Method: instances.getShieldedVmIdentity

Returns the Shielded VM Identity of an instance

HTTP request

GET https://www.googleapis.com/compute/beta/projects/{project}/zones/{zone}/instances/{resourceId}/getShieldedVmIdentity

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
project

string

Project ID for this request.

zone

string

The name of the zone for this request.

resourceId

string

Name or id of the instance scoping this request.

Request body

The request body must be empty.

Response body

If successful, the response body contains data with the following structure:

A Shielded VM Identity.

JSON representation
{
  "signingKey": {
    "ekCert": string,
    "ekPub": string
  },
  "encryptionKey": {
    "ekCert": string,
    "ekPub": string
  },
  "kind": string
}
Fields
signingKey

object

An Attestation Key (AK) issued to the Shielded VM's vTPM.

signingKey.ekCert

string

A PEM-encoded X.509 certificate. This field can be empty.

signingKey.ekPub

string

A PEM-encoded public key.

encryptionKey

object

An Endorsement Key (EK) issued to the Shielded VM's vTPM.

encryptionKey.ekCert

string

A PEM-encoded X.509 certificate. This field can be empty.

encryptionKey.ekPub

string

A PEM-encoded public key.

kind

string

[Output Only] Type of the resource. Always compute#shieldedVmIdentity for shielded VM identity entry.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/compute
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

In addition to any permissions specified on the fields above, authorization requires one or more of the following Google IAM permissions:

  • compute.instances.getShieldedVmIdentity
Was this page helpful? Let us know how we did:

Send feedback about...

Compute Engine