search
DocumentationTutorials

Create Identity

Identities in this system are versioned by their creation timestamp. For verification purposes, the most recently created identity for a given name is always used. This design allows you to easily update an identity when it becomes outdated without needing to change your policy or the attestation configuration itself. For more information about reading, deleting, or updating identities, see vHSM nitride CLI .

hashtag
Create a new identity named test-local of the type firmware :

Example: Create a file named firmware.json with these content:

{
  "type": "firmware",
  "name": "test-local",
  "values": {
    "measurement": "eb5c02d3ba319e65218994fc47925cf8a5e9a433081c44d4d989434f15a7c6d715d302401b3147da04e49abc99e50aea"
  }
}

Description of values field content by Identity type:

The content you put in the values field within the request body depends on the type of the identity you are creating or updating.

Identity Type
Description of values Content

platform

It would typically contain platform-specific attestation data.

firmware

Used for firmware-level identities. - measurement: The OVMF/UEFI measurement (e.g., a SHA256 hash). For more information, see Get Firmware Measurement. - firmware: The firmware version of the platform. Supports semantic versioningarrow-up-right constraints like >= 1.55.22. - root_of_trust: The certificate chain used in the verification process.

workload

Used for workload-level identities. - hash: A human-readable name of the hash function used (e.g., "sha256"). - pcrs: A dictionary mapping integer PCR (Platform Configuration Register) indices to their encoded PCR values (strings).

metadata

More details about the identity.

hashtag
Register the identity

hashtag
Example:

Output

hashtag
Possible Error Response:

If there is an issue with the request body, such as unknown identity type, you might receive an error:

Last updated

Was this helpful?