Microsoft.Attestation attestationProviders 2020-10-01
Bicep resource definition
The attestationProviders resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Attestation/attestationProviders resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Attestation/attestationProviders@2020-10-01' = {
name: 'string'
location: 'string'
tags: {
tagName1: 'tagValue1'
tagName2: 'tagValue2'
}
properties: {
policySigningCertificates: {
keys: [
{
alg: 'string'
crv: 'string'
d: 'string'
dp: 'string'
dq: 'string'
e: 'string'
k: 'string'
kid: 'string'
kty: 'string'
n: 'string'
p: 'string'
q: 'string'
qi: 'string'
use: 'string'
x: 'string'
x5c: [
'string'
]
y: 'string'
}
]
}
}
}
Property values
attestationProviders
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| location | The supported Azure location where the attestation provider should be created. | string (required) |
| tags | The tags that will be assigned to the attestation provider. | Dictionary of tag names and values. See Tags in templates |
| properties | Properties of the attestation provider | AttestationServiceCreationSpecificParamsOrStatusResu... (required) |
AttestationServiceCreationSpecificParamsOrStatusResu...
| Name | Description | Value |
|---|---|---|
| policySigningCertificates | JSON Web Key Set defining a set of X.509 Certificates that will represent the parent certificate for the signing certificate used for policy operations | JsonWebKeySet |
JsonWebKeySet
| Name | Description | Value |
|---|---|---|
| keys | The value of the "keys" parameter is an array of JWK values. By default, the order of the JWK values within the array does not imply an order of preference among them, although applications of JWK Sets can choose to assign a meaning to the order for their purposes, if desired. |
JsonWebKey[] |
JsonWebKey
| Name | Description | Value |
|---|---|---|
| alg | The "alg" (algorithm) parameter identifies the algorithm intended for use with the key. The values used should either be registered in the IANA "JSON Web Signature and Encryption Algorithms" registry established by [JWA] or be a value that contains a Collision- Resistant Name. |
string |
| crv | The "crv" (curve) parameter identifies the curve type | string |
| d | RSA private exponent or ECC private key | string |
| dp | RSA Private Key Parameter | string |
| dq | RSA Private Key Parameter | string |
| e | RSA public exponent, in Base64 | string |
| k | Symmetric key | string |
| kid | The "kid" (key ID) parameter is used to match a specific key. This is used, for instance, to choose among a set of keys within a JWK Set during key rollover. The structure of the "kid" value is unspecified. When "kid" values are used within a JWK Set, different keys within the JWK Set SHOULD use distinct "kid" values. (One example in which different keys might use the same "kid" value is if they have different "kty" (key type) values but are considered to be equivalent alternatives by the application using them.) The "kid" value is a case-sensitive string. |
string |
| kty | The "kty" (key type) parameter identifies the cryptographic algorithm family used with the key, such as "RSA" or "EC". "kty" values should either be registered in the IANA "JSON Web Key Types" registry established by [JWA] or be a value that contains a Collision- Resistant Name. The "kty" value is a case-sensitive string. |
string (required) |
| n | RSA modulus, in Base64 | string |
| p | RSA secret prime | string |
| q | RSA secret prime, with p { q | string |
| qi | RSA Private Key Parameter | string |
| use | Use ("public key use") identifies the intended use of the public key. The "use" parameter is employed to indicate whether a public key is used for encrypting data or verifying the signature on data. Values are commonly "sig" (signature) or "enc" (encryption). |
string |
| x | X coordinate for the Elliptic Curve point | string |
| x5c | The "x5c" (X.509 certificate chain) parameter contains a chain of one or more PKIX certificates [RFC5280]. The certificate chain is represented as a JSON array of certificate value strings. Each string in the array is a base64-encoded (Section 4 of [RFC4648] -- not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value. The PKIX certificate containing the key value MUST be the first certificate. |
string[] |
| y | Y coordinate for the Elliptic Curve point | string |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Create a Attestation provider |
This template creates a Attestation provider that can be used to attest the quotes from various enclaves and provide a token for third party application |
ARM template resource definition
The attestationProviders resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Attestation/attestationProviders resource, add the following JSON to your template.
