From 3dd9ea1c8a352f8791f78d7ba83a575e16b020c0 Mon Sep 17 00:00:00 2001 From: sukhyung shin Date: Fri, 25 Jun 2021 10:34:50 -0700 Subject: [PATCH] remove tab, add comment with key format information --- gcp/gcpEnroll.ps1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/gcp/gcpEnroll.ps1 b/gcp/gcpEnroll.ps1 index 03977a9..89139e4 100644 --- a/gcp/gcpEnroll.ps1 +++ b/gcp/gcpEnroll.ps1 @@ -11,7 +11,7 @@ Import-Module $ScriptDir\..\powershellModules\kf_logging.psm1 # Specify the API URL base. # Note that when we call the API we use Windows Auth: -# 1.) Ensure that Windows Authentication is enabled for the KeyfactorAPI endpoint (DefaultWebsite > KeyfactorAPI) in IIS +# 1.) Ensure that Windows Authentication is enabled for the KeyfactorAPI endpoint (DefaultWebsite > KeyfactorAPI) in IIS # 2.) For normal operation the Keyfactor Service (Timer Service) account is used -- Make sure this account has the appropriate Keyfactor & AD rights # 3.) For testing from the portal, the Application Pool account is used -- Make sure this account has the appropriate Keyfactor & AD rights # @@ -115,6 +115,7 @@ try { Add-KFInfoLog $outputLog $logFile "gcp access token: $token" $gURL = "https://cloudiot.googleapis.com/v1/projects/$gProjectId/locations/$gProjectLocation/registries/$gProjectRegistry/devices" + #Double check the format to match the template used available options: RSA_X509_PEM, RSA_PEM, ES256_PEM or ES256_X509_PEM $pubKeyObj = @{"format" = "ES256_X509_PEM"; "key" = $unencoded } $credObj = @{"expirationTime" = $expiryDate; "publicKey" = $pubKeyObj } $gBodyObj = @{"id" = $clientMachine; "credentials" = $credObj; "blocked" = $false }