az attestation signer

Note

This reference is part of the attestation extension for the Azure CLI (version 2.55.0 or higher). The extension will automatically install the first time you run an az attestation signer command. Learn more about extensions.

Command group 'attestation' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Manage signers.

Commands

Name	Description	Type	Status
az attestation signer add	Adds a new attestation policy certificate to the set of policy management certificates.	Extension	Experimental
az attestation signer list	Retrieves the set of certificates used to express policy for the current tenant.	Extension	Experimental
az attestation signer remove	Removes the specified policy management certificate.	Extension	Experimental

az attestation signer add

Experimental

Command group 'attestation signer' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Adds a new attestation policy certificate to the set of policy management certificates.

az attestation signer add [--id]
                          [--name]
                          [--resource-group]
                          [--signer]
                          [--signer-file]

Examples

Adds a new attestation policy certificate to the set of policy management certificates.

az attestation signer add -n "myattestationprovider" -g "MyResourceGroup" --signer "eyAiYWxnIjoiUlMyNTYiLCAie..."

Optional Parameters

--id

Resource ID of the provider. Please omit --resource-group/-g or --name/-n if you have already specified --id.

--name -n

Name of the attestation provider.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--signer

The policy certificate to add. An RFC7519 JSON Web Token containing a claim named "maa-policyCertificate" whose value is an RFC7517 JSON Web Key which specifies a new key to update. The RFC7519 JWT must be signed with one of the existing signing certificates.

--signer-file -f

File name of the signer. (--signer and --signer-file/-f are mutually exclusive.).

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az attestation signer list

Experimental

Command group 'attestation signer' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Retrieves the set of certificates used to express policy for the current tenant.

az attestation signer list [--id]
                           [--name]
                           [--resource-group]

Examples

Retrieves the set of certificates used to express policy for the current tenant.

az attestation signer list -n "myattestationprovider" -g "MyResourceGroup"

Optional Parameters

--id

Resource ID of the provider. Please omit --resource-group/-g or --name/-n if you have already specified --id.

--name -n

Name of the attestation provider.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az attestation signer remove

Experimental

Command group 'attestation signer' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Removes the specified policy management certificate.

az attestation signer remove [--id]
                             [--name]
                             [--resource-group]
                             [--signer]
                             [--signer-file]

Examples

Removes the specified policy management certificate.

az attestation signer remove -n "myattestationprovider" -g "MyResourceGroup" --signer "eyAiYWxnIjoiUlMyNTYiLCAie..."

Optional Parameters

--id

Resource ID of the provider. Please omit --resource-group/-g or --name/-n if you have already specified --id.

--name -n

Name of the attestation provider.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--signer

The policy certificate to remove. An RFC7519 JSON Web Token containing a claim named "maa-policyCertificate" whose value is an RFC7517 JSON Web Key which specifies a new key to update. The RFC7519 JWT must be signed with one of the existing signing certificates.

--signer-file -f

File name of the signer. (--signer and --signer-file/-f are mutually exclusive.).

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.