vSphere API Methods for KMS Management

Cryptographic key management interfaces are defined in the following hierarchy.

  • CryptoManager – managed object, parent of CryptoManagerKmip.

    CryptoManager defines methods that are covered in vSphere API Methods for Cryptographic Operations.

    • CryptoManagerKmip – managed object for handing the cryptographic keys.
      • CertificateInfo – basic information of a certificate.
      • ClusterStatus – status of a KMS cluster.
      • ServerCertInfo – information about the KMS certificate.
      • ServerStatus – status of a KMS.

      CryptoManagerKmip defines the following methods:

    • String generateClientCsr(cluster) – generate a certificate signing request with its private key.
    • String generateSelfSignedClientCert(cluster) – generate self-signed client certificate with its private key.
    • KmipClusterInfo[] kmipServers() – get a list of registered KMS, grouped by clusters.
    • KmipClusterInfo[] listKmipServers(limit) – get a list of registered KMS.
    • void markDefault(clusterId) – set the default KMS cluster.
    • void registerKmipServer(server) – register a KMS.
    • void removeKmipServer(clusterId, serverName) – remove a KMS, even if in use.
    • String retrieveClientCert(cluster) – get the client certificate of the KMS cluster.
    • String retrieveClientCsr(cluster) – get the generated client certificate signing request.
    • ServerCertInfo retrieveKmipServerCert(keyProvider, server) – get the server certificate.
    • ClusterStatus[] retrieveKmipServersStatus(clusters[]) – get status of the KMS instances.
    • String retrieveSelfSignedClientCert(cluster) – get generated self signed client certificate.
    • void updateKmipServer(server) – update a KMS.
    • void updateKmsSignedCsrClientCert(cluster, certificate) – Set KMS signed certificate as the client certificate for a KMS cluster.
    • void updateSelfSignedClientCert(cluster, certificate) – set a self-signed certificate as the client certificate for the KMS cluster.
    • void uploadClientCert(cluster, certificate, privateKey) – set a client certificate with private key for the KMS cluster.
    • void uploadKmipServerCert(cluster, certificate) – upload a server certificate.
    • CryptoKeyResult generateKey(keyProvider) – generate a new encryption key.

      The generateKey method is out of alphabetic order because it is called after the others.