You can use HTTP requests to perform Key Provider management operations.

You can retrieve, add, update, remove, and retrieve details about Key Providers. Some operations require you to specify parameters in the body of the HTTP request according to your vSphere Trust Authority environment. For details about the syntax of each HTTP request body, see the API Reference documentation.

Prerequisites

  • Verify that you have access to a working vSphere Trust Authority environment.
  • Verify that you have Trusted Infrastructure administrative privileges.

Procedure

  1. Retrieve a list of Key Providers to see which Key Providers the cluster is using. 
    GET https://<vcenter_ip_address_or_fqdn>/api/vcenter/trusted-infrastructure/trust-authority-clusters/<cluster>/kms/providers?vmw-task=true

    You receive the task ID in the response body. You can use the task ID to check the status of the task by running the following HTTP request.

    GET https://<vcenter_ip_address_or_fqdn>/api/cis/tasks/<task_ID>
  2. Add a new Key Provider which all hosts in the cluster can use. 
    POST https://<vcenter_ip_address_or_fqdn>/api/vcenter/trusted-infrastructure/trust-authority-clusters/<cluster>/kms/providers?vmw-task=true

    You receive the task ID in the response body. You can use the task ID to check the status of the task by running the following HTTP request.

    GET https://<vcenter_ip_address_or_fqdn>/api/cis/tasks/<task_ID>
  3. Retrieve information about a Key Provider to verify the configuration. 
    GET https://<vcenter_ip_address_or_fqdn>/api/vcenter/trusted-infrastructure/trust-authority-clusters/<cluster>/kms/providers/<provider>?vmw-task=true

    You receive the task ID in the response body. You can use the task ID to check the status of the task by running the following HTTP request.

    GET https://<vcenter_ip_address_or_fqdn>/api/cis/tasks/<task_ID>
  4. Update an existing Key Provider to modify the connection details and primary key for it. 
    PATCH https://<vcenter_ip_address_or_fqdn>/api/vcenter/trusted-infrastructure/trust-authority-clusters/<cluster>/kms/providers/<provider>?vmw-task=true

    You receive the task ID in the response body. You can use the task ID to check the status of the task by running the following HTTP request.

    GET https://<vcenter_ip_address_or_fqdn>/api/cis/tasks/<task_ID>
  5. Remove a Key Provider. 
    DELETE https://<vcenter_ip_address_or_fqdn>/api/vcenter/trusted-infrastructure/trust-authority-clusters/<cluster>/kms/providers/<provider>?vmw-task=true

    You receive the task ID in the response body. You can use the task ID to check the status of the task by running the following HTTP request.

    GET https://<vcenter_ip_address_or_fqdn>/api/cis/tasks/<task_ID>

    If the operation completes successfully, the cluster can no longer use that Key Provider.