You can use HTTP requests to manage trusted instances of ESXi software on a cluster level.

You can import, list, remove, and retrieve details about ESXi base images. Some operations require you to specify parameters in the body of the HTTP request according to your vSphere Trust Authority environment. For details about the syntax of each HTTP request body, see the API Reference documentation.

Prerequisites

  • Verify that you have access to a working vSphere Trust Authority environment.
  • Verify that you have Trusted Infrastructure administrative privileges.

Procedure

  1. Import ESXi metadata as a new trusted base image to each host in a vSphere Trust Authority Cluster. 
    POST https://<vcenter_ip_address_or_fqdn>/api/vcenter/trusted-infrastructure/trust-authority-clusters/<cluster>/attestation/os/esx/base-images?action=import-from-imgdb&vmw-task=true

"YmluYXJ5"

    You receive the task ID in the response body. You can use the task ID to check the status of the task by running the following HTTP request.

    GET https://<vcenter_ip_address_or_fqdn>/api/cis/tasks/<task_ID>
  2. Retrieve a list of trusted ESXi base images in a vSphere Trust Authority Cluster. 
    GET https://<vcenter_ip_address_or_fqdn>/api/vcenter/trusted-infrastructure/trust-authority-clusters/<cluster>/attestation/os/esx/base-images?version=<value-1>&version=<value-2>&display_name=<value-1>&display_name=<value-2>&health=<value-1>&health=<value-2>&vmw-task=true

    You receive the task ID in the response body. You can use the task ID to check the status of the task by running the following HTTP request.

    GET https://<vcenter_ip_address_or_fqdn>/api/cis/tasks/<task_ID>
  3. Remove an ESXi base image that should no longer be trusted from a vSphere Trust Authority Cluster. 
    DELETE https://<vcenter_ip_address_or_fqdn>/api/vcenter/trusted-infrastructure/trust-authority-clusters/<cluster>/attestation/os/esx/base-images/<version>?vmw-task=true

    You receive the task ID in the response body. You can use the task ID to check the status of the task by running the following HTTP request.

    GET https://<vcenter_ip_address_or_fqdn>/api/cis/tasks/<task_ID>
  4. Retrieve details about a trusted ESXi base image version in a vSphere Trust Authority Cluster. 
    GET https://<vcenter_ip_address_or_fqdn>/api/vcenter/trusted-infrastructure/trust-authority-clusters/<cluster>/attestation/os/esx/base-images/<version>?vmw-task=true

    You receive the task ID in the response body. You can use the task ID to check the status of the task by running the following HTTP request.

    GET https://<vcenter_ip_address_or_fqdn>/api/cis/tasks/<task_ID>