Verify a VM is confidential with identity tokens

Before sending sensitive information to a Confidential VM instance, your applications can request the VM's unique identity token from a metadata server. The identity token includes details about an instance such as the instance ID, creation time, license codes for the instance's images, and whether the VM is a Confidential VM instance.

If the instance_confidentiality claim in the token has a value of 1, then the VM is a Confidential VM instance.

To learn how to obtain and decode the identity token of a VM, see Verifying the identity of an instance.