vSAN Management API

A reference to the CryptoManagerKmip used to make the method call.

cluster P

[in] KMIP cluster.

Since vSphere API 6.5

P Required privilege: cluster

Return Value

Type	Description
xsd:string	A newly generated CSR.

Faults

Type	Description
RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="GenerateClientCsr" type="vsan:GenerateClientCsrRequestType"/>
         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="GenerateClientCsrResponse">
                  <complexType>
                     <sequence>
                        <element name="returnval" type="xsd:string"/>
                     </sequence>
                  </complexType>
               </element>

GenerateKey(generateKey)

Generate new encryption key.

Required Privileges: Cryptographer.ManageKeys

Parameters

Name

Type

Description

_this

A reference to the CryptoManagerKmip used to make the method call.

keyProvider* P

[in] Which provider will generate the key. If omitted, will use the default key provider.

Since vSphere API 6.5

*Need not be set P Required privilege: keyProvider

Return Value

Type	Description
CryptoKeyResult	The generated key.

Faults

Type	Description
RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="GenerateKey" type="vsan:GenerateKeyRequestType"/>
         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="GenerateKeyResponse">
                  <complexType>
                     <sequence>
                        <element name="returnval" type="vsan:CryptoKeyResult"/>
                     </sequence>
                  </complexType>
               </element>

GenerateSelfSignedClientCert(generateSelfSignedClientCert)

Generate a self-signed client certificate with its private key. This generates a self signed certificate as well as its private key. The private key will not be returned to caller for security protection. If this method is called again, the certificate and private key generated in the new invocation will overwrite the old ones. The generated certificate will not replace current working certificate until UpdateSelfSignedClientCert is called. The generated self signed certificate can be later retrieved by calling RetrieveSelfSignedClientCert.

Required Privileges: Cryptographer.ManageKeyServers

Parameters

Name

Type

Description

_this

A reference to the CryptoManagerKmip used to make the method call.

cluster P

[in] KMIP cluster.

Since vSphere API 6.5

P Required privilege: cluster

Return Value

Type	Description
xsd:string	A new self-signed client certificate.

Faults

Type	Description
RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="GenerateSelfSignedClientCert" type="vsan:GenerateSelfSignedClientCertRequestType"/>
         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="GenerateSelfSignedClientCertResponse">
                  <complexType>
                     <sequence>
                        <element name="returnval" type="xsd:string"/>
                     </sequence>
                  </complexType>
               </element>

ListKmipServers(listKmipServers)

List the registered KMIP servers.

Required Privileges: Cryptographer.ManageKeyServers

Parameters

Name

Type

Description

_this

A reference to the CryptoManagerKmip used to make the method call.

limit* P

xsd:int

[in] maximum clusters to return.

Since vSphere API 6.5

*Need not be set P Required privilege: limit

Return Value

Type	Description
KmipClusterInfo[]	List of known KMIP servers grouped in clusters.

Faults

Type	Description
RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="ListKmipServers" type="vsan:ListKmipServersRequestType"/>
         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="ListKmipServersResponse">
                  <complexType>
                     <sequence>
                        <element name="returnval" type="vsan:KmipClusterInfo" minOccurs="0" maxOccurs="unbounded"/>
                     </sequence>
                  </complexType>
               </element>

MarkDefault(markDefault)

Set the default KMIP cluster.

Required Privileges: Cryptographer.ManageKeyServers

Parameters

Name

Type

Description

_this

A reference to the CryptoManagerKmip used to make the method call.

clusterId P

[in] KMIP cluster ID to become default.

Since vSphere API 6.5

P Required privilege: clusterId

Return Value

Type	Description
None

Faults

Type	Description
RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="MarkDefault" type="vsan:MarkDefaultRequestType"/>
         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="MarkDefaultResponse">
                  <complexType/>
               </element>

RegisterKmipServer(registerKmipServer)

Required Privileges: Cryptographer.ManageKeyServers

Parameters

Name

Type

Description

_this

A reference to the CryptoManagerKmip used to make the method call.

server P

KmipServerSpec

[in] KMIP server connection information.

Since vSphere API 6.5

P Required privilege: server

Return Value

Type	Description
None

Faults

Type	Description
RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="RegisterKmipServer" type="vsan:RegisterKmipServerRequestType"/>
         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="RegisterKmipServerResponse">
                  <complexType/>
               </element>

RemoveKmipServer(removeKmipServer)

Remove a KMIP server, even if in use.

