verify

Verifies an attestation report for a specific workload using the vHSM server.

Note:

The command verifies the provided attestation report against the specified workload using the vHSM server.
The @report.json syntax means the file is read and its contents are used for verification.
Use the -format flag to specify the output format (e.g., json, yaml, table, pretty).

Usage

vhsm nitride attestation verify <workload> report=@<report_file> [flags]

<workload>: The UUID of the workload attestation to verify against.
report=@<report_file>: Path to the attestation report file to verify (the file must exist).

Flags

Example

Verify an attestation report for a workload:

vhsm nitride attestation verify 39547c1c-2139-402d-a532-2a352c55106c [email protected]

Output is similar to :

Key                       Value
---                       -----
token                     hvs.CAESIGUM8VuQu-eyMQyB0UtG-ZapKUJi_Rozid8vmQFPVnHfGh4KHGh2cy5SbTREM1pnVEdYY2F1cnBObnZ1bFBzT2k
token_accessor            kaUlYBW6UNxHLRwK1Xr7Zjqs
token_duration            768h
token_renewable           false
token_policies            ["default" "enclaive-attested"]
identity_policies         []
policies                  ["default" "enclaive-attested"]
token_meta_measurement    none
token_meta_namespace      my-namespace
token_meta_workload       39547c1c-2139-402d-a532-2a352c55106c
created                   1752204912
description               A small Azure VM running MariaDB
events                    http://localhost:8000
name                      Azure MariaDB
namespace                 my-namespace
nonce                     n/a
policy                    test
updated                   1752237205
uuid                      39547c1c-2139-402d-a532-2a352c55106c

Additional Example

Verify an attestation report for a workload and display the result in JSON format:

vhsm nitride attestation verify 39547c1c-2139-402d-a532-2a352c55106c [email protected] -format=json

Output is similar to:

{
  "request_id": "47546b23-3e60-2ddb-10c9-4f12cb27d19a",
  "lease_id": "",
  "lease_duration": 0,
  "renewable": false,
  "data": {
    "created": 1752458834,
    "description": "A small Azure VM running MariaDB",
    "events": "http://localhost:8000",
    "name": "Azure MariaDB",
    "namespace": "my-namespace",
    "nonce": "",
    "policy": "test",
    "updated": 1752459001,
    "uuid": "d5bb4dfd-7030-41f8-9dbf-226af388416f"
  },
  "warnings": [
    "Endpoint ignored these unrecognized parameters: [-format]"
  ],
  "auth": {
    "client_token": "hvs.CAESIDssYN9P5yTGlZqJtme5oasiK4546Eq2hdZEQToD2ed9Gh4KHGh2cy5nVUM5ZEh6WERZcHI1dzVaVHJsenhzdFE",
    "accessor": "6Prottbfj1SCHM8A3BgA8sht",
    "policies": [
      "default",
      "enclaive-attested"
    ],
    "token_policies": [
      "default",
      "enclaive-attested"
    ],
    "identity_policies": null,
    "metadata": {
      "measurement": "none",
      "namespace": "my-namespace",
      "workload": "d5bb4dfd-7030-41f8-9dbf-226af388416f"
    },
    "orphan": true,
    "entity_id": "",
    "lease_duration": 2764800,
    "renewable": false,
    "mfa_requirement": null
  }
}

Last updated 5 days ago

Was this helpful?