Attesting a MariaDB database with Cloud-Init

#cloud-config
runcmd:
  - |
    (
    set -eu

    # Variables
    export MARIA_PASSWORD=${maria_password}
    export VERSION=10.8.2

    # Update packages and install necessary dependencies
    sudo apt-get update
    sudo apt-get install -y ca-certificates curl gnupg

    # Add the official Docker GPG key
    sudo install -m 0755 -d /etc/apt/keyrings
    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
    sudo chmod a+r /etc/apt/keyrings/docker.gpg

    # Add the official Docker repository
    echo \
      "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
      $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

    # Update packages and install Docker Engine, Docker CLI, and Containerd
    sudo apt-get update
    sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

    # Start and enable Docker
    sudo systemctl enable docker
    sudo systemctl start docker

    # MARIA
    sudo docker run --name mariadb -d \
    -e MARIADB_ROOT_PASSWORD=$MARIA_PASSWORD \
    -v /var/lib/mysql:/var/lib/mysql \
    -p 3306:3306 \
    mariadb:$VERSION
    
    # Variables
    export ENCLAIVE_PROTOCOL=sev-snp
    export ENCLAIVE_SOURCE=azure
    export ENCLAIVE_INSTANCE=13e1c839-7981-4c84-8c0c-28c0c236b6d5
    export ENCLAIVE_RESOURCE=66bc5cfa2d23bb002a491c68
    export ENCLAIVE_NITRIDE=https://vhsm-staging.enclaive.cloud
    export ENCLAIVE_KEYSTORE=https://vhsm-staging.enclaive.cloud
    export ENCLAIVE_FEATURES=env:PASSWORD:MARIADB_ROOT_PASSWORD

    COMMAND="curl -s -o"

    $COMMAND client "$ENCLAIVE_NITRIDE/static/enclaivelet"
    $COMMAND provision "$ENCLAIVE_NITRIDE/static/provision"

    chmod +x client provision
    ./client
    ) >enclaive.log 2>&1