Required Privileges: Cryptographer.ManageKeyServers

Parameters

Name

Type

Description

_this

A reference to the CryptoManagerKmip used to make the method call.

clusterId P

[in] KMIP cluster ID.

Since vSphere API 6.5

serverName P

xsd:string

[in] KMIP server name.

Since vSphere API 6.5

PRequired privilege - see tooltip for details

Return Value

Type	Description
None

Faults

Type	Description
RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="RemoveKmipServer" type="vsan:RemoveKmipServerRequestType"/>
         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="RemoveKmipServerResponse">
                  <complexType/>
               </element>

RetrieveClientCert(retrieveClientCert)

Get the client certificate of the KMIP cluster.

Required Privileges: Cryptographer.ManageKeyServers

Parameters

Name

Type

Description

_this

A reference to the CryptoManagerKmip used to make the method call.

cluster P

[in] KMIP cluster.

Since vSphere API 6.5

P Required privilege: cluster

Return Value

Type	Description
xsd:string	The client certificate.

Faults

Type	Description
RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="RetrieveClientCert" type="vsan:RetrieveClientCertRequestType"/>
         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="RetrieveClientCertResponse">
                  <complexType>
                     <sequence>
                        <element name="returnval" type="xsd:string"/>
                     </sequence>
                  </complexType>
               </element>

RetrieveClientCsr(retrieveClientCsr)

Get the generated client certificate signing request. If GenerateClientCsr is called previously, this will return the generated certificate signing request; otherwise return empty string.

Required Privileges: Cryptographer.ManageKeyServers

Parameters

Name

Type

Description

_this

A reference to the CryptoManagerKmip used to make the method call.

cluster P

[in] KMIP cluster.

Since vSphere API 6.5

P Required privilege: cluster

Return Value

Type	Description
xsd:string	The CSR generated previously, if any.

Faults

Type	Description
RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="RetrieveClientCsr" type="vsan:RetrieveClientCsrRequestType"/>
         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="RetrieveClientCsrResponse">
                  <complexType>
                     <sequence>
                        <element name="returnval" type="xsd:string"/>
                     </sequence>
                  </complexType>
               </element>

RetrieveKmipServerCert(retrieveKmipServerCert)

Get the server certficate. In the case of error, an empty certificate string is returned.

Required Privileges: Cryptographer.ManageKeyServers

Parameters

Name

Type

Description

_this

A reference to the CryptoManagerKmip used to make the method call.

keyProvider P

[in] KMIP cluster in which the server is placed or will be created.

Since vSphere API 6.5

server P

KmipServerInfo

[in] KMIP server.

Since vSphere API 6.5

PRequired privilege - see tooltip for details

Return Value

Type	Description
CryptoManagerKmipServerCertInfo	Information about the server certificate.

Faults

Type	Description
RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="RetrieveKmipServerCert" type="vsan:RetrieveKmipServerCertRequestType"/>
         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="RetrieveKmipServerCertResponse">
                  <complexType>
                     <sequence>
                        <element name="returnval" type="vsan:CryptoManagerKmipServerCertInfo"/>
                     </sequence>
                  </complexType>
               </element>

RetrieveKmipServersStatus_Task(retrieveKmipServersStatus)

Get the status of the KMIP servers.

Required Privileges: Cryptographer.ManageKeyServers

Parameters

Name

Type

Description

_this

A reference to the CryptoManagerKmip used to make the method call.

clusters* P

KmipClusterInfo[]

[in] KMIP clusters and their servers.

Since vSphere API 6.5

*Need not be set P Required privilege: clusters

Return Value

Type	Description
ManagedObjectReference to a Task

Faults

Type	Description
RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

RetrieveSelfSignedClientCert(retrieveSelfSignedClientCert)

Get the generated self signed client certificate. If GenerateSelfSignedClientCert is called previously, this will return the generated certificate; otherwise return empty string.

Required Privileges: Cryptographer.ManageKeyServers

Parameters

Name

Type

Description

_this

A reference to the CryptoManagerKmip used to make the method call.

cluster P

[in] KMIP cluster.

Since vSphere API 6.5

P Required privilege: cluster

Return Value

Type	Description
xsd:string	The self signed certificate generated previously, if any.

