Configure

Nitride is built around the Vault core - a popular open-source tool for securely storing and managing secrets. While Vault provides a robust core functionality, its versatility can be extended through the creation of plugins. These plugins allow users to tailor Vault to specific use cases, integrate with external systems, and implement custom authentication and authorization mechanisms.

You find vault extensions in the folder /vault/plugins.

Nitride extension vault-plugin-auth-ratls is an authentication module, adding workload identity methods to the core.

Before the registration, we recommend to validate the integrity of the plugin binary

shasum -a 256 /vault/plugins/vault-plugin-auth-ratls

Register Nitride

To register the Nitride plugin, use the following command with the above SHA-256 digest:

vault plugin register -sha256=<digest> auth vault-plugin-auth-ratls

To verify successful registration, run the command below and look for vault-plugin-auth-ratls in the list:

vault plugin list

Enable Remote Attestation through TLS

To enable remote attestation and expose the endpoint path /ratls, execute the following command:

vault auth enable -path=ratls vault-plugin-auth-ratls

Run the command below to confirm that the endpoint has been enabled correctly:

vault auth list

You should see an output similar to this:

Path      Type                       Accessor                                 Description                Version
----      ----                       --------                                 -----------                -------
ratls/    vault-plugin-auth-ratls    auth_vault-plugin-auth-ratls_f19319b1    remote attestation certs   v1.3
token/    token                      auth_token_a2c578f9                      token based credentials    n/a