- HTTP request
- Path parameters
- Request body
- Response body
- Authorization Scopes
- IAM Permissions
- Examples
- Try it!
Returns the Shielded Instance Identity of an instance
HTTP request
GET https://compute.googleapis.com/compute/v1/projects/{project}/zones/{zone}/instances/{resourceId}/getShieldedInstanceIdentity
The URL uses gRPC Transcoding syntax.
Path parameters
| Parameters | |
|---|---|
project |
Project ID for this request. |
zone |
The name of the zone for this request. |
resourceId |
Name or id of the instance scoping this request. |
Request body
The request body must be empty.
Response body
If successful, the response body contains data with the following structure:
| JSON representation | |
|---|---|
{ "signingKey": { "ekCert": string, "ekPub": string }, "encryptionKey": { "ekCert": string, "ekPub": string }, "kind": string } |
|
| Fields | |
|---|---|
signingKey |
An Attestation Key (AK) made by the RSA 2048 algorithm issued to the Shielded Instance's vTPM. |
signingKey.ekCert |
A PEM-encoded X.509 certificate. This field can be empty. |
signingKey.ekPub |
A PEM-encoded public key. |
encryptionKey |
An Endorsement Key (EK) made by the RSA 2048 algorithm issued to the Shielded Instance's vTPM. |
encryptionKey.ekCert |
A PEM-encoded X.509 certificate. This field can be empty. |
encryptionKey.ekPub |
A PEM-encoded public key. |
kind |
[Output Only] Type of the resource. Always |
Authorization Scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/computehttps://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
IAM Permissions
In addition to any permissions specified on the fields above, authorization requires one or more of the following IAM permissions:
compute.instances.getShieldedInstanceIdentity