Faults

Type	Description
RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="RetrieveSelfSignedClientCert" type="vsan:RetrieveSelfSignedClientCertRequestType"/>
         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="RetrieveSelfSignedClientCertResponse">
                  <complexType>
                     <sequence>
                        <element name="returnval" type="xsd:string"/>
                     </sequence>
                  </complexType>
               </element>

UpdateKmipServer(updateKmipServer)

Update a KMIP server.

Required Privileges: Cryptographer.ManageKeyServers

Parameters

Name

Type

Description

_this

A reference to the CryptoManagerKmip used to make the method call.

server P

KmipServerSpec

[in] KMIP server connection information.

Since vSphere API 6.5

P Required privilege: server

Return Value

Type	Description
None

Faults

Type	Description
RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="UpdateKmipServer" type="vsan:UpdateKmipServerRequestType"/>
         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="UpdateKmipServerResponse">
                  <complexType/>
               </element>

UpdateKmsSignedCsrClientCert(updateKmsSignedCsrClientCert)

Set KMS server signed certificate as KMIP client certificate for the KMS cluster. This method should be called to update the certificate signed by KMS server from a CSR that is generated by calling GenerateClientCsr. If GenerateClientCsr is called more than once, the CSR that is generated last time should be used; otherwise the certificate will be rejected because the private key from last time won't match the public key in the certificate.

Required Privileges: Cryptographer.ManageKeyServers

Parameters

Name

Type

Description

_this

A reference to the CryptoManagerKmip used to make the method call.

cluster P

[in] KMIP cluster.

Since vSphere API 6.5

certificate P

xsd:string

[in] Client certificate.

Since vSphere API 6.5

PRequired privilege - see tooltip for details

Return Value

Type	Description
None

Faults

Type	Description
RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="UpdateKmsSignedCsrClientCert" type="vsan:UpdateKmsSignedCsrClientCertRequestType"/>
         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="UpdateKmsSignedCsrClientCertResponse">
                  <complexType/>
               </element>

UpdateSelfSignedClientCert(updateSelfSignedClientCert)

Set a self-signed certificate as KMIP client certificate for the KMS cluster. This method should be called to update the certificate which is generated by calling GenerateSelfSignedClientCert. If GenerateSelfSignedClientCert is called more than once, the self signed certificate that is generated last time should be used; otherwise the certificate will be rejected because the private key from last time won't match the public key in the certificate.

Required Privileges: Cryptographer.ManageKeyServers

Parameters

Name

Type

Description

_this

A reference to the CryptoManagerKmip used to make the method call.

cluster P

[in] KMIP cluster.

Since vSphere API 6.5

certificate P

xsd:string

[in] Client certificate.

Since vSphere API 6.5

PRequired privilege - see tooltip for details

Return Value

Type	Description
None

Faults

Type	Description
RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="UpdateSelfSignedClientCert" type="vsan:UpdateSelfSignedClientCertRequestType"/>
         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="UpdateSelfSignedClientCertResponse">
                  <complexType/>
               </element>

UploadClientCert(uploadClientCert)

Set a client certificate with private key for the KMIP cluster. The certificate and private key can be assigned by a KMS server and the certificate might be already trusted by the KMS server.

Required Privileges: Cryptographer.ManageKeyServers

Parameters

Name	Type	Description
_this	ManagedObjectReference	A reference to the CryptoManagerKmip used to make the method call.
cluster P	KeyProviderId	[in] KMIP cluster. *Since* vSphere API 6.5
certificate P	xsd:string	[in] Client certificate. *Since* vSphere API 6.5
privateKey P	xsd:string	[in] Private key. *Since* vSphere API 6.5

PRequired privilege - see tooltip for details

Return Value

Type	Description
None

Faults

Type	Description
RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="UploadClientCert" type="vsan:UploadClientCertRequestType"/>
         <element xmlns="http://www.w3.org/2001/XMLSchema" xmlns:vsan="urn:vsan" name="UploadClientCertResponse">
                  <complexType/>
               </element>

UploadKmipServerCert(uploadKmipServerCert)

Upload a server certficate.

Required Privileges: Cryptographer.ManageKeyServers

Parameters

Name

Type

Description

_this

A reference to the CryptoManagerKmip used to make the method call.

cluster P

[in] KMIP cluster.

Since vSphere API 6.5

certificate P

xsd:string

[in] Server certificate in PEM encoding.

Since vSphere API 6.5

PRequired privilege - see tooltip for details

Return Value

Type	Description
None

Faults

Type	Description
RuntimeFault	Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None