Managed Object - CryptoManagerKmip(vim.encryption.CryptoManagerKmip)

Extends
CryptoManager
See also
CryptoKeyResult, CryptoManagerKmipClusterStatus, CryptoManagerKmipServerCertInfo, KeyProviderId, KmipClusterInfo, KmipServerInfo, KmipServerSpec
Since
vSphere API 6.5


Managed Object Description

Singleton Managed Object used to manage cryptographic keys.

Properties

Name Type Description
kmipServers*KmipClusterInfo[]

A list of registered KMIP servers, grouped by clusters.
Properties inherited from CryptoManager
enabled
*May not be present

Methods

Methods defined in this Managed Object
GenerateClientCsr, GenerateKey, GenerateSelfSignedClientCert, ListKmipServers, MarkDefault, RegisterKmipServer, RemoveKmipServer, RetrieveClientCert, RetrieveClientCsr, RetrieveKmipServerCert, RetrieveKmipServersStatus_Task, RetrieveSelfSignedClientCert, UpdateKmipServer, UpdateKmsSignedCsrClientCert, UpdateSelfSignedClientCert, UploadClientCert, UploadKmipServerCert
Methods inherited from CryptoManager
AddKey, AddKeys, ListKeys, RemoveKey, RemoveKeys

GenerateClientCsr(generateClientCsr)

Generate a certificate signing request with its private key. This generates a CSR request as well as its private key. The private key will not be returned to caller for security protection. If this method is called again, the CSR and private key generated in the new invocation will overwrite the old ones. After the CSR is signed by KMS into a certificate, it should be updated by calling UpdateKmsSignedCsrClientCert. The generated CSR can be later retrieved by calling RetrieveClientCsr.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
clusterKeyProviderId

[in] KMIP cluster.

Return Value

Type Description
xsd:stringA newly generated CSR.

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



GenerateKey(generateKey)

Generate new encryption key.
Required Privileges
Cryptographer.ManageKeys

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
keyProvider*KeyProviderId

[in] Which provider will generate the key. If omitted, will use the default key provider.
*Need not be set

Return Value

Type Description
CryptoKeyResultThe generated key.

Faults

Type Description
InvalidArgumentin case of wrong keyServer
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



GenerateSelfSignedClientCert(generateSelfSignedClientCert)

Generate a self-signed client certificate with its private key. This generates a self signed certificate as well as its private key. The private key will not be returned to caller for security protection. If this method is called again, the certificate and private key generated in the new invocation will overwrite the old ones. The generated certificate will not replace current working certificate until UpdateSelfSignedClientCert is called. The generated self signed certificate can be later retrieved by calling RetrieveSelfSignedClientCert.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
clusterKeyProviderId

[in] KMIP cluster.

Return Value

Type Description
xsd:stringA new self-signed client certificate.

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



ListKmipServers(listKmipServers)

List the registered KMIP servers.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
limit*xsd:int

[in] maximum clusters to return.
*Need not be set

Return Value

Type Description
KmipClusterInfo[]List of known KMIP servers grouped in clusters.

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



MarkDefault(markDefault)

Set the default KMIP cluster.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
clusterIdKeyProviderId

[in] KMIP cluster ID to become default.

Return Value

Type Description
None

Faults

Type Description
InvalidArgumentThrown if a cluster with this ID is not registered.
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



RegisterKmipServer(registerKmipServer)

Register a KMIP server.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
serverKmipServerSpec

[in] KMIP server connection information.

Return Value

Type Description
None

Faults

Type Description
InvalidArgumentin case the server is already registered, or the parameters are not valid.
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



RemoveKmipServer(removeKmipServer)

Remove a KMIP server, even if in use.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
clusterIdKeyProviderId

[in] KMIP cluster ID.
serverNamexsd:string

[in] KMIP server name.

Return Value

Type Description
None

Faults

Type Description
InvalidArgumentin case the server is not found.
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



RetrieveClientCert(retrieveClientCert)

Get the client certificate of the KMIP cluster.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
clusterKeyProviderId

[in] KMIP cluster.

Return Value

Type Description
xsd:stringThe client certificate.

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



RetrieveClientCsr(retrieveClientCsr)

Get the generated client certificate signing request. If GenerateClientCsr is called previously, this will return the generated certificate signing request; otherwise return empty string.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
clusterKeyProviderId

[in] KMIP cluster.

Return Value

Type Description
xsd:stringThe CSR generated previously, if any.

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



RetrieveKmipServerCert(retrieveKmipServerCert)

Get the server certficate. In the case of error, an empty certificate string is returned.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
keyProviderKeyProviderId

[in] KMIP cluster in which the server is placed or will be created.
serverKmipServerInfo

[in] KMIP server.

Return Value

Type Description
CryptoManagerKmipServerCertInfoInformation about the server certificate.

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



RetrieveKmipServersStatus_Task(retrieveKmipServersStatus)

Get the status of the KMIP servers.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
clusters*KmipClusterInfo[]

[in] KMIP clusters and their servers.
*Need not be set

Return Value

Type Description
ManagedObjectReference
to a Task

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None



RetrieveSelfSignedClientCert(retrieveSelfSignedClientCert)

Get the generated self signed client certificate. If GenerateSelfSignedClientCert is called previously, this will return the generated certificate; otherwise return empty string.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
clusterKeyProviderId

[in] KMIP cluster.

Return Value

Type Description
xsd:stringThe self signed certificate generated previously, if any.

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



UpdateKmipServer(updateKmipServer)

Update a KMIP server.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
serverKmipServerSpec

[in] KMIP server connection information.

Return Value

Type Description
None

Faults

Type Description
InvalidArgumentin case the parameters are not valid, if a server with this clusterId and name is not registered
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



UpdateKmsSignedCsrClientCert(updateKmsSignedCsrClientCert)

Set KMS server signed certificate as KMIP client certificate for the KMS cluster. This method should be called to update the certificate signed by KMS server from a CSR that is generated by calling GenerateClientCsr. If GenerateClientCsr is called more than once, the CSR that is generated last time should be used; otherwise the certificate will be rejected because the private key from last time won't match the public key in the certificate.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
clusterKeyProviderId

[in] KMIP cluster.
certificatexsd:string

[in] Client certificate.

Return Value

Type Description
None

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



UpdateSelfSignedClientCert(updateSelfSignedClientCert)

Set a self-signed certificate as KMIP client certificate for the KMS cluster. This method should be called to update the certificate which is generated by calling GenerateSelfSignedClientCert. If GenerateSelfSignedClientCert is called more than once, the self signed certificate that is generated last time should be used; otherwise the certificate will be rejected because the private key from last time won't match the public key in the certificate.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
clusterKeyProviderId

[in] KMIP cluster.
certificatexsd:string

[in] Client certificate.

Return Value

Type Description
None

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



UploadClientCert(uploadClientCert)

Set a client certificate with private key for the KMIP cluster. The certificate and private key can be assigned by a KMS server and the certificate might be already trusted by the KMS server.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
clusterKeyProviderId

[in] KMIP cluster.
certificatexsd:string

[in] Client certificate.
privateKeyxsd:string

[in] Private key.

Return Value

Type Description
None

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



UploadKmipServerCert(uploadKmipServerCert)

Upload a server certficate.
Required Privileges
Cryptographer.ManageKeyServers

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the CryptoManagerKmip used to make the method call.
clusterKeyProviderId

[in] KMIP cluster.
certificatexsd:string

[in] Server certificate in PEM encoding.

Return Value

Type Description
None

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition