Microsoft.Attestation attestationProviders 2020-10-01

Bicep resource definition

The attestationProviders resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Attestation/attestationProviders resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Attestation/attestationProviders@2020-10-01' = {
  name: 'string'
  location: 'string'
  tags: {
    tagName1: 'tagValue1'
    tagName2: 'tagValue2'
  }
  properties: {
    policySigningCertificates: {
      keys: [
        {
          alg: 'string'
          crv: 'string'
          d: 'string'
          dp: 'string'
          dq: 'string'
          e: 'string'
          k: 'string'
          kid: 'string'
          kty: 'string'
          n: 'string'
          p: 'string'
          q: 'string'
          qi: 'string'
          use: 'string'
          x: 'string'
          x5c: [
            'string'
          ]
          y: 'string'
        }
      ]
    }
  }
}

Property values

attestationProviders

Name Description Value
name The resource name string (required)
location The supported Azure location where the attestation provider should be created. string (required)
tags The tags that will be assigned to the attestation provider. Dictionary of tag names and values. See Tags in templates
properties Properties of the attestation provider AttestationServiceCreationSpecificParamsOrStatusResu... (required)

AttestationServiceCreationSpecificParamsOrStatusResu...

Name Description Value
policySigningCertificates JSON Web Key Set defining a set of X.509 Certificates that will represent the parent certificate for the signing certificate used for policy operations JsonWebKeySet

JsonWebKeySet

Name Description Value
keys The value of the "keys" parameter is an array of JWK values. By
default, the order of the JWK values within the array does not imply
an order of preference among them, although applications of JWK Sets
can choose to assign a meaning to the order for their purposes, if
desired.
JsonWebKey[]

JsonWebKey

Name Description Value
alg The "alg" (algorithm) parameter identifies the algorithm intended for
use with the key. The values used should either be registered in the
IANA "JSON Web Signature and Encryption Algorithms" registry
established by [JWA] or be a value that contains a Collision-
Resistant Name.
string
crv The "crv" (curve) parameter identifies the curve type string
d RSA private exponent or ECC private key string
dp RSA Private Key Parameter string
dq RSA Private Key Parameter string
e RSA public exponent, in Base64 string
k Symmetric key string
kid The "kid" (key ID) parameter is used to match a specific key. This
is used, for instance, to choose among a set of keys within a JWK Set
during key rollover. The structure of the "kid" value is
unspecified. When "kid" values are used within a JWK Set, different
keys within the JWK Set SHOULD use distinct "kid" values. (One
example in which different keys might use the same "kid" value is if
they have different "kty" (key type) values but are considered to be
equivalent alternatives by the application using them.) The "kid"
value is a case-sensitive string.
string
kty The "kty" (key type) parameter identifies the cryptographic algorithm
family used with the key, such as "RSA" or "EC". "kty" values should
either be registered in the IANA "JSON Web Key Types" registry
established by [JWA] or be a value that contains a Collision-
Resistant Name. The "kty" value is a case-sensitive string.
string (required)
n RSA modulus, in Base64 string
p RSA secret prime string
q RSA secret prime, with p { q string
qi RSA Private Key Parameter string
use Use ("public key use") identifies the intended use of
the public key. The "use" parameter is employed to indicate whether
a public key is used for encrypting data or verifying the signature
on data. Values are commonly "sig" (signature) or "enc" (encryption).
string
x X coordinate for the Elliptic Curve point string
x5c The "x5c" (X.509 certificate chain) parameter contains a chain of one
or more PKIX certificates [RFC5280]. The certificate chain is
represented as a JSON array of certificate value strings. Each
string in the array is a base64-encoded (Section 4 of [RFC4648] --
not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value.
The PKIX certificate containing the key value MUST be the first
certificate.
string[]
y Y coordinate for the Elliptic Curve point string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Create a Attestation provider

Deploy to Azure
This template creates a Attestation provider that can be used to attest the quotes from various enclaves and provide a token for third party application

ARM template resource definition

The attestationProviders resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Attestation/attestationProviders resource, add the following JSON to your template.

