Enable Namespacing
Learn to issue token for namespaces in a vHSM.
Last updated
Was this helpful?
Learn to issue token for namespaces in a vHSM.
Last updated
Was this helpful?
Tokens can be issued for namespaces. To enable this feature, use the -namespacing
flag. The vhsm nitride init
command simplifies the setup of vHSM by automating authentication, identity creation, policy enforcement, and attestation. The namespacing feature allows fine-grained access control across .
Enable token namespacing with a policy file:
Alternatively, pipe the policy file:
This ensures that child namespaces can have distinct access control policies.
If the vHSM plugin is enabled in the root
namespace, while workloads access resources in the GCP
and azure
namespaces.
!. Initialize vHSM with token namespacing
Enable authentication in the namespace root
in the root
namespace
With this setup, tokens issued in root
can reference and delegate access to workloads running in the gcp
, and azure
namespaces. Each namespace can have its own policies and attestations.
in each namespace
for each namespace.