# update

Updates a new policy. The policy definition must be provided as a JSON file `@values.json`.

### Usage

```
vhsm nitride policy update @values.json [flags]
```

* `@values.json`: The path to a JSON file containing the updated policy definition.
* The policy name in the JSON must match the name of the policy you want to update.

#### Structure: @values.json

* "name": A string uniquely identifying the policy.
* "identities": An object specifying the required identities for this policy.
* "provider": The provider identity. For example,  azure-sev-snp-vtpm.
* "platform": An array of platform identity objects, see [platform](https://docs.enclaive.cloud/nitride/identity/create#type-platform) identity structure.
* "firmware": An array of firmware identity objects, see [firmware](https://docs.enclaive.cloud/nitride/identity/create#type-firmware) identity structure.
* "workload": A workload identity object, see [workload](https://docs.enclaive.cloud/nitride/identity/create#type-workload) identity structure.
* "metadata": (Optional) Additional metadata for the policy.

#### Flags

* [Global HTTP Options](https://docs.enclaive.cloud/nitride/cli/..#global-options)
* [Output Options](https://docs.enclaive.cloud/nitride/cli/..#output-options)
* [Command Options](https://docs.enclaive.cloud/nitride/cli/..#command-options)

***

#### When to use each parameter

* Use `name` to uniquely identify the policy.
* Use `identities` to specify the required provider, platform, firmware, workload, and optional metadata identities that must be attested for this policy to be satisfied.
* Use `platform`, `firmware`, and `workload` to define the specific trust requirements for each component.
* Use `metadata` to attach custom attributes or tags for advanced policy, grouping, or informational purposes.

#### Example JSON: Policy

```json
{
  "name": "azure-sev-snp-milan-vcek-vtpm-ubuntu-jammy",
  "identities": {
    "provider": "azure-sev-snp-vtpm",
    "platform": [
      {
        "name": "amd-sev-snp-milan-vcek"
      }
    ],
    "firmware": [
      {
        "name": "azure-dc2as-v5"
      }
    ],
    "workload": {
      "name": "azure-sev-snp-vtpm-ubuntu-jammy",
      "policy": {
        "hash": false,
        "pcrs.0": false
      }
    },
    "metadata": null
  }
}
```

#### Example Command

```
vhsm nitride policy update @policy.json
```

**Additional Example**

Create with custom server address and output as JSON:

```
vhsm nitride policy update @policy.json -address=https://vhsm.example.com:8200 -format=json
```

### Policy Structures

#### **Type: Platform Identity**

Use platform for specific CPU types and their PKI validation.

* "name": Name of the platform identity. For example, amd-sev-snp-milan-vcek.
* "firmware": Minimum firmware version required (e.g., >= 1.55.22).
* "root\_of\_trust": Trust identifier for the hardware root of trust.

**Example**:

```json
{
  "name": "amd-sev-snp-milan-vcek"
}
```

**Type: Firmware Identity**

Use firmware to specify trusted firmware measurements.

* "name": Name of the firmware identity . For example, azure-dc2as-v5).

**Example**:

```json
{
  "name": "azure-dc2as-v5"
}
```

**Type: Workload Identity**

Use workload for specifying trusted application, VM, or container images and their attestation requirements.

* name: Name of the workload identity. For example, azure-sev-snp-vtpm-ubuntu-jammy.
* policy: Object specifying attestation requirements. For example, hash, pcrs.0.

**Example**:

```json
{
  "name": "azure-sev-snp-vtpm-ubuntu-jammy",
  "policy": {
    "hash": false,
    "pcrs.0": false
  }
}
```

**Type: Metadata**

Use metadata for attaching custom, user-defined attributes or tags to an identity for advanced policy, grouping, or informational purposes.

**Values**

* "attributes": An object containing key-value pairs representing metadata attributes such as environment, owner, project, region, and others.
* "description": (Optional) A string providing a human-readable description of the metadata or its purpose.

**Example:**

```json
{
  "attributes": {
    "environment": "production",
    "owner": "dba-team",
    "region": "us-east-1"
  },
  "description": "Metadata for production database workloads in us-east-1"
}
```

**Detailed Explanation**

* "attributes": An object containing arbitrary key-value pairs that represent metadata tags or properties. Use this to add contextual information to an identity, such as environment, owner, project, or region. This is useful for advanced policy enforcement, grouping, or filtering.
* "description" (optional): A human-readable string describing the metadata or its intended use. Use this to provide additional context for administrators or automation.

For more information, see [create policy](https://docs.enclaive.cloud/nitride/tutorials/attestation-blueprint-1/create-policy) that is critical for enabling secure workload attestation and enforcing trust requirements for the underlying platform, firmware, and workload.