{
"type": "Microsoft.Attestation/attestationProviders",
"apiVersion": "2020-10-01",
"name": "string",
"location": "string",
"tags": {
"tagName1": "tagValue1",
"tagName2": "tagValue2"
},
"properties": {
"policySigningCertificates": {
"keys": [
{
"alg": "string",
"crv": "string",
"d": "string",
"dp": "string",
"dq": "string",
"e": "string",
"k": "string",
"kid": "string",
"kty": "string",
"n": "string",
"p": "string",
"q": "string",
"qi": "string",
"use": "string",
"x": "string",
"x5c": [ "string" ],
"y": "string"
}
]
}
}
}
Property values
attestationProviders
| Name | Description | Value |
|---|---|---|
| type | The resource type | 'Microsoft.Attestation/attestationProviders' |
| apiVersion | The resource api version | '2020-10-01' |
| name | The resource name | string (required) |
| location | The supported Azure location where the attestation provider should be created. | string (required) |
| tags | The tags that will be assigned to the attestation provider. | Dictionary of tag names and values. See Tags in templates |
| properties | Properties of the attestation provider | AttestationServiceCreationSpecificParamsOrStatusResu... (required) |
AttestationServiceCreationSpecificParamsOrStatusResu...
| Name | Description | Value |
|---|---|---|
| policySigningCertificates | JSON Web Key Set defining a set of X.509 Certificates that will represent the parent certificate for the signing certificate used for policy operations | JsonWebKeySet |
JsonWebKeySet
| Name | Description | Value |
|---|---|---|
| keys | The value of the "keys" parameter is an array of JWK values. By default, the order of the JWK values within the array does not imply an order of preference among them, although applications of JWK Sets can choose to assign a meaning to the order for their purposes, if desired. |
JsonWebKey[] |
JsonWebKey
| Name | Description | Value |
|---|---|---|
| alg | The "alg" (algorithm) parameter identifies the algorithm intended for use with the key. The values used should either be registered in the IANA "JSON Web Signature and Encryption Algorithms" registry established by [JWA] or be a value that contains a Collision- Resistant Name. |
string |
| crv | The "crv" (curve) parameter identifies the curve type | string |
| d | RSA private exponent or ECC private key | string |
| dp | RSA Private Key Parameter | string |
| dq | RSA Private Key Parameter | string |
| e | RSA public exponent, in Base64 | string |
| k | Symmetric key | string |
| kid | The "kid" (key ID) parameter is used to match a specific key. This is used, for instance, to choose among a set of keys within a JWK Set during key rollover. The structure of the "kid" value is unspecified. When "kid" values are used within a JWK Set, different keys within the JWK Set SHOULD use distinct "kid" values. (One example in which different keys might use the same "kid" value is if they have different "kty" (key type) values but are considered to be equivalent alternatives by the application using them.) The "kid" value is a case-sensitive string. |
string |
| kty | The "kty" (key type) parameter identifies the cryptographic algorithm family used with the key, such as "RSA" or "EC". "kty" values should either be registered in the IANA "JSON Web Key Types" registry established by [JWA] or be a value that contains a Collision- Resistant Name. The "kty" value is a case-sensitive string. |
string (required) |
| n | RSA modulus, in Base64 | string |
| p | RSA secret prime | string |
| q | RSA secret prime, with p { q | string |
| qi | RSA Private Key Parameter | string |
| use | Use ("public key use") identifies the intended use of the public key. The "use" parameter is employed to indicate whether a public key is used for encrypting data or verifying the signature on data. Values are commonly "sig" (signature) or "enc" (encryption). |
string |
| x | X coordinate for the Elliptic Curve point | string |
| x5c | The "x5c" (X.509 certificate chain) parameter contains a chain of one or more PKIX certificates [RFC5280]. The certificate chain is represented as a JSON array of certificate value strings. Each string in the array is a base64-encoded (Section 4 of [RFC4648] -- not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value. The PKIX certificate containing the key value MUST be the first certificate. |
string[] |
| y | Y coordinate for the Elliptic Curve point | string |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
| Create a Attestation provider |
This template creates a Attestation provider that can be used to attest the quotes from various enclaves and provide a token for third party application |
