az attestation signer

Manage the trusted policy signers.

Commands

az attestation signer add

Adds a new attestation policy certificate to the set of policy management certificates.

az attestation signer list

Retrieves the set of certificates used to express policy for the current tenant.

az attestation signer remove

Removes the specified policy management certificate. Note that the final policy management certificate cannot be removed.

az attestation signer add

Adds a new attestation policy certificate to the set of policy management certificates.

az attestation signer add --signer
                          [--attestation-base-url]
                          [--name]
                          [--resource-group]

Examples

Adds a new attestation policy certificate to the set of policy management certificates.

az attestation signer add -n "myattestationprovider" -g "MyResourceGroup" \
--signer "eyAiYWxnIjoiUlMyNTYiLCAie..."

Required Parameters

--signer

The policy certificate to add. An RFC7519 JSON Web Token containing a claim named "aas-policyCertificate" whose value is an RFC7517 JSON Web Key which specifies a new key to update. The RFC7519 JWT must be signed with one of the existing signing certificates.

Optional Parameters

--attestation-base-url -u

URL of the attestation, for example: https://myatt.eus2.attest.azure.net. You can ignore --name and --resource-group if you specified the URL.

--name -n

Name of the attestation.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az attestation signer list

Retrieves the set of certificates used to express policy for the current tenant.

az attestation signer list [--attestation-base-url]
                           [--name]
                           [--resource-group]

Examples

Retrieves the set of certificates used to express policy for the current tenant.

az attestation signer list -n "myattestationprovider" -g "MyResourceGroup"

Optional Parameters

--attestation-base-url -u

URL of the attestation, for example: https://myatt.eus2.attest.azure.net. You can ignore --name and --resource-group if you specified the URL.

--name -n

Name of the attestation.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az attestation signer remove

Removes the specified policy management certificate. Note that the final policy management certificate cannot be removed.

az attestation signer remove --signer
                             [--attestation-base-url]
                             [--name]
                             [--resource-group]

Examples

Removes the specified policy management certificate.

az attestation signer remove -n "myattestationprovider" -g "MyResourceGroup" \
--signer "eyAiYWxnIjoiUlMyNTYiLCAie..."

Required Parameters

--signer

The policy certificate to remove. An RFC7519 JSON Web Token containing a claim named "aas-policyCertificate" whose value is an RFC7517 JSON Web Key which specifies a new key to update. The RFC7519 JWT must be signed with one of the existing signing certificates.

Optional Parameters

--attestation-base-url -u

URL of the attestation, for example: https://myatt.eus2.attest.azure.net. You can ignore --name and --resource-group if you specified the URL.

--name -n

Name of the attestation.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.