az attestation policy

Manage the policies.

Commands

az attestation policy reset

Resets the attestation policy for the specified tenant and reverts to the default policy.

az attestation policy set

Sets the policy for a given kind of TEE.

az attestation policy show

Retrieves the current policy for a given kind of TEE.

az attestation policy reset

Resets the attestation policy for the specified tenant and reverts to the default policy.

az attestation policy reset --policy-jws
                            --tee {CyResComponent, OpenEnclave, SgxEnclave, VSMEnclave}
                            [--attestation-base-url]
                            [--name]
                            [--resource-group]

Examples

Resets the attestation policy for the specified tenant and reverts to the default policy.

az attestation policy reset -n "myattestationprovider" -g "MyResourceGroup" --tee SgxEnclave \
--policy-jws "eyJhbGciOiJub25lIn0.."

Required Parameters

--policy-jws

JSON Web Signature with an empty policy document.

--tee

Specifies the trusted execution environment to be used to validate the evidence.

accepted values: CyResComponent, OpenEnclave, SgxEnclave, VSMEnclave

Optional Parameters

--attestation-base-url -u

URL of the attestation, for example: https://myatt.eus2.attest.azure.net. You can ignore --name and --resource-group if you specified the URL.

--name -n

Name of the attestation.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az attestation policy set

Sets the policy for a given kind of TEE.

az attestation policy set --new-attestation-policy
                          --tee {CyResComponent, OpenEnclave, SgxEnclave, VSMEnclave}
                          [--attestation-base-url]
                          [--name]
                          [--resource-group]

Examples

Sets the policy for a given kind of TEE (SgxEnclave).

az attestation policy set -n "myattestationprovider" -g "MyResourceGroup" --tee SgxEnclave \
--new-attestation-policy "newAttestationPolicyname"

Required Parameters

--new-attestation-policy -p

JWT Expressing the new policy.

--tee

Specifies the trusted execution environment to be used to validate the evidence.

accepted values: CyResComponent, OpenEnclave, SgxEnclave, VSMEnclave

Optional Parameters

--attestation-base-url -u

URL of the attestation, for example: https://myatt.eus2.attest.azure.net. You can ignore --name and --resource-group if you specified the URL.

--name -n

Name of the attestation.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az attestation policy show

Retrieves the current policy for a given kind of TEE.

az attestation policy show --tee {CyResComponent, OpenEnclave, SgxEnclave, VSMEnclave}
                           [--attestation-base-url]
                           [--name]
                           [--resource-group]

Examples

Retrieves the current policy for a given kind of TEE (SgxEnclave).

az attestation policy show -n "myattestationprovider" -g "MyResourceGroup" --tee SgxEnclave

Required Parameters

--tee

Specifies the trusted execution environment to be used to validate the evidence.

accepted values: CyResComponent, OpenEnclave, SgxEnclave, VSMEnclave

Optional Parameters

--attestation-base-url -u

URL of the attestation, for example: https://myatt.eus2.attest.azure.net. You can ignore --name and --resource-group if you specified the URL.

--name -n

Name of the attestation.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.