Scripting Object - VcCryptoManagerKmip

Scripting-object corresponding to
CryptoManagerKmip

Scripting Object Description

Singleton Managed Object used to manage cryptographic keys.

Attributes

Name Type Description
enabledBoolean

@since vSphere API 6.5
idString

@since Unknown
kmipServersVcKmipClusterInfo []

@since vSphere API 6.5
morefVcManagedObjectReference

returns the ManagedObjectReference of this ManagedObject @since Unknown
sdkConnectionVcSdkConnection

@since Unknown
sdkIdString

@since Unknown
typeStringDeprecated.

Returns the name for the this managed object's vim type @since Unknown
vimHostVcSdkConnection

@since Unknown
vimIdString

@since Unknown
vimTypeString

@since Unknown

Methods

Methods defined in this Scripting Object
_getRef, addKey, addKeys, createTrigger, generateClientCsr, generateKey, generateSelfSignedClientCert, listKeys, listKmipServers, markDefault, registerKmipServer, removeKey, removeKeys, removeKmipServer, retrieveClientCert, retrieveClientCsr, retrieveKmipServerCert, retrieveKmipServersStatus_Task, retrieveSelfSignedClientCert, updateKmipServer, updateKmsSignedCsrClientCert, updateSelfSignedClientCert, uploadClientCert, uploadKmipServerCert

_getRef

@since Unknown

Parameters

NameTypeDescription
None

Return Value

Type Description
VcManagedObjectReference

retrieveKmipServersStatus_Task

Get the status of the KMIP servers. @since vSphere API 6.5

Parameters

NameTypeDescription
arg0VcKmipClusterInfo []


Return Value

Type Description
VcTask

addKeys

Add multiple existing keys. @since vSphere API 6.5

Parameters

NameTypeDescription
arg0VcCryptoKeyPlain []


Return Value

Type Description
VcCryptoKeyResult []

removeKmipServer

Remove a KMIP server, even if in use. @since vSphere API 6.5

Parameters

NameTypeDescription
arg0VcKeyProviderId

arg1String


Return Value

Type Description
None

removeKey

Remove a key (only the UUID is needed to remove). If "force" is set, removal will happen even if the key is in use. @since vSphere API 6.5

Parameters

NameTypeDescription
arg0VcCryptoKeyId

arg1Boolean


Return Value

Type Description
None

uploadClientCert

Set a client certificate with private key for the KMIP cluster. The certificate and private key can be assigned by a KMS server and the certificate might be already trusted by the KMS server. @since vSphere API 6.5

Parameters

NameTypeDescription
arg0VcKeyProviderId

arg1String

arg2String


Return Value

Type Description
None

updateKmipServer

Update a KMIP server. @since vSphere API 6.5

Parameters

NameTypeDescription
arg0VcKmipServerSpec


Return Value

Type Description
None

registerKmipServer

Register a KMIP server. @since vSphere API 6.5

Parameters

NameTypeDescription
arg0VcKmipServerSpec


Return Value

Type Description
None

listKeys

List keys. * When executed against the host, lists all the keys added to the host's key cache by {@link #addKey}/{@link #addKeys}. * When executed against the VC, lists all the keys used by the correctly registered VMs, and the host key. @since vSphere API 6.5

Parameters

NameTypeDescription
arg0Number


Return Value

Type Description
VcCryptoKeyId []

removeKeys

Remove multiple keys (only the UUID is needed to remove). If "force" is set, removal will happen even if they are in use. @since vSphere API 6.5

Parameters

NameTypeDescription
arg0VcCryptoKeyId []

arg1Boolean


Return Value

Type Description
VcCryptoKeyResult []

retrieveClientCert

Get the client certificate of the KMIP cluster. @since vSphere API 6.5

Parameters

NameTypeDescription
arg0VcKeyProviderId


Return Value

Type Description
String

retrieveSelfSignedClientCert

Get the generated self signed client certificate. If {@link #generateSelfSignedClientCert} is called previously, this will return the generated certificate; otherwise return empty string. @since vSphere API 6.5

