az attestation policy
Note
This reference is part of the attestation extension for the Azure CLI (version 2.55.0 or higher). The extension will automatically install the first time you run an az attestation policy command. Learn more about extensions.
Command group 'attestation' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Manage policies.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az attestation policy reset |
Resets the attestation policy for the specified tenant and reverts to the default policy. |
Extension | Experimental |
| az attestation policy set |
Sets the policy for a given kind of attestation type. |
Extension | Experimental |
| az attestation policy show |
Retrieves the current policy for a given kind of attestation type. |
Extension | Experimental |
az attestation policy reset
Command group 'attestation' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Resets the attestation policy for the specified tenant and reverts to the default policy.
az attestation policy reset --attestation-type {OpenEnclave, SevSnpVm, SgxEnclave, Tpm}
[--id]
[--name]
[--policy-jws]
[--resource-group]Examples
Resets the attestation policy for the specified tenant and reverts to the default policy.
az attestation policy reset -n "myattestationprovider" -g "MyResourceGroup" --attestation-type SGX-OpenEnclaveSDK --policy-jws "eyJhbGciOiJub25lIn0.."Required Parameters
Type of the attestation.
Optional Parameters
Resource ID of the provider. Please omit --resource-group/-g or --name/-n if you have already specified --id.
Name of the attestation provider.
JSON Web Signature with an empty policy document.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az attestation policy set
Command group 'attestation' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Sets the policy for a given kind of attestation type.
az attestation policy set --attestation-type {OpenEnclave, SevSnpVm, SgxEnclave, Tpm}
[--id]
[--name]
[--new-attestation-policy]
[--new-attestation-policy-file]
[--policy-format]
[--resource-group]Examples
Sets the policy for a given kind of attestation type using JWT content.
az attestation policy set -n "myattestationprovider" -g "MyResourceGroup" --attestation-type SGX-OpenEnclaveSDK --new-attestation-policy "{JWT}" --policy-format JWTSets the policy for a given kind of attestation type using Text content.
az attestation policy set -n "myattestationprovider" -g "MyResourceGroup" --attestation-type SGX-OpenEnclaveSDK --new-attestation-policy "{json_text}"Sets the policy for a given kind of attestation type using file name.
az attestation policy set -n "myattestationprovider" -g "MyResourceGroup" --attestation-type SGX-OpenEnclaveSDK --new-attestation-policy-file "{file_name}" --policy- format JWTRequired Parameters
Type of the attestation.
Optional Parameters
Resource ID of the provider. Please omit --resource-group/-g or --name/-n if you have already specified --id.
Name of the attestation provider.
Content of the new attestation policy (Text or JWT).
File name of the new attestation policy.
Specifies the format for the policy, either Text or JWT (JSON Web Token). Allowed values: JWT, Text.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az attestation policy show
Command group 'attestation' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Retrieves the current policy for a given kind of attestation type.
az attestation policy show --attestation-type {OpenEnclave, SevSnpVm, SgxEnclave, Tpm}
[--id]
[--name]
[--resource-group]Examples
Retrieves the current policy for a given kind of attestation type.
az attestation policy show -n "myattestationprovider" -g "MyResourceGroup" --attestation-type SGX-OpenEnclaveSDKRequired Parameters
Type of the attestation.
Optional Parameters
Resource ID of the provider. Please omit --resource-group/-g or --name/-n if you have already specified --id.
Name of the attestation provider.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
