diff --git a/api/v1alpha2/virtualmachinewebconsolerequest_types.go b/api/v1alpha2/virtualmachinewebconsolerequest_types.go
index 219205f2f..834b04162 100644
--- a/api/v1alpha2/virtualmachinewebconsolerequest_types.go
+++ b/api/v1alpha2/virtualmachinewebconsolerequest_types.go
@@ -13,11 +13,15 @@ type VirtualMachineWebConsoleRequestSpec struct {
 	// Name is the name of a VM in the same Namespace as this web console
 	// request.
 	Name string `json:"name"`
+	// PublicKey is used to encrypt the status.response. This is expected to be a RSA OAEP public key in X.509 PEM format.
+	PublicKey string `json:"publicKey"`
 }
 
 // VirtualMachineWebConsoleRequestStatus describes the observed state of the
 // request.
 type VirtualMachineWebConsoleRequestStatus struct {
+	// Response will be the authenticated ticket corresponding to this web console request.
+	Response string `json:"response,omitempty"`
 	// ExpiryTime is the time at which access via this request will expire.
 	ExpiryTime metav1.Time `json:"expiryTime,omitempty"`
 
diff --git a/config/crd/bases/vmoperator.vmware.com_virtualmachinewebconsolerequests.yaml b/config/crd/bases/vmoperator.vmware.com_virtualmachinewebconsolerequests.yaml
index fab7592b8..ab8f67baf 100644
--- a/config/crd/bases/vmoperator.vmware.com_virtualmachinewebconsolerequests.yaml
+++ b/config/crd/bases/vmoperator.vmware.com_virtualmachinewebconsolerequests.yaml
@@ -41,8 +41,13 @@ spec:
                 description: Name is the name of a VM in the same Namespace as this
                   web console request.
                 type: string
+              publicKey:
+                description: PublicKey is used to encrypt the status.response. This
+                  is expected to be a RSA OAEP public key in X.509 PEM format.
+                type: string
             required:
             - name
+            - publicKey
             type: object
           status:
             description: VirtualMachineWebConsoleRequestStatus describes the observed
@@ -65,6 +70,10 @@ spec:
                   by Go's https://pkg.go.dev/net#ResolveIPAddr and https://pkg.go.dev/net#ParseIP
                   functions."
                 type: string
+              response:
+                description: Response will be the authenticated ticket corresponding
+                  to this web console request.
+                type: string
             type: object
         type: object
     served: true