az attestation

Note

This reference is part of the attestation extension for the Azure CLI (version 2.55.0 or higher). The extension will automatically install the first time you run an az attestation command. Learn more about extensions.

This command group is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Manage Microsoft Azure Attestation (MAA).

Commands

Name	Description	Type	Status
az attestation create	Creates a new Attestation Provider instance.	Extension	Experimental
az attestation delete	Delete Attestation Service.	Extension	Experimental
az attestation get-default-by-location	Get the default provider by location.	Extension	Experimental
az attestation list	Returns a list of attestation providers in a subscription.	Extension	Experimental
az attestation list-default	Get the default provider.	Extension	Experimental
az attestation policy	Manage policies.	Extension	Experimental
az attestation policy reset	Resets the attestation policy for the specified tenant and reverts to the default policy.	Extension	Experimental
az attestation policy set	Sets the policy for a given kind of attestation type.	Extension	Experimental
az attestation policy show	Retrieves the current policy for a given kind of attestation type.	Extension	Experimental
az attestation show	Get the status of Attestation Provider.	Extension	Experimental
az attestation signer	Manage signers.	Extension	Experimental
az attestation signer add	Adds a new attestation policy certificate to the set of policy management certificates.	Extension	Experimental
az attestation signer list	Retrieves the set of certificates used to express policy for the current tenant.	Extension	Experimental
az attestation signer remove	Removes the specified policy management certificate.	Extension	Experimental
az attestation update	Updates the Attestation Provider.	Extension	Experimental

az attestation create

Experimental

Command group 'attestation' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Creates a new Attestation Provider instance.

az attestation create [--certs-input-path]
                      [--id]
                      [--location]
                      [--name]
                      [--resource-group]
                      [--tags]

Examples

AttestationProviders_Create

az attestation create --name "myattestationprovider" --resource-group "MyResourceGroup" -l westus

Optional Parameters

--certs-input-path

Space-separated file paths to PEM/DER files containing certificates. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--id

Resource ID of the provider. Please omit --resource-group/-g or --name/-n if you have already specified --id.

--location -l

The supported Azure location where the attestation provider should be created. When not specified, the location of the resource group will be used.

--name -n

Name of the attestation provider.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--tags

The tags that will be assigned to the attestation provider. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az attestation delete

Experimental

Command group 'attestation' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Delete Attestation Service.

az attestation delete [--id]
                      [--name]
                      [--resource-group]
                      [--yes]

Examples

AttestationProviders_Delete

az attestation delete --name "myattestationprovider" --resource-group "sample-resource-group"

Optional Parameters

--id

Resource ID of the provider. Please omit --resource-group/-g or --name/-n if you have already specified --id.

--name -n

Name of the attestation service instance.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--yes -y

Do not prompt for confirmation.

default value: False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az attestation get-default-by-location

Experimental

Command group 'attestation' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Get the default provider by location.

az attestation get-default-by-location [--ids]
                                       [--location]
                                       [--subscription]

Examples

AttestationProviders_GetDefaultWithLocation

az attestation get-default-by-location --location "Central US"

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az attestation list

Experimental

Command group 'attestation' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Returns a list of attestation providers in a subscription.

az attestation list [--resource-group]

Examples

AttestationProviders_ListByResourceGroup

az attestation list --resource-group "testrg1"

AttestationProviders_List

az attestation list

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az attestation list-default

Experimental

Command group 'attestation' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Get the default provider.

az attestation list-default

Examples

AttestationProviders_GetDefault

az attestation list-default

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az attestation show

Experimental

Command group 'attestation' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Get the status of Attestation Provider.

az attestation show [--id]
                    [--name]
                    [--resource-group]

Examples

AttestationProviders_Get

az attestation show --name "myattestationprovider" --resource-group "MyResourceGroup"

Optional Parameters

--id

Resource ID of the provider. Please omit --resource-group/-g or --name/-n if you have already specified --id.

--name -n

Name of the attestation service instance.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az attestation update

Experimental

Command group 'attestation' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Updates the Attestation Provider.

az attestation update [--ids]
                      [--name]
                      [--resource-group]
                      [--subscription]
                      [--tags]

Examples

AttestationProviders_Update

az attestation update --name "myattestationprovider" --resource-group "MyResourceGroup" --tags Property1="Value1" Property2="Value2" Property3="Value3"

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the attestation provider.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tags

The tags that will be assigned to the attestation provider. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.