Documentation ¶
Index ¶
- Constants
- func GetStatus(c *gin.Context)
- func PostKeyRelease(c *gin.Context)
- func PostMAAAttest(c *gin.Context)
- func PostRawAttest(c *gin.Context)
- func RegisterGlobalStates(certState *attest.CertState, identity *common.Identity, ...) gin.HandlerFunc
- func SetServerReady()
- type KeyReleaseData
- type MAAAttestData
- type RawAttestData
Constants ¶
View Source
const ( AZURE_CLIENT_ID = "AZURE_CLIENT_ID" AZURE_TENANT_ID = "AZURE_TENANT_ID" AZURE_FEDERATED_TOKEN_FILE = "AZURE_FEDERATED_TOKEN_FILE" )
Variables ¶
This section is empty.
Functions ¶
func PostKeyRelease ¶
PostKeyRelease retrieves a secret previously imported to Azure Key Vault
- AKVEndpoint is the uri to the key vault from which the secret will be retrieved
- MAAEndpoint is the uri to the Microsoft Azure Attestation service endpoint which will author and sign the attestation claims presented to the MSHM during secure key release operation. It needs to be the same as the authority defined in the SKR policy when the secret was imported to the AKV.
- KID is the key identifier of the secret to be retrieved.
func PostMAAAttest ¶
PostMAAAttest retrieves an attestation token issued by Microsoft Azure Attestation service which encodes the request's RuntimeData as a runtime claim
- RuntimeData is expected to be a base64-standard-encoded string
- MAAEndpoint is the uri to the Microsoft Azure Attestation service endpoint which will author and sign the attestation token
func PostRawAttest ¶
PostRawAttest retrieves a hardware attestation report signed by the Platform Security Processor and which encodes the hash digest of the request's RuntimeData in the attestation's ReportData
- RuntimeData is expected to be a base64-standard-encoded string
func RegisterGlobalStates ¶
func RegisterGlobalStates(certState *attest.CertState, identity *common.Identity, uvmInfo *common.UvmInformation) gin.HandlerFunc
func SetServerReady ¶
func SetServerReady()
Types ¶
type KeyReleaseData ¶
type KeyReleaseData struct { // MAA endpoint which acts as authority to the key that needs to be released MAAEndpoint string `json:"maa_endpoint" binding:"required"` // AKV endpoint from which the key is released AKVEndpoint string `json:"akv_endpoint" binding:"required"` // key identifier for key to be released KID string `json:"kid" binding:"required"` // In the absence of managed identity assignment to the container group // an AAD token issued for authentication with AKV resource may be included // in the request to release the key. AccessToken string `json:"access_token"` }
type MAAAttestData ¶
type RawAttestData ¶
type RawAttestData struct { // Base64 encoded representation of runtime data whose hash digest // will be encoded as ReportData in the hardware attestation repport RuntimeData string `json:"runtime_data" binding:"required"` }
Click to show internal directories.
Click to hide internal directories.