic Curve point | string |
JsonWebKeySet
| Name | Description | Value |
|---|---|---|
| keys | The value of the "keys" parameter is an array of JWK values. By default, the order of the JWK values within the array does not imply an order of preference among them, although applications of JWK Sets can choose to assign a meaning to the order for their purposes, if desired. |
JsonWebKey[] |
Usage Examples
Azure Quickstart Samples
The following Azure Quickstart templates contain Bicep samples for deploying this resource type.
| Bicep File | Description |
|---|---|
| Create a Attestation provider | This template creates a Attestation provider that can be used to attest the quotes from various enclaves and provide a token for third party application |
ARM template resource definition
The attestationProviders resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Attestation/attestationProviders resource, add the following JSON to your template.
{
"type": "Microsoft.Attestation/attestationProviders",
"apiVersion": "2020-10-01",
"name": "string",
"location": "string",
"properties": {
"policySigningCertificates": {
"keys": [
{
"alg": "string",
"crv": "string",
"d": "string",
"dp": "string",
"dq": "string",
"e": "string",
"k": "string",
"kid": "string",
"kty": "string",
"n": "string",
"p": "string",
"q": "string",
"qi": "string",
"use": "string",
"x": "string",
"x5c": [ "string" ],
"y": "string"
}
]
}
},
"tags": {
"{customized property}": "string"
}
}
Property Values
Microsoft.Attestation/attestationProviders
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2020-10-01' |
| location | The supported Azure location where the attestation provider should be created. | string (required) |
| name | The resource name | string (required) |
| properties | Properties of the attestation provider | AttestationServiceCreationSpecificParamsOrStatusResult (required) |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| type | The resource type | 'Microsoft.Attestation/attestationProviders' |
AttestationServiceCreationParamsTags
| Name | Description | Value |
|---|
AttestationServiceCreationSpecificParamsOrStatusResult
| Name | Description | Value |
|---|---|---|
| policySigningCertificates | JSON Web Key Set defining a set of X.509 Certificates that will represent the parent certificate for the signing certificate used for policy operations | JsonWebKeySet |
JsonWebKey
| Name | Description | Value |
|---|---|---|
| alg | The "alg" (algorithm) parameter identifies the algorithm intended for use with the key. The values used should either be registered in the IANA "JSON Web Signature and Encryption Algorithms" registry established by [JWA] or be a value that contains a Collision- Resistant Name. |
string |
| crv | The "crv" (curve) parameter identifies the curve type | string |
| d | RSA private exponent or ECC private key | string |
| dp | RSA Private Key Parameter | string |
| dq | RSA Private Key Parameter | string |
| e | RSA public exponent, in Base64 | string |
| k | Symmetric key | string |
| kid | The "kid" (key ID) parameter is used to match a specific key. This is used, for instance, to choose among a set of keys within a JWK Set during key rollover. The structure of the "kid" value is unspecified. When "kid" values are used within a JWK Set, different keys within the JWK Set SHOULD use distinct "kid" values. (One example in which different keys might use the same "kid" value is if they have different "kty" (key type) values but are considered to be equivalent alternatives by the application using them.) The "kid" value is a case-sensitive string. |
string |
| kty | The "kty" (key type) parameter identifies the cryptographic algorithm family used with the key, such as "RSA" or "EC". "kty" values should either be registered in the IANA "JSON Web Key Types" registry established by [JWA] or be a value that contains a Collision- Resistant Name. The "kty" value is a case-sensitive string. |
string (required) |
| n | RSA modulus, in Base64 | string |
| p | RSA secret prime | string |
| q | RSA secret prime, with p < q | string |
| qi | RSA Private Key Parameter | string |
| use | Use ("public key use") identifies the intended use of the public key. The "use" parameter is employed to indicate whether a public key is used for encrypting data or verifying the signature on data. Values are commonly "sig" (signature) or "enc" (encryption). |
string |
| x | X coordinate for the Elliptic Curve point | string |
| x5c | The "x5c" (X.509 certificate chain) parameter contains a chain of one or more PKIX certificates [RFC5280]. The certificate chain is represented as a JSON array of certificate value strings. Each string in the array is a base64-encoded (Section 4 of [RFC4648] -- not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value. The PKIX certificate containing the key value MUST be the first certificate. |
string[] |
| y | Y coordinate for the Elliptic Curve point | string |
JsonWebKeySet
| Name | Description | Value |
|---|---|---|
