Nitride
HomeDocumentationTutorials
  • Nitride
  • Documentation
    • What is Nitride?
    • Use Cases
    • Setup
      • Install Nitride
      • Configure
    • Get Started
      • Attesting a MariaDB database with Cloud-Init
    • Concepts
      • Attestation
        • AMD SEV PKI
        • Intel TDX PKI
      • enclaivelet
    • Supported Technologies
  • Tutorials
    • Create identities and policies
    • Attesting a buckypaper VM
  • Developers
    • API
      • Overview
      • Identities
      • Policies
      • Totp
      • Attestations
      • Logs
      • Config
      • Annotations
  • CLI
    • Enable Auth
    • Register Identities
    • Create Policy
    • Create Attestation
    • Enable Namespacing
  • Resources
    • Blog
    • GitHub
    • Youtube
    • CCx101
Powered by GitBook
On this page

Was this helpful?

  1. CLI

Enable Auth

Learn to enable the Remote Attestation TLS (rATLS) authentication method which is essential for establishing trust between workloads and the vHSM environment.

Last updated 1 month ago

Was this helpful?

Note:

If you started Nitride by using the vhsm nitride init command then, it performs a series of operations to configure and secure your environment:

  1. Creates essential Nitride identities, including: platform, firmware, and workload

  2. Creates and attaches a Nitride policy from an embedded policy configuration.

  3. Generates attestation objects based on your setup.

  4. Bootstraps the environment to allow secure workload attestation and the issuance of access tokens with the appropriate permissions.

Enabling the rATLS Auth Method

  1. Enable the Remote Attestation TLS (rATLS) plugin on the vHSM server.

vhsm auth enable -path=ratls ratls
  • -path=ratls: the mount path where the auth method is enabled.

  • ratls: the name of the plugin.

Note: To enable ratls auth method with token namespoacing, see .

Output:

Success! Enabled ratls auth method at: ratls/

After you enable rATLs authentication method, it allows workloads to authenticate using remote attestation based on platform and firmware identity.

  1. Verify that the authentication method is active.

vhsm auth list

Output:

Path      Type     Accessor               Description                                              Version
----      ----     --------               -----------                                              -------
ratls/    ratls    auth_ratls_70c308c0    Remote attestation plugin for usage with vhsm nitride    n/a
token/    token    auth_token_10743d4c    Token-based credentials                                  n/a

If ratls/ appears in the list, the auth method has been successfully enabled.

  1. You can optionally update the description or settings for the enabled auth method.

vhsm auth tune -description="rATLS auth method for Nitride workloads" ratls/
Enable Namespacing