{
  "type": "Microsoft.Attestation/attestationProviders",
  "apiVersion": "2020-10-01",
  "name": "string",
  "location": "string",
  "tags": {
    "tagName1": "tagValue1",
    "tagName2": "tagValue2"
  },
  "properties": {
    "policySigningCertificates": {
      "keys": [
        {
          "alg": "string",
          "crv": "string",
          "d": "string",
          "dp": "string",
          "dq": "string",
          "e": "string",
          "k": "string",
          "kid": "string",
          "kty": "string",
          "n": "string",
          "p": "string",
          "q": "string",
          "qi": "string",
          "use": "string",
          "x": "string",
          "x5c": [ "string" ],
          "y": "string"
        }
      ]
    }
  }
}

Property values

attestationProviders

Name Description Value
type The resource type 'Microsoft.Attestation/attestationProviders'
apiVersion The resource api version '2020-10-01'
name The resource name string (required)
location The supported Azure location where the attestation provider should be created. string (required)
tags The tags that will be assigned to the attestation provider. Dictionary of tag names and values. See Tags in templates
properties Properties of the attestation provider AttestationServiceCreationSpecificParamsOrStatusResu... (required)

AttestationServiceCreationSpecificParamsOrStatusResu...

Name Description Value
policySigningCertificates JSON Web Key Set defining a set of X.509 Certificates that will represent the parent certificate for the signing certificate used for policy operations JsonWebKeySet

JsonWebKeySet

Name Description Value
keys The value of the "keys" parameter is an array of JWK values. By
default, the order of the JWK values within the array does not imply
an order of preference among them, although applications of JWK Sets
can choose to assign a meaning to the order for their purposes, if
desired.
JsonWebKey[]

JsonWebKey

Name Description Value
alg The "alg" (algorithm) parameter identifies the algorithm intended for
use with the key. The values used should either be registered in the
IANA "JSON Web Signature and Encryption Algorithms" registry
established by [JWA] or be a value that contains a Collision-
Resistant Name.
string
crv The "crv" (curve) parameter identifies the curve type string
d RSA private exponent or ECC private key string
dp RSA Private Key Parameter string
dq RSA Private Key Parameter string
e RSA public exponent, in Base64 string
k Symmetric key string
kid The "kid" (key ID) parameter is used to match a specific key. This
is used, for instance, to choose among a set of keys within a JWK Set
during key rollover. The structure of the "kid" value is
unspecified. When "kid" values are used within a JWK Set, different
keys within the JWK Set SHOULD use distinct "kid" values. (One
example in which different keys might use the same "kid" value is if
they have different "kty" (key type) values but are considered to be
equivalent alternatives by the application using them.) The "kid"
value is a case-sensitive string.
string
kty The "kty" (key type) parameter identifies the cryptographic algorithm
family used with the key, such as "RSA" or "EC". "kty" values should
either be registered in the IANA "JSON Web Key Types" registry
established by [JWA] or be a value that contains a Collision-
Resistant Name. The "kty" value is a case-sensitive string.
string (required)
n RSA modulus, in Base64 string
p RSA secret prime string
q RSA secret prime, with p { q string
qi RSA Private Key Parameter string
use Use ("public key use") identifies the intended use of
the public key. The "use" parameter is employed to indicate whether
a public key is used for encrypting data or verifying the signature
on data. Values are commonly "sig" (signature) or "enc" (encryption).
string
x X coordinate for the Elliptic Curve point string
x5c The "x5c" (X.509 certificate chain) parameter contains a chain of one
or more PKIX certificates [RFC5280]. The certificate chain is
represented as a JSON array of certificate value strings. Each
string in the array is a base64-encoded (Section 4 of [RFC4648] --
not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value.
The PKIX certificate containing the key value MUST be the first
certificate.
string[]
y Y coordinate for the Elliptic Curve point string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Create a Attestation provider

