Method: instances.getShieldedInstanceIdentity

Returns the Shielded Instance Identity of an instance

HTTP request

GET https://compute.googleapis.com/compute/v1/projects/{project}/zones/{zone}/instances/{instance}/getShieldedInstanceIdentity

The URL usesgRPC Transcoding syntax. To know more about valid error responses that can be thrown by this HTTP request, please refer to theservice error catalog

Path parameters

Parameters

Parameters
`project`	`string` Project ID for this request.
`zone`	`string` The name of the zone for this request.
`instance`	`string` Name or id of the instance scoping this request.

project

string

Project ID for this request.

zone

string

The name of the zone for this request.

instance

string

Name or id of the instance scoping this request.

Request body

The request body must be empty.

Response body

A Shielded Instance Identity.

If successful, the response body contains data with the following structure:

JSON representation
{"kind":string,"signingKey":{"ekCert":string,"ekPub":string},"encryptionKey":{"ekCert":string,"ekPub":string},"eccP256SigningKey":{"ekCert":string,"ekPub":string},"eccP256EncryptionKey":{"ekCert":string,"ekPub":string}}

JSON representation

{"kind":string,"signingKey":{"ekCert":string,"ekPub":string},"encryptionKey":{"ekCert":string,"ekPub":string},"eccP256SigningKey":{"ekCert":string,"ekPub":string},"eccP256EncryptionKey":{"ekCert":string,"ekPub":string}}

Fields
`kind`	`string` [Output Only] Type of the resource. Always`compute#shieldedInstanceIdentity` for shielded Instance identity entry.
`signingKey`	`object` An Attestation Key (AK) made by the RSA 2048 algorithm issued to the Shielded Instance's vTPM.
`signingKey.ekCert`	`string` A PEM-encoded X.509 certificate. This field can be empty.
`signingKey.ekPub`	`string` A PEM-encoded public key.
`encryptionKey`	`object` An Endorsement Key (EK) made by the RSA 2048 algorithm issued to the Shielded Instance's vTPM.
`encryptionKey.ekCert`	`string` A PEM-encoded X.509 certificate. This field can be empty.
`encryptionKey.ekPub`	`string` A PEM-encoded public key.
`eccP256SigningKey`	`object` An Attestation Key (AK) made by the ECC P256 algorithm issued to the Shielded Instance's vTPM.
`eccP256SigningKey.ekCert`	`string` A PEM-encoded X.509 certificate. This field can be empty.
`eccP256SigningKey.ekPub`	`string` A PEM-encoded public key.
`eccP256EncryptionKey`	`object` An Endorsement Key (EK) made by the ECC P256 algorithm issued to the Shielded Instance's vTPM.
`eccP256EncryptionKey.ekCert`	`string` A PEM-encoded X.509 certificate. This field can be empty.
`eccP256EncryptionKey.ekPub`	`string` A PEM-encoded public key.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/compute.readonly
https://www.googleapis.com/auth/compute
https://www.googleapis.com/auth/cloud-platform

For more information, see theAuthentication Overview.

IAM Permissions

In addition to any permissions specified on the fields above, authorization requires one or more of the followingIAM permissions:

compute.instances.getShieldedInstanceIdentity

To find predefined roles that contain those permissions, seeCompute Engine IAM Roles.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-10-30 UTC.

Movatterモバイル変換

Method: instances.getShieldedInstanceIdentity Stay organized with collections Save and categorize content based on your preferences.

HTTP request

Path parameters

Request body

Response body

Authorization scopes

IAM Permissions

Method: instances.getShieldedInstanceIdentity