Returns the Shielded Instance Identity of an instance
HTTP request
GET https://compute.googleapis.com/compute/beta/projects/{project}/zones/{zone}/instances/{resourceId}/getShieldedInstanceIdentity
The URL uses gRPC Transcoding syntax.
Path parameters
| Parameters | |
|---|---|
project |
Project ID for this request. |
zone |
The name of the zone for this request. |
resourceId |
Name or id of the instance scoping this request. |
Request body
The request body must be empty.
Response body
If successful, the response body contains data with the following structure:
| JSON representation | |
|---|---|
{ "signingKey": { "ekCert": string, "ekPub": string }, "encryptionKey": { "ekCert": string, "ekPub": string }, "kind": string } |
|
| Fields | |
|---|---|
signingKey |
An Attestation Key (AK) made by the RSA 2048 algorithm issued to the Shielded Instance's vTPM. |
signingKey.ekCert |
A PEM-encoded X.509 certificate. This field can be empty. |
signingKey.ekPub |
A PEM-encoded public key. |
encryptionKey |
An Endorsement Key (EK) made by the RSA 2048 algorithm issued to the Shielded Instance's vTPM. |
encryptionKey.ekCert |
A PEM-encoded X.509 certificate. This field can be empty. |
encryptionKey.ekPub |
A PEM-encoded public key. |
kind |
[Output Only] Type of the resource. Always |
Authorization Scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/computehttps://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
IAM Permissions
In addition to any permissions specified on the fields above, authorization requires one or more of the following Google IAM permissions:
compute.instances.getShieldedInstanceIdentity
To find predefined roles that contain those permissions, see Compute Engine IAM Roles.
