DocumentationTutorials

create

Creates a new workload attestation configuration. The attestation definition must be provided as a JSON file @values.json.

Usage

vhsm nitride attestation create @values.json [flags]

  • @values.json: The path to a JSON file containing the attestation configuration.

Structure: @values.json

  • "name": A string uniquely identifying the workload attestation.

  • "description": A human-readable description of the workload.

  • "namespace": The namespace where the attestation will be created.

  • "events": URL endpoint for attestation events (e.g., http://localhost:8000).

  • "policy": The name of the policy to use for this attestation.

Flags

Example JSON: Workload Attestation

{
  "name": "Azure MariaDB",
  "description": "A small Azure VM running MariaDB",
  "namespace": "my-namespace",
  "events": "http://localhost:8000",
  "policy": "test"
}

Detailed Explanation

  • name: The unique name for the workload attestation (e.g., Example).

  • description: A descriptive text explaining the workload's purpose.

  • namespace: The namespace for organizing attestations (e.g., my-namespace).

  • events: The endpoint URL where attestation events will be sent.

  • policy: The policy name that defines the attestation requirements.

Example Command

Create an attestation and output as JSON:

vhsm nitride attestation create @attestation.json

Output

Key            Value
---            -----
created        1752204912
description    A small Azure VM running MariaDB
events         http://localhost:8000
name           Azure MariaDB
namespace      my-namespace
nonce          n/a
policy         test
updated        0
uuid           39547c1c-2139-402d-a532-2a352c55106c

Additional Example

Create an attestation with custom server address and output as JSON:

vhsm nitride attestation create @attestation.json -address=https://vhsm.example.com:8200 -format=json

Output 

{
  "request_id": "f7fc4c17-58ee-2a9a-be84-24687c9712da",
  "lease_id": "",
  "lease_duration": 0,
  "renewable": false,
  "data": {
    "created": 1752457378,
    "description": "A small Azure VM running MariaDB",
    "events": "http://localhost:8000",
    "name": "Azure MariaDB",
    "namespace": "my-namespace",
    "nonce": "",
    "policy": "test",
    "updated": 0,
    "uuid": "cdf644ef-b8b2-4ac9-acf7-edb7234da6bc"
  },
  "warnings": [
    "Endpoint ignored these unrecognized parameters: [-address -format]"
  ]
}

For more information, see creating workload attestations that are critical for enabling secure workload verification and enforcing policies based on the trustworthiness of the underlying platform, firmware, and workload.

Last updated

Was this helpful?