Method: instances.getShieldedInstanceIdentity

Returns the Shielded Instance Identity of an instance

HTTP request

GET https://compute.googleapis.com/compute/beta/projects/{project}/zones/{zone}/instances/{resourceId}/getShieldedInstanceIdentity

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
project

string

Project ID for this request.
zone

string

The name of the zone for this request.
resourceId

string

Name or id of the instance scoping this request.

Request body

The request body must be empty.

Response body

If successful, the response body contains data with the following structure:

JSON representation 
{
  "signingKey": {
    "ekCert": string,
    "ekPub": string
  },
  "encryptionKey": {
    "ekCert": string,
    "ekPub": string
  },
  "kind": string
}
Fields
signingKey

object

An Attestation Key (AK) made by the RSA 2048 algorithm issued to the Shielded Instance's vTPM.
signingKey.ekCert

string

A PEM-encoded X.509 certificate. This field can be empty.
signingKey.ekPub

string

A PEM-encoded public key.
encryptionKey

object

An Endorsement Key (EK) made by the RSA 2048 algorithm issued to the Shielded Instance's vTPM.
encryptionKey.ekCert

string

A PEM-encoded X.509 certificate. This field can be empty.
encryptionKey.ekPub

string

A PEM-encoded public key.
kind

string

[Output Only] Type of the resource. Always compute#shieldedInstanceIdentity for shielded Instance identity entry.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/compute
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

In addition to any permissions specified on the fields above, authorization requires one or more of the following Google IAM permissions:

  • compute.instances.getShieldedInstanceIdentity

To find predefined roles that contain those permissions, see Compute Engine IAM Roles.