| keys | The value of the "keys" parameter is an array of JWK values. By default, the order of the JWK values within the array does not imply an order of preference among them, although applications of JWK Sets can choose to assign a meaning to the order for their purposes, if desired. |
JsonWebKey[] |
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Create a Attestation provider |
This template creates a Attestation provider that can be used to attest the quotes from various enclaves and provide a token for third party application |
Terraform (AzAPI provider) resource definition
The attestationProviders resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Attestation/attestationProviders resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Attestation/attestationProviders@2020-10-01"
name = "string"
parent_id = "string"
location = "string"
tags = {
{customized property} = "string"
}
body = {
properties = {
policySigningCertificates = {
keys = [
{
alg = "string"
crv = "string"
d = "string"
dp = "string"
dq = "string"
e = "string"
k = "string"
kid = "string"
kty = "string"
n = "string"
p = "string"
q = "string"
qi = "string"
use = "string"
x = "string"
x5c = [
"string"
]
y = "string"
}
]
}
}
}
}
Property Values
Microsoft.Attestation/attestationProviders
| Name | Description | Value |
|---|---|---|
| location | The supported Azure location where the attestation provider should be created. | string (required) |
| name | The resource name | string (required) |
| properties | Properties of the attestation provider | AttestationServiceCreationSpecificParamsOrStatusResult (required) |
| tags | Resource tags | Dictionary of tag names and values. |
| type | The resource type | "Microsoft.Attestation/attestationProviders@2020-10-01" |
AttestationServiceCreationParamsTags
| Name | Description | Value |
|---|
AttestationServiceCreationSpecificParamsOrStatusResult
| Name | Description | Value |
|---|---|---|
| policySigningCertificates | JSON Web Key Set defining a set of X.509 Certificates that will represent the parent certificate for the signing certificate used for policy operations | JsonWebKeySet |
JsonWebKey
| Name | Description | Value |
|---|---|---|
| alg | The "alg" (algorithm) parameter identifies the algorithm intended for use with the key. The values used should either be registered in the IANA "JSON Web Signature and Encryption Algorithms" registry established by [JWA] or be a value that contains a Collision- Resistant Name. |
string |
| crv | The "crv" (curve) parameter identifies the curve type | string |
| d | RSA private exponent or ECC private key | string |
| dp | RSA Private Key Parameter | string |
| dq | RSA Private Key Parameter | string |
| e | RSA public exponent, in Base64 | string |
| k | Symmetric key | string |
| kid | The "kid" (key ID) parameter is used to match a specific key. This is used, for instance, to choose among a set of keys within a JWK Set during key rollover. The structure of the "kid" value is unspecified. When "kid" values are used within a JWK Set, different keys within the JWK Set SHOULD use distinct "kid" values. (One example in which different keys might use the same "kid" value is if they have different "kty" (key type) values but are considered to be equivalent alternatives by the application using them.) The "kid" value is a case-sensitive string. |
string |
| kty | The "kty" (key type) parameter identifies the cryptographic algorithm family used with the key, such as "RSA" or "EC". "kty" values should either be registered in the IANA "JSON Web Key Types" registry established by [JWA] or be a value that contains a Collision- Resistant Name. The "kty" value is a case-sensitive string. |
string (required) |
| n | RSA modulus, in Base64 | string |
| p | RSA secret prime | string |
| q | RSA secret prime, with p < q | string |
| qi | RSA Private Key Parameter | string |
| use | Use ("public key use") identifies the intended use of the public key. The "use" parameter is employed to indicate whether a public key is used for encrypting data or verifying the signature on data. Values are commonly "sig" (signature) or "enc" (encryption). |
string |
| x | X coordinate for the Elliptic Curve point | string |
| x5c | The "x5c" (X.509 certificate chain) parameter contains a chain of one or more PKIX certificates [RFC5280]. The certificate chain is represented as a JSON array of certificate value strings. Each string in the array is a base64-encoded (Section 4 of [RFC4648] -- not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value. The PKIX certificate containing the key value MUST be the first certificate. |
string[] |
| y | Y coordinate for the Elliptic Curve point | string |
JsonWebKeySet
| Name | Description | Value |
|---|---|---|
| keys | The value of the "keys" parameter is an array of JWK values. By default, the order of the JWK values within the array does not imply an order of preference among them, although applications of JWK Sets can choose to assign a meaning to the order for their purposes, if desired. |
JsonWebKey[] |