Parameters

NameTypeDescription
arg0VcKeyProviderId


Return Value

Type Description
String

createTrigger

@since Unknown

Parameters

NameTypeDescription
timeoutNumber

filterString

conditionString

filterToSyncString


Return Value

Type Description
Trigger

listKmipServers

List the registered KMIP servers. @since vSphere API 6.5

Parameters

NameTypeDescription
arg0Number


Return Value

Type Description
VcKmipClusterInfo []

generateKey

Generate new encryption key. @since vSphere API 6.5

Parameters

NameTypeDescription
arg0VcKeyProviderId


Return Value

Type Description
VcCryptoKeyResult

generateClientCsr

Generate a certificate signing request with its private key. This generates a CSR request as well as its private key. The private key will not be returned to caller for security protection. If this method is called again, the CSR and private key generated in the new invocation will overwrite the old ones. After the CSR is signed by KMS into a certificate, it should be updated by calling {@link #updateKmsSignedCsrClientCert}. The generated CSR can be later retrieved by calling {@link #retrieveClientCsr}. @since vSphere API 6.5

Parameters

NameTypeDescription
arg0VcKeyProviderId


Return Value

Type Description
String

retrieveKmipServerCert

Get the server certficate. In the case of error, an empty certificate string is returned. @since vSphere API 6.5

Parameters

NameTypeDescription
arg0VcKeyProviderId

arg1VcKmipServerInfo


Return Value

Type Description
VcCryptoManagerKmipServerCertInfo

uploadKmipServerCert

Upload a server certficate. @since vSphere API 6.5

Parameters

NameTypeDescription
arg0VcKeyProviderId

arg1String


Return Value

Type Description
None

markDefault

Set the default KMIP cluster. @since vSphere API 6.5

Parameters

NameTypeDescription
arg0VcKeyProviderId


Return Value

Type Description
None

updateSelfSignedClientCert

Set a self-signed certificate as KMIP client certificate for the KMS cluster. This method should be called to update the certificate which is generated by calling {@link #generateSelfSignedClientCert}. If {@link #generateSelfSignedClientCert} is called more than once, the self signed certificate that is generated last time should be used; otherwise the certificate will be rejected because the private key from last time won't match the public key in the certificate. @since vSphere API 6.5

Parameters

NameTypeDescription
arg0VcKeyProviderId

arg1String


Return Value

Type Description
None

updateKmsSignedCsrClientCert

Set KMS server signed certificate as KMIP client certificate for the KMS cluster. This method should be called to update the certificate signed by KMS server from a CSR that is generated by calling {@link #generateClientCsr}. If {@link #generateClientCsr} is called more than once, the CSR that is generated last time should be used; otherwise the certificate will be rejected because the private key from last time won't match the public key in the certificate. @since vSphere API 6.5

Parameters

NameTypeDescription
arg0VcKeyProviderId

arg1String


Return Value

Type Description
None

generateSelfSignedClientCert

Generate a self-signed client certificate with its private key. This generates a self signed certificate as well as its private key. The private key will not be returned to caller for security protection. If this method is called again, the certificate and private key generated in the new invocation will overwrite the old ones. The generated certificate will not replace current working certificate until {@link #updateSelfSignedClientCert} is called. The generated self signed certificate can be later retrieved by calling {@link #retrieveSelfSignedClientCert}. @since vSphere API 6.5

Parameters

NameTypeDescription
arg0VcKeyProviderId


Return Value

Type Description
String

retrieveClientCsr

Get the generated client certificate signing request. If {@link #generateClientCsr} is called previously, this will return the generated certificate signing request; otherwise return empty string. @since vSphere API 6.5

Parameters

NameTypeDescription
arg0VcKeyProviderId


Return Value

Type Description
String

addKey

Add an existing key. @since vSphere API 6.5

Parameters

NameTypeDescription
arg0VcCryptoKeyPlain


Return Value

Type Description
None