Share via


az attestation signer

Note

This reference is part of the attestation extension for the Azure CLI (version 2.55.0 or higher). The extension will automatically install the first time you run an az attestation signer command. Learn more about extensions.

Command group 'attestation' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Manage signers.

Commands

Name Description Type Status
az attestation signer add

Adds a new attestation policy certificate to the set of policy management certificates.

Extension Experimental
az attestation signer list

Retrieves the set of certificates used to express policy for the current tenant.

Extension Experimental
az attestation signer remove

Removes the specified policy management certificate.

Extension Experimental

az attestation signer add

Experimental

Command group 'attestation signer' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Adds a new attestation policy certificate to the set of policy management certificates.

az attestation signer add [--id]
                          [--name]
                          [--resource-group]
                          [--signer]
                          [--signer-file]

Examples

Adds a new attestation policy certificate to the set of policy management certificates.

az attestation signer add -n "myattestationprovider" -g "MyResourceGroup" --signer "eyAiYWxnIjoiUlMyNTYiLCAie..."

Optional Parameters

--id

Resource ID of the provider. Please omit --resource-group/-g or --name/-n if you have already specified --id.

--name -n

Name of the attestation provider.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--signer

The policy certificate to add. An RFC7519 JSON Web Token containing a claim named "maa-policyCertificate" whose value is an RFC7517 JSON Web Key which specifies a new key to update. The RFC7519 JWT must be signed with one of the existing signing certificates.

--signer-file -f

File name of the signer. (--signer and --signer-file/-f are mutually exclusive.).

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az attestation signer list

Experimental

Command group 'attestation signer' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Retrieves the set of certificates used to express policy for the current tenant.

az attestation signer list [--id]
                           [--name]
                           [--resource-group]

Examples

Retrieves the set of certificates used to express policy for the current tenant.

az attestation signer list -n "myattestationprovider" -g "MyResourceGroup"

Optional Parameters

--id

Resource ID of the provider. Please omit --resource-group/-g or --name/-n if you have already specified --id.

--name -n

Name of the attestation provider.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az attestation signer remove

Experimental

Command group 'attestation signer' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Removes the specified policy management certificate.

az attestation signer remove [--id]
                             [--name]
                             [--resource-group]
                             [--signer]
                             [--signer-file]

Examples

Removes the specified policy management certificate.

az attestation signer remove -n "myattestationprovider" -g "MyResourceGroup" --signer "eyAiYWxnIjoiUlMyNTYiLCAie..."

Optional Parameters

--id

Resource ID of the provider. Please omit --resource-group/-g or --name/-n if you have already specified --id.

--name -n

Name of the attestation provider.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--signer

The policy certificate to remove. An RFC7519 JSON Web Token containing a claim named "maa-policyCertificate" whose value is an RFC7517 JSON Web Key which specifies a new key to update. The RFC7519 JWT must be signed with one of the existing signing certificates.

--signer-file -f

File name of the signer. (--signer and --signer-file/-f are mutually exclusive.).

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.