Terraform (AzAPI provider) resource definition
The attestationProviders resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Attestation/attestationProviders resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Attestation/attestationProviders@2020-10-01"
name = "string"
location = "string"
parent_id = "string"
tags = {
tagName1 = "tagValue1"
tagName2 = "tagValue2"
}
body = jsonencode({
properties = {
policySigningCertificates = {
keys = [
{
alg = "string"
crv = "string"
d = "string"
dp = "string"
dq = "string"
e = "string"
k = "string"
kid = "string"
kty = "string"
n = "string"
p = "string"
q = "string"
qi = "string"
use = "string"
x = "string"
x5c = [
"string"
]
y = "string"
}
]
}
}
})
}
Property values
attestationProviders
| Name | Description | Value |
|---|---|---|
| type | The resource type | "Microsoft.Attestation/attestationProviders@2020-10-01" |
| name | The resource name | string (required) |
| location | The supported Azure location where the attestation provider should be created. | string (required) |
| parent_id | To deploy to a resource group, use the ID of that resource group. | string (required) |
| tags | The tags that will be assigned to the attestation provider. | Dictionary of tag names and values. |
| properties | Properties of the attestation provider | AttestationServiceCreationSpecificParamsOrStatusResu... (required) |
AttestationServiceCreationSpecificParamsOrStatusResu...
| Name | Description | Value |
|---|---|---|
| policySigningCertificates | JSON Web Key Set defining a set of X.509 Certificates that will represent the parent certificate for the signing certificate used for policy operations | JsonWebKeySet |
JsonWebKeySet
| Name | Description | Value |
|---|---|---|
| keys | The value of the "keys" parameter is an array of JWK values. By default, the order of the JWK values within the array does not imply an order of preference among them, although applications of JWK Sets can choose to assign a meaning to the order for their purposes, if desired. |
JsonWebKey[] |
JsonWebKey
| Name | Description | Value |
|---|---|---|
| alg | The "alg" (algorithm) parameter identifies the algorithm intended for use with the key. The values used should either be registered in the IANA "JSON Web Signature and Encryption Algorithms" registry established by [JWA] or be a value that contains a Collision- Resistant Name. |
string |
| crv | The "crv" (curve) parameter identifies the curve type | string |
| d | RSA private exponent or ECC private key | string |
| dp | RSA Private Key Parameter | string |
| dq | RSA Private Key Parameter | string |
| e | RSA public exponent, in Base64 | string |
| k | Symmetric key | string |
| kid | The "kid" (key ID) parameter is used to match a specific key. This is used, for instance, to choose among a set of keys within a JWK Set during key rollover. The structure of the "kid" value is unspecified. When "kid" values are used within a JWK Set, different keys within the JWK Set SHOULD use distinct "kid" values. (One example in which different keys might use the same "kid" value is if they have different "kty" (key type) values but are considered to be equivalent alternatives by the application using them.) The "kid" value is a case-sensitive string. |
string |
| kty | The "kty" (key type) parameter identifies the cryptographic algorithm family used with the key, such as "RSA" or "EC". "kty" values should either be registered in the IANA "JSON Web Key Types" registry established by [JWA] or be a value that contains a Collision- Resistant Name. The "kty" value is a case-sensitive string. |
string (required) |
| n | RSA modulus, in Base64 | string |
| p | RSA secret prime | string |
| q | RSA secret prime, with p { q | string |
| qi | RSA Private Key Parameter | string |
| use | Use ("public key use") identifies the intended use of the public key. The "use" parameter is employed to indicate whether a public key is used for encrypting data or verifying the signature on data. Values are commonly "sig" (signature) or "enc" (encryption). |
string |
| x | X coordinate for the Elliptic Curve point | string |
| x5c | The "x5c" (X.509 certificate chain) parameter contains a chain of one or more PKIX certificates [RFC5280]. The certificate chain is represented as a JSON array of certificate value strings. Each string in the array is a base64-encoded (Section 4 of [RFC4648] -- not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value. The PKIX certificate containing the key value MUST be the first certificate. |
string[] |
| y | Y coordinate for the Elliptic Curve point | string |