Client Management Script Library

Send-HPSureAdminLocalAccessKeyToKMS

Summary

Sends a local access key in PFX format to HP Sure Admin Key Management Service (KMS)

Syntax

Send-HPSureAdminLocalAccessKeyToKMS [-LocalAccessKeyFile] <FileInfo> [[-LocalAccessKeyPassword] <String>] [-KMSAppName] <String> [-AADGroup] <String> [[-CacheAccessToken]] [[-KeyName] <String>] [<CommonParameters>]

Send-HPSureAdminLocalAccessKeyToKMS [-LocalAccessKeyFile] <FileInfo> [[-LocalAccessKeyPassword] <String>] [-KMSUri] <String> [-AADGroup] <String> [[-CacheAccessToken]] [[-KeyName] <String>] [<CommonParameters>]

Description

This command extracts a private key from the provided certificate file, generates a JSON for the central-managed enrollment process, and sends it to the HP Sure Admin Key Management Service (KMS). The connection with the KMS server requires the user to authenticate with a valid Microsoft account.

Parameters

Name	Argument	Description
LocalAccessKeyFile	<FileInfo>	Specifies the path to the local access key, as a PFX file. If the PFX file is protected by a password (recommended), the LocalAccessKeyPassword parameter should also be provided.
LocalAccessKeyPassword	<String>	Specifies the local access key file password, if required.
KMSUri	<String>	Specifies the complete URI for uploading the key (I.e.: https://.azurewebsites.net/). This URL must be HTTPS.
KMSAppName	<String>	Specifies the application name on Azure KMS server that will be used to compose the URI for uploading the key
AADGroup	<String>	Specifies the group name in Azure Active Directory that will have access to the key
CacheAccessToken		If specified, the access token is cached in msalcache.dat file and user credentials will not be asked again until the credentials expire. This parameter should be specified for caching the access token when performing multiple operations on the KMS server. If access token is not cached, the user must re-enter credentials on each call of this command.
KeyName	<String>	Specifies the key name to identify the certificate. If not specified, it will use the certificate subject.

Notes

Supported on Windows Power Shell v5.
An HP Sure Admin KMS server is required for using this feature.

Examples


PS C:\> Send-HPSureAdminLocalAccessKeyToKMS -LocalAccessKeyFile "$path\signing_key.pfx" -KMSUri "https://MyKMSURI.azurewebsites.net/" -AADGroup "MyAADGroupName"


PS C:\> Send-HPSureAdminLocalAccessKeyToKMS -LocalAccessKeyFile "$path\signing_key.pfx" -LocalAccessKeyPassword "pass" -KMSAppName "MyAppName" -AADGroup "MyAADGroupName"