Deploy to Azure
This template creates a Attestation provider that can be used to attest the quotes from various enclaves and provide a token for third party application

Terraform (AzAPI provider) resource definition

The attestationProviders resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Attestation/attestationProviders resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Attestation/attestationProviders@2020-10-01"
  name = "string"
  location = "string"
  parent_id = "string"
  tags = {
    tagName1 = "tagValue1"
    tagName2 = "tagValue2"
  }
  body = jsonencode({
    properties = {
      policySigningCertificates = {
        keys = [
          {
            alg = "string"
            crv = "string"
            d = "string"
            dp = "string"
            dq = "string"
            e = "string"
            k = "string"
            kid = "string"
            kty = "string"
            n = "string"
            p = "string"
            q = "string"
            qi = "string"
            use = "string"
            x = "string"
            x5c = [
              "string"
            ]
            y = "string"
          }
        ]
      }
    }
  })
}

Property values

attestationProviders

Name Description Value
type The resource type "Microsoft.Attestation/attestationProviders@2020-10-01"
name The resource name string (required)
location The supported Azure location where the attestation provider should be created. string (required)
parent_id To deploy to a resource group, use the ID of that resource group. string (required)
tags The tags that will be assigned to the attestation provider. Dictionary of tag names and values.
properties Properties of the attestation provider AttestationServiceCreationSpecificParamsOrStatusResu... (required)

AttestationServiceCreationSpecificParamsOrStatusResu...

Name Description Value
policySigningCertificates JSON Web Key Set defining a set of X.509 Certificates that will represent the parent certificate for the signing certificate used for policy operations JsonWebKeySet

JsonWebKeySet

Name Description Value
keys The value of the "keys" parameter is an array of JWK values. By
default, the order of the JWK values within the array does not imply
an order of preference among them, although applications of JWK Sets
can choose to assign a meaning to the order for their purposes, if
desired.
JsonWebKey[]

JsonWebKey

Name Description Value
alg The "alg" (algorithm) parameter identifies the algorithm intended for
use with the key. The values used should either be registered in the
IANA "JSON Web Signature and Encryption Algorithms" registry
established by [JWA] or be a value that contains a Collision-
Resistant Name.
string
crv The "crv" (curve) parameter identifies the curve type string
d RSA private exponent or ECC private key string
dp RSA Private Key Parameter string
dq RSA Private Key Parameter string
e RSA public exponent, in Base64 string
k Symmetric key string
kid The "kid" (key ID) parameter is used to match a specific key. This
is used, for instance, to choose among a set of keys within a JWK Set
during key rollover. The structure of the "kid" value is
unspecified. When "kid" values are used within a JWK Set, different
keys within the JWK Set SHOULD use distinct "kid" values. (One
example in which different keys might use the same "kid" value is if
they have different "kty" (key type) values but are considered to be
equivalent alternatives by the application using them.) The "kid"
value is a case-sensitive string.
string
kty The "kty" (key type) parameter identifies the cryptographic algorithm
family used with the key, such as "RSA" or "EC". "kty" values should
either be registered in the IANA "JSON Web Key Types" registry
established by [JWA] or be a value that contains a Collision-
Resistant Name. The "kty" value is a case-sensitive string.
string (required)
n RSA modulus, in Base64 string
p RSA secret prime string
q RSA secret prime, with p { q string
qi RSA Private Key Parameter string
use Use ("public key use") identifies the intended use of
the public key. The "use" parameter is employed to indicate whether
a public key is used for encrypting data or verifying the signature
on data. Values are commonly "sig" (signature) or "enc" (encryption).
string
x X coordinate for the Elliptic Curve point string
x5c The "x5c" (X.509 certificate chain) parameter contains a chain of one
or more PKIX certificates [RFC5280]. The certificate chain is
represented as a JSON array of certificate value strings. Each
string in the array is a base64-encoded (Section 4 of [RFC4648] --
not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value.
The PKIX certificate containing the key value MUST be the first
certificate.
string[]
y Y coordinate for the Elliptic Curve point string