Managed Object - CryptoManagerKmip(vim.encryption.CryptoManagerKmip)

Extends
CryptoManager
See also
CryptoKeyResult, CryptoManagerKmipClusterStatus, CryptoManagerKmipServerCertInfo, KeyProviderId, KmipClusterInfo, KmipServerInfo, KmipServerSpec
Since
vSphere API 6.5


Managed Object Description

Singleton Managed Object used to manage cryptographic keys.

Properties

Name Type Description
kmipServers*KmipClusterInfo[]

A list of registered KMIP servers, grouped by clusters.
Properties inherited from CryptoManager
enabled
*May not be present

Methods

Methods defined in this Managed Object
GenerateClientCsr, GenerateKey, GenerateSelfSignedClientCert, ListKmipServers, MarkDefault, RegisterKmipServer, RemoveKmipServer, RetrieveClientCert, RetrieveClientCsr, RetrieveKmipServerCert, RetrieveKmipServersStatus_Task, RetrieveSelfSignedClientCert, UpdateKmipServer, UpdateKmsSignedCsrClientCert, UpdateSelfSignedClientCert, UploadClientCert, UploadKmipServerCert
Methods inherited from CryptoManager
AddKey, AddKeys, ListKeys, RemoveKey, RemoveKeys

GenerateClientCsr(generateClientCsr)

Generate a certificate signing request with its private key. This generates a CSR request as well as its private key. The private key will not be returned to caller for security protection. If this method is called again, the CSR and private key generated in the new invocation will overwrite the old ones. After the CSR is signed by KMS into a certificate, it should be updated by calling UpdateKmsSignedCsrClientCert. The generated CSR can be later retrieved by calling RetrieveClientCsr.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
cluster PKeyProviderId

[in] KMIP cluster.

Since vSphere API 6.5
P Required privilege: cluster

Return Value

Type Description
xsd:stringA newly generated CSR.

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



GenerateKey(generateKey)

Generate new encryption key.
Required Privileges
Cryptographer.ManageKeys

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
keyProvider* PKeyProviderId

[in] Which provider will generate the key. If omitted, will use the default key provider.

Since vSphere API 6.5
*Need not be set P Required privilege: keyProvider

Return Value

Type Description
CryptoKeyResultThe generated key.

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



GenerateSelfSignedClientCert(generateSelfSignedClientCert)

Generate a self-signed client certificate with its private key. This generates a self signed certificate as well as its private key. The private key will not be returned to caller for security protection. If this method is called again, the certificate and private key generated in the new invocation will overwrite the old ones. The generated certificate will not replace current working certificate until UpdateSelfSignedClientCert is called. The generated self signed certificate can be later retrieved by calling RetrieveSelfSignedClientCert.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
cluster PKeyProviderId

[in] KMIP cluster.

Since vSphere API 6.5
P Required privilege: cluster

Return Value

Type Description
xsd:stringA new self-signed client certificate.

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



ListKmipServers(listKmipServers)

List the registered KMIP servers.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
limit* Pxsd:int

[in] maximum clusters to return.

Since vSphere API 6.5
*Need not be set P Required privilege: limit

Return Value

Type Description
KmipClusterInfo[]List of known KMIP servers grouped in clusters.

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



MarkDefault(markDefault)

Set the default KMIP cluster.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
clusterId PKeyProviderId

[in] KMIP cluster ID to become default.

Since vSphere API 6.5
P Required privilege: clusterId

Return Value

Type Description
None

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



RegisterKmipServer(registerKmipServer)

Register a KMIP server.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
server PKmipServerSpec

[in] KMIP server connection information.

Since vSphere API 6.5
P Required privilege: server

Return Value

Type Description
None

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



RemoveKmipServer(removeKmipServer)

Remove a KMIP server, even if in use.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
clusterId PKeyProviderId

[in] KMIP cluster ID.

Since vSphere API 6.5
serverName Pxsd:string

[in] KMIP server name.

Since vSphere API 6.5
PRequired privilege - see tooltip for details

Return Value

Type Description
None

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



RetrieveClientCert(retrieveClientCert)

Get the client certificate of the KMIP cluster.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
cluster PKeyProviderId

[in] KMIP cluster.

Since vSphere API 6.5
P Required privilege: cluster

Return Value

Type Description
xsd:stringThe client certificate.

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



RetrieveClientCsr(retrieveClientCsr)

Get the generated client certificate signing request. If GenerateClientCsr is called previously, this will return the generated certificate signing request; otherwise return empty string.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
cluster PKeyProviderId

[in] KMIP cluster.

Since vSphere API 6.5
P Required privilege: cluster

Return Value

Type Description
xsd:stringThe CSR generated previously, if any.

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



RetrieveKmipServerCert(retrieveKmipServerCert)

Get the server certficate. In the case of error, an empty certificate string is returned.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
keyProvider PKeyProviderId

[in] KMIP cluster in which the server is placed or will be created.

Since vSphere API 6.5
server PKmipServerInfo

[in] KMIP server.

Since vSphere API 6.5
PRequired privilege - see tooltip for details

Return Value

Type Description
CryptoManagerKmipServerCertInfoInformation about the server certificate.

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



RetrieveKmipServersStatus_Task(retrieveKmipServersStatus)

Get the status of the KMIP servers.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
clusters* PKmipClusterInfo[]

[in] KMIP clusters and their servers.

Since vSphere API 6.5
*Need not be set P Required privilege: clusters

Return Value

Type Description
ManagedObjectReference
to a Task

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None



RetrieveSelfSignedClientCert(retrieveSelfSignedClientCert)

Get the generated self signed client certificate. If GenerateSelfSignedClientCert is called previously, this will return the generated certificate; otherwise return empty string.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
cluster PKeyProviderId

[in] KMIP cluster.

Since vSphere API 6.5
P Required privilege: cluster

Return Value

Type Description
xsd:stringThe self signed certificate generated previously, if any.

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



UpdateKmipServer(updateKmipServer)

Update a KMIP server.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
server PKmipServerSpec

[in] KMIP server connection information.

Since vSphere API 6.5
P Required privilege: server

Return Value

Type Description
None

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



UpdateKmsSignedCsrClientCert(updateKmsSignedCsrClientCert)

Set KMS server signed certificate as KMIP client certificate for the KMS cluster. This method should be called to update the certificate signed by KMS server from a CSR that is generated by calling GenerateClientCsr. If GenerateClientCsr is called more than once, the CSR that is generated last time should be used; otherwise the certificate will be rejected because the private key from last time won't match the public key in the certificate.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
cluster PKeyProviderId

[in] KMIP cluster.

Since vSphere API 6.5
certificate Pxsd:string

[in] Client certificate.

Since vSphere API 6.5
PRequired privilege - see tooltip for details

Return Value

Type Description
None

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



UpdateSelfSignedClientCert(updateSelfSignedClientCert)

Set a self-signed certificate as KMIP client certificate for the KMS cluster. This method should be called to update the certificate which is generated by calling GenerateSelfSignedClientCert. If GenerateSelfSignedClientCert is called more than once, the self signed certificate that is generated last time should be used; otherwise the certificate will be rejected because the private key from last time won't match the public key in the certificate.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
cluster PKeyProviderId

[in] KMIP cluster.

Since vSphere API 6.5
certificate Pxsd:string

[in] Client certificate.

Since vSphere API 6.5
PRequired privilege - see tooltip for details

Return Value

Type Description
None

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



UploadClientCert(uploadClientCert)

Set a client certificate with private key for the KMIP cluster. The certificate and private key can be assigned by a KMS server and the certificate might be already trusted by the KMS server.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
cluster PKeyProviderId

[in] KMIP cluster.

Since vSphere API 6.5
certificate Pxsd:string

[in] Client certificate.

Since vSphere API 6.5
privateKey Pxsd:string

[in] Private key.

Since vSphere API 6.5
PRequired privilege - see tooltip for details

Return Value

Type Description
None

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



UploadKmipServerCert(uploadKmipServerCert)

Upload a server certficate.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
cluster PKeyProviderId

[in] KMIP cluster.

Since vSphere API 6.5
certificate Pxsd:string

[in] Server certificate in PEM encoding.

Since vSphere API 6.5
PRequired privilege - see tooltip for details

Return Value

Type Description
None

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition