Enable Auth

Learn to enable the Remote Attestation TLS (RA-TLS) authentication method which is essential for establishing trust between workloads and the vHSM environment.

Note:

If you started Nitride by using the vhsm nitride init command then, it performs a series of operations to configure and secure your environment:

Creates essential Nitride identities, including: platform, firmware, and workload
Creates and attaches a Nitride policy from an embedded policy configuration.
Generates attestation objects based on your setup.
Bootstraps the environment to allow secure workload attestation and the issuance of access tokens with the appropriate permissions.

Enabling the rATLS Auth Method

Enable the Remote Attestation TLS (RA-TLS) plugin on the vHSM server.

vhsm auth enable -path=ratls ratls

-path=ratls: the mount path where the auth method is enabled.
ratls: the name of the plugin.

Note: To enable ratls auth method with token namespoacing, see Enable Namespacing.

Output:

Success! Enabled ratls auth method at: ratls/

After you enable rATLs authentication method, it allows workloads to authenticate using remote attestation based on platform and firmware identity.

Verify that the authentication method is active.

vhsm auth list

Output:

Path      Type     Accessor               Description                                              Version
----      ----     --------               -----------                                              -------
ratls/    ratls    auth_ratls_70c308c0    Remote attestation plugin for usage with vhsm nitride    n/a
token/    token    auth_token_10743d4c    Token-based credentials                                  n/a

If ratls/ appears in the list, the auth method has been successfully enabled.

You can optionally update the description or settings for the enabled auth method.

vhsm auth tune -description="rATLS auth method for Nitride workloads" ratls/

Last updated 1 month ago